hiderfong
6d70520e79
- 新增后端模块:Alert、APIAsset、Compliance、Lineage、Masking、Risk、SchemaChange、Unstructured、Watermark - 新增前端模块页面与API接口 - 新增Alembic迁移脚本(002-014)覆盖全量业务表 - 新增测试数据生成脚本与集成测试脚本 - 修复metadata模型JSON类型导入缺失导致启动失败的问题 - 修复前端Alert/APIAsset页面request模块路径错误 - 更新docker-compose与开发计划文档
42 lines
1.2 KiB
Python
42 lines
1.2 KiB
Python
"""Fix datasource password encryption stability
|
|
|
|
Revision ID: 002
|
|
Revises: 001
|
|
Create Date: 2026-04-23 14:00:00.000000
|
|
|
|
"""
|
|
from typing import Sequence, Union
|
|
|
|
from alembic import op
|
|
import sqlalchemy as sa
|
|
|
|
# revision identifiers, used by Alembic.
|
|
revision: str = "002"
|
|
down_revision: Union[str, None] = "001"
|
|
branch_labels: Union[str, Sequence[str], None] = None
|
|
depends_on: Union[str, Sequence[str], None] = None
|
|
|
|
|
|
def upgrade() -> None:
|
|
# Historical encrypted_password values are irrecoverable because
|
|
# the old implementation generated a random Fernet key on every startup.
|
|
# We clear the passwords and mark sources as inactive so admins re-enter them
|
|
# with the new stable key derived from DB_ENCRYPTION_KEY / SECRET_KEY.
|
|
op.add_column(
|
|
"data_source",
|
|
sa.Column("password_reset_required", sa.Boolean(), nullable=False, server_default=sa.text("false")),
|
|
)
|
|
op.execute(
|
|
"""
|
|
UPDATE data_source
|
|
SET encrypted_password = NULL,
|
|
status = 'inactive',
|
|
password_reset_required = true
|
|
WHERE encrypted_password IS NOT NULL
|
|
"""
|
|
)
|
|
|
|
|
|
def downgrade() -> None:
|
|
op.drop_column("data_source", "password_reset_required")
|