fc5: fix GS export script — use async engine + correct imports, designed for in-container exec

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-22 20:51:32 -04:00
parent d47b4c8a64
commit 908c95f690
+83 -58
View File
@@ -11,71 +11,105 @@ Credentials are decrypted in this script's process using GS's secret_key
ingest with its own Fernet key. The output JSON contains plaintext
credentials — delete it after the FC ingest completes.
Usage:
python scripts/export_for_fabledcurator.py --secret-key "$SECRET_KEY" > gs-export.json
Designed to run INSIDE the live GS container:
docker cp scripts/export_for_fabledcurator.py <gs_container>:/app/scripts/
docker exec -w /app <gs_container> python scripts/export_for_fabledcurator.py \\
--secret-key "$SECRET_KEY" > ~/gs-export.json
The container has GS's Python deps (asyncpg, sqlalchemy, cryptography)
and the runtime env vars (DATABASE_URL, SECRET_KEY) already set.
"""
from __future__ import annotations
import argparse
import asyncio
import json
import os
import sys
from datetime import UTC, datetime
# Bootstrap GS's app context.
sys.path.insert(0, "backend")
from app import create_app # noqa: E402
from app.database import get_session # noqa: E402
# Ensure the container's WORKDIR (/app) is on sys.path so the GS package
# `app.*` imports resolve. Container layout: /app/app/ is the package.
sys.path.insert(0, os.getcwd())
from sqlalchemy import select # noqa: E402
from sqlalchemy.ext.asyncio import ( # noqa: E402
AsyncSession,
async_sessionmaker,
create_async_engine,
)
from app.models.credential import Credential # noqa: E402
from app.models.source import Source # noqa: E402
from app.models.subscription import Subscription # noqa: E402
from app.utils.encryption import decrypt_data # noqa: E402
def _export_subscriptions(session) -> list[dict]:
"""Subscriptions with nested sources."""
out: list[dict] = []
for sub in session.query(Subscription).all():
sources_out: list[dict] = []
for src in sub.sources or []:
sources_out.append({
"platform": src.platform,
"url": src.url,
"enabled": bool(src.enabled),
"check_interval": int(src.check_interval or 28800),
"metadata": src.metadata_ or {},
})
out.append({
"name": sub.name,
"enabled": bool(sub.enabled),
"metadata": sub.metadata_ or {},
"sources": sources_out,
})
return out
def _async_database_url() -> str:
"""Resolve GS's async DB URL the same way app.config.Settings does."""
url = os.environ.get("DATABASE_URL")
if not url:
# GS's default fallback chain — should rarely fire in prod since
# the container's DATABASE_URL is set by compose.
url = "postgresql://gdl:password@localhost:5432/gallery_subscriber"
return url.replace("postgresql://", "postgresql+asyncpg://")
def _export_credentials(session, secret_key: str) -> list[dict]:
"""Credentials decrypted to plaintext (FC re-encrypts on ingest)."""
out: list[dict] = []
for cred in session.query(Credential).all():
try:
plaintext = decrypt_data(cred.data, secret_key)
except Exception as exc:
print(
f"WARNING: failed to decrypt credential for "
f"platform={cred.platform!r}: {exc}",
file=sys.stderr,
)
continue
out.append({
"platform": cred.platform,
"credential_type": cred.credential_type,
"plaintext": plaintext,
"expires_at": (
cred.expires_at.isoformat() if cred.expires_at else None
),
})
return out
async def _export_async(secret_key: str) -> dict:
engine = create_async_engine(_async_database_url())
Session = async_sessionmaker(engine, expire_on_commit=False, class_=AsyncSession)
try:
async with Session() as session:
subs_out: list[dict] = []
subs = (await session.execute(select(Subscription))).scalars().all()
for sub in subs:
srcs = (await session.execute(
select(Source).where(Source.subscription_id == sub.id)
)).scalars().all()
sources_out = [{
"platform": s.platform,
"url": s.url,
"enabled": bool(s.enabled),
"check_interval": int(s.check_interval or 28800),
"metadata": s.metadata_ or {},
} for s in srcs]
subs_out.append({
"name": sub.name,
"enabled": bool(sub.enabled),
"metadata": sub.metadata_ or {},
"sources": sources_out,
})
creds_out: list[dict] = []
creds = (await session.execute(select(Credential))).scalars().all()
for cred in creds:
try:
plaintext = decrypt_data(cred.data, secret_key)
except Exception as exc:
print(
f"WARNING: failed to decrypt credential for "
f"platform={cred.platform!r}: {exc}",
file=sys.stderr,
)
continue
creds_out.append({
"platform": cred.platform,
"credential_type": cred.credential_type,
"plaintext": plaintext,
"expires_at": (
cred.expires_at.isoformat() if cred.expires_at else None
),
})
return {
"source_app": "gallerysubscriber",
"schema_version": 1,
"exported_at": datetime.now(UTC).isoformat(),
"subscriptions": subs_out,
"credentials": creds_out,
}
finally:
await engine.dispose()
def main() -> None:
@@ -93,16 +127,7 @@ def main() -> None:
)
sys.exit(2)
app = create_app()
with app.app_context():
with get_session() as session:
export = {
"source_app": "gallerysubscriber",
"schema_version": 1,
"exported_at": datetime.now(UTC).isoformat(),
"subscriptions": _export_subscriptions(session),
"credentials": _export_credentials(session, args.secret_key),
}
export = asyncio.run(_export_async(args.secret_key))
json.dump(export, sys.stdout, indent=2)
sys.stdout.write("\n")