@optima-chat/dev-skills 0.7.10 → 0.7.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/helpers/query-db.ts +11 -30
- package/dist/bin/helpers/query-db.js +11 -26
- package/package.json +1 -1
package/bin/helpers/query-db.ts
CHANGED
|
@@ -40,7 +40,7 @@ const SERVICE_DB_MAP = {
|
|
|
40
40
|
},
|
|
41
41
|
'session-gateway': {
|
|
42
42
|
ci: null, // CI 环境暂无 session-gateway 数据库
|
|
43
|
-
stage: { userKey: '
|
|
43
|
+
stage: { userKey: 'AI_SHELL_DB_USER', passwordKey: 'AI_SHELL_DB_PASSWORD', database: 'optima_shell' },
|
|
44
44
|
prod: { userKey: 'AI_SHELL_DB_USER', passwordKey: 'AI_SHELL_DB_PASSWORD', database: 'optima_ai_shell' }
|
|
45
45
|
}
|
|
46
46
|
};
|
|
@@ -75,14 +75,14 @@ function getInfisicalToken(config: InfisicalConfig): string {
|
|
|
75
75
|
return JSON.parse(response).accessToken;
|
|
76
76
|
}
|
|
77
77
|
|
|
78
|
-
function getInfisicalSecrets(config: InfisicalConfig, token: string, environment: string): Record<string, string> {
|
|
78
|
+
function getInfisicalSecrets(config: InfisicalConfig, token: string, environment: string, secretPath: string): Record<string, string> {
|
|
79
79
|
const response = execSync(
|
|
80
|
-
`curl -s "${config.url}/api/v3/secrets/raw?workspaceId=${config.projectId}&environment=${environment}&secretPath
|
|
80
|
+
`curl -s "${config.url}/api/v3/secrets/raw?workspaceId=${config.projectId}&environment=${environment}&secretPath=${secretPath}" -H "Authorization: Bearer ${token}"`,
|
|
81
81
|
{ encoding: 'utf-8' }
|
|
82
82
|
);
|
|
83
83
|
const data = JSON.parse(response);
|
|
84
84
|
const secrets: Record<string, string> = {};
|
|
85
|
-
for (const secret of data.secrets) {
|
|
85
|
+
for (const secret of data.secrets || []) {
|
|
86
86
|
secrets[secret.secretKey] = secret.secretValue;
|
|
87
87
|
}
|
|
88
88
|
return secrets;
|
|
@@ -214,42 +214,23 @@ async function main() {
|
|
|
214
214
|
{ encoding: 'utf-8' }
|
|
215
215
|
);
|
|
216
216
|
|
|
217
|
-
console.log('\n' + result);
|
|
218
|
-
} else if (environment === 'stage') {
|
|
219
|
-
// Stage 环境:直连 RDS(Stage RDS 在公有子网,可以本地直连)
|
|
220
|
-
const infisicalConfig = getInfisicalConfig();
|
|
221
|
-
console.log('✓ Loaded Infisical config from GitHub Variables');
|
|
222
|
-
|
|
223
|
-
const token = getInfisicalToken(infisicalConfig);
|
|
224
|
-
console.log('✓ Obtained Infisical access token');
|
|
225
|
-
|
|
226
|
-
const secrets = getInfisicalSecrets(infisicalConfig, token, 'staging');
|
|
227
|
-
console.log('✓ Retrieved database credentials from Infisical');
|
|
228
|
-
|
|
229
|
-
const { userKey, passwordKey, database } = serviceConfig as any;
|
|
230
|
-
const dbHost = RDS_HOSTS.stage;
|
|
231
|
-
const dbUser = secrets[userKey];
|
|
232
|
-
const dbPassword = secrets[passwordKey];
|
|
233
|
-
|
|
234
|
-
if (!dbUser || !dbPassword) {
|
|
235
|
-
throw new Error(`Database credentials not found in Infisical for ${service}. Keys: ${userKey}, ${passwordKey}`);
|
|
236
|
-
}
|
|
237
|
-
|
|
238
|
-
const result = queryDatabase(dbHost, 5432, dbUser, dbPassword, database, sql);
|
|
239
217
|
console.log('\n' + result);
|
|
240
218
|
} else {
|
|
241
|
-
// Prod 环境:通过 SSH 隧道访问 RDS
|
|
219
|
+
// Stage/Prod 环境:通过 SSH 隧道访问 RDS
|
|
242
220
|
const infisicalConfig = getInfisicalConfig();
|
|
243
221
|
console.log('✓ Loaded Infisical config from GitHub Variables');
|
|
244
222
|
|
|
245
223
|
const token = getInfisicalToken(infisicalConfig);
|
|
246
224
|
console.log('✓ Obtained Infisical access token');
|
|
247
225
|
|
|
248
|
-
|
|
226
|
+
// 数据库凭证存储在 Infisical 的 /shared-secrets/database-users 路径
|
|
227
|
+
// Stage 从 staging 环境读取,Prod 从 prod 环境读取
|
|
228
|
+
const infisicalEnv = environment === 'stage' ? 'staging' : 'prod';
|
|
229
|
+
const secrets = getInfisicalSecrets(infisicalConfig, token, infisicalEnv, '/shared-secrets/database-users');
|
|
249
230
|
console.log('✓ Retrieved database credentials from Infisical');
|
|
250
231
|
|
|
251
232
|
const { userKey, passwordKey, database } = serviceConfig as any;
|
|
252
|
-
const dbHost = RDS_HOSTS
|
|
233
|
+
const dbHost = RDS_HOSTS[environment as 'stage' | 'prod'];
|
|
253
234
|
const dbUser = secrets[userKey];
|
|
254
235
|
const dbPassword = secrets[passwordKey];
|
|
255
236
|
|
|
@@ -257,7 +238,7 @@ async function main() {
|
|
|
257
238
|
throw new Error(`Database credentials not found in Infisical for ${service}. Keys: ${userKey}, ${passwordKey}`);
|
|
258
239
|
}
|
|
259
240
|
|
|
260
|
-
const localPort = 15433;
|
|
241
|
+
const localPort = environment === 'stage' ? 15432 : 15433;
|
|
261
242
|
|
|
262
243
|
setupSSHTunnel(EC2_HOST, dbHost, localPort);
|
|
263
244
|
|
|
@@ -59,7 +59,7 @@ const SERVICE_DB_MAP = {
|
|
|
59
59
|
},
|
|
60
60
|
'session-gateway': {
|
|
61
61
|
ci: null, // CI 环境暂无 session-gateway 数据库
|
|
62
|
-
stage: { userKey: '
|
|
62
|
+
stage: { userKey: 'AI_SHELL_DB_USER', passwordKey: 'AI_SHELL_DB_PASSWORD', database: 'optima_shell' },
|
|
63
63
|
prod: { userKey: 'AI_SHELL_DB_USER', passwordKey: 'AI_SHELL_DB_PASSWORD', database: 'optima_ai_shell' }
|
|
64
64
|
}
|
|
65
65
|
};
|
|
@@ -85,11 +85,11 @@ function getInfisicalToken(config) {
|
|
|
85
85
|
const response = (0, child_process_1.execSync)(`curl -s -X POST "${config.url}/api/v1/auth/universal-auth/login" -H "Content-Type: application/json" -d '{"clientId": "${config.clientId}", "clientSecret": "${config.clientSecret}"}'`, { encoding: 'utf-8' });
|
|
86
86
|
return JSON.parse(response).accessToken;
|
|
87
87
|
}
|
|
88
|
-
function getInfisicalSecrets(config, token, environment) {
|
|
89
|
-
const response = (0, child_process_1.execSync)(`curl -s "${config.url}/api/v3/secrets/raw?workspaceId=${config.projectId}&environment=${environment}&secretPath
|
|
88
|
+
function getInfisicalSecrets(config, token, environment, secretPath) {
|
|
89
|
+
const response = (0, child_process_1.execSync)(`curl -s "${config.url}/api/v3/secrets/raw?workspaceId=${config.projectId}&environment=${environment}&secretPath=${secretPath}" -H "Authorization: Bearer ${token}"`, { encoding: 'utf-8' });
|
|
90
90
|
const data = JSON.parse(response);
|
|
91
91
|
const secrets = {};
|
|
92
|
-
for (const secret of data.secrets) {
|
|
92
|
+
for (const secret of data.secrets || []) {
|
|
93
93
|
secrets[secret.secretKey] = secret.secretValue;
|
|
94
94
|
}
|
|
95
95
|
return secrets;
|
|
@@ -195,40 +195,25 @@ async function main() {
|
|
|
195
195
|
const result = (0, child_process_1.execSync)(`sshpass -p "${ciPassword}" ssh -o StrictHostKeyChecking=no ${ciUser}@${ciHost} "docker exec ${container} psql -U ${user} -d ${database} -c \\"${sql}\\""`, { encoding: 'utf-8' });
|
|
196
196
|
console.log('\n' + result);
|
|
197
197
|
}
|
|
198
|
-
else if (environment === 'stage') {
|
|
199
|
-
// Stage 环境:直连 RDS(Stage RDS 在公有子网,可以本地直连)
|
|
200
|
-
const infisicalConfig = getInfisicalConfig();
|
|
201
|
-
console.log('✓ Loaded Infisical config from GitHub Variables');
|
|
202
|
-
const token = getInfisicalToken(infisicalConfig);
|
|
203
|
-
console.log('✓ Obtained Infisical access token');
|
|
204
|
-
const secrets = getInfisicalSecrets(infisicalConfig, token, 'staging');
|
|
205
|
-
console.log('✓ Retrieved database credentials from Infisical');
|
|
206
|
-
const { userKey, passwordKey, database } = serviceConfig;
|
|
207
|
-
const dbHost = RDS_HOSTS.stage;
|
|
208
|
-
const dbUser = secrets[userKey];
|
|
209
|
-
const dbPassword = secrets[passwordKey];
|
|
210
|
-
if (!dbUser || !dbPassword) {
|
|
211
|
-
throw new Error(`Database credentials not found in Infisical for ${service}. Keys: ${userKey}, ${passwordKey}`);
|
|
212
|
-
}
|
|
213
|
-
const result = queryDatabase(dbHost, 5432, dbUser, dbPassword, database, sql);
|
|
214
|
-
console.log('\n' + result);
|
|
215
|
-
}
|
|
216
198
|
else {
|
|
217
|
-
// Prod 环境:通过 SSH 隧道访问 RDS
|
|
199
|
+
// Stage/Prod 环境:通过 SSH 隧道访问 RDS
|
|
218
200
|
const infisicalConfig = getInfisicalConfig();
|
|
219
201
|
console.log('✓ Loaded Infisical config from GitHub Variables');
|
|
220
202
|
const token = getInfisicalToken(infisicalConfig);
|
|
221
203
|
console.log('✓ Obtained Infisical access token');
|
|
222
|
-
|
|
204
|
+
// 数据库凭证存储在 Infisical 的 /shared-secrets/database-users 路径
|
|
205
|
+
// Stage 从 staging 环境读取,Prod 从 prod 环境读取
|
|
206
|
+
const infisicalEnv = environment === 'stage' ? 'staging' : 'prod';
|
|
207
|
+
const secrets = getInfisicalSecrets(infisicalConfig, token, infisicalEnv, '/shared-secrets/database-users');
|
|
223
208
|
console.log('✓ Retrieved database credentials from Infisical');
|
|
224
209
|
const { userKey, passwordKey, database } = serviceConfig;
|
|
225
|
-
const dbHost = RDS_HOSTS
|
|
210
|
+
const dbHost = RDS_HOSTS[environment];
|
|
226
211
|
const dbUser = secrets[userKey];
|
|
227
212
|
const dbPassword = secrets[passwordKey];
|
|
228
213
|
if (!dbUser || !dbPassword) {
|
|
229
214
|
throw new Error(`Database credentials not found in Infisical for ${service}. Keys: ${userKey}, ${passwordKey}`);
|
|
230
215
|
}
|
|
231
|
-
const localPort = 15433;
|
|
216
|
+
const localPort = environment === 'stage' ? 15432 : 15433;
|
|
232
217
|
setupSSHTunnel(EC2_HOST, dbHost, localPort);
|
|
233
218
|
// 等待隧道建立
|
|
234
219
|
await new Promise(resolve => setTimeout(resolve, 1000));
|