roa2web-service-auto

romfast/roa2web-service-auto

Fork 0

Commit Graph

Author	SHA1	Message	Date
Marius Mutu	9008876b16	chore: Remove obsolete microservices directories and update all references - Delete data-entry-app/ (1.6GB), reports-app/ (447MB), .auto-build-data/ - Saved ~1.4GB disk space (64% reduction: 2.2GB → 845MB) Updated references across 38 files: - .claude/rules/ paths: backend/modules/, src/modules/ - .claude/commands/validate.md: all validation paths - docs/ (13 files): data-entry, telegram, README, CLAUDE.md - scripts/ (3 files): backup-secrets, restore-secrets, test-docker - security/ (2 files): git_cleanup, SECURITY_PROCEDURES - deployment/ & shared/: updated all stale comments All paths now reflect ultrathin monolith architecture: - Backend: backend/modules/{reports,data_entry,telegram}/ - Frontend: src/modules/{reports,data-entry}/ - Shared: shared/{auth,database,routes}/ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2025-12-30 12:08:20 +02:00
Marius Mutu	71f0fcaab0	Add secrets directory support to backup/restore scripts Extended backup and restore utilities to include the secrets/ directory containing SSH keys for Oracle server access. Changes: - backup-secrets.sh: Added SECRET_DIRS array to backup entire directories as tar archives - restore-secrets.sh: Added logic to detect and restore tar.enc directory archives - Both scripts now handle: * Individual .env files (as before) * Complete directories (new: secrets/ with SSH keys) Technical implementation: - Directories are archived with tar and piped directly to openssl for encryption - Uses tar -cf - to output to stdout, then pipes to openssl enc - Restore decrypts and extracts in one step: openssl \| tar -xf - - Preserves directory structure and file permissions Files backed up: - reports-app/backend/.env and .env.prod - reports-app/telegram-bot/.env and .env.prod - secrets/ directory (SSH keys: roa_oracle_server, .pub, .gitkeep) Backup structure now includes: - .env.enc (individual encrypted files) - secrets.tar.enc (encrypted tar archive of directory) Tested successfully with encryption/decryption cycle. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-11 12:44:34 +02:00
Marius Mutu	60346ff7da	Add encrypted secrets backup and restore utilities Implements secure backup system for environment configuration files (.env, .env.prod) containing sensitive credentials using AES-256-CBC encryption with OpenSSL. New utilities: - scripts/backup-secrets.sh: Encrypts and backs up all .env files to timestamped directory - scripts/restore-secrets.sh: Decrypts and restores .env files from backup - scripts/README.md: Complete documentation with usage examples and best practices Features: - AES-256-CBC encryption with PBKDF2 key derivation (strong encryption) - Interactive password prompts with confirmation - Non-interactive mode via BACKUP_PASSWORD environment variable - Automatic README generation in each backup with restore instructions - Color-coded output for better UX - Validation and error handling Backup structure: secrets-backup/ └── YYYY-MM-DD_HH-MM-SS/ ├── backend-.env.enc ├── backend-.env.prod.enc ├── telegram-bot-.env.enc ├── telegram-bot-.env.prod.enc └── README.md Updated .gitignore to allow committing encrypted .gpg/.enc files while blocking decrypted .env files in secrets-backup directory. Usage: ./scripts/backup-secrets.sh # Create encrypted backup ./scripts/restore-secrets.sh [backup-date] # Restore from backup Tested with OpenSSL (pre-installed on most systems). Provides secure way to version control and sync credentials across development and production environments. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-11 12:36:43 +02:00

Author

SHA1

Message

Date

Marius Mutu

9008876b16

chore: Remove obsolete microservices directories and update all references

- Delete data-entry-app/ (1.6GB), reports-app/ (447MB), .auto-build-data/
- Saved ~1.4GB disk space (64% reduction: 2.2GB → 845MB)

Updated references across 38 files:
- .claude/rules/ paths: backend/modules/, src/modules/
- .claude/commands/validate.md: all validation paths
- docs/ (13 files): data-entry, telegram, README, CLAUDE.md
- scripts/ (3 files): backup-secrets, restore-secrets, test-docker
- security/ (2 files): git_cleanup, SECURITY_PROCEDURES
- deployment/ & shared/: updated all stale comments

All paths now reflect ultrathin monolith architecture:
- Backend: backend/modules/{reports,data_entry,telegram}/
- Frontend: src/modules/{reports,data-entry}/
- Shared: shared/{auth,database,routes}/

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2025-12-30 12:08:20 +02:00

Marius Mutu

71f0fcaab0

Add secrets directory support to backup/restore scripts

Extended backup and restore utilities to include the secrets/ directory
containing SSH keys for Oracle server access.

Changes:
- backup-secrets.sh: Added SECRET_DIRS array to backup entire directories as tar archives
- restore-secrets.sh: Added logic to detect and restore tar.enc directory archives
- Both scripts now handle:
  * Individual .env files (as before)
  * Complete directories (new: secrets/ with SSH keys)

Technical implementation:
- Directories are archived with tar and piped directly to openssl for encryption
- Uses tar -cf - to output to stdout, then pipes to openssl enc
- Restore decrypts and extracts in one step: openssl | tar -xf -
- Preserves directory structure and file permissions

Files backed up:
- reports-app/backend/.env and .env.prod
- reports-app/telegram-bot/.env and .env.prod
- secrets/ directory (SSH keys: roa_oracle_server, *.pub, .gitkeep)

Backup structure now includes:
- *.env.enc (individual encrypted files)
- secrets.tar.enc (encrypted tar archive of directory)

Tested successfully with encryption/decryption cycle.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-11 12:44:34 +02:00

Marius Mutu

60346ff7da

Add encrypted secrets backup and restore utilities

Implements secure backup system for environment configuration files (.env, .env.prod)
containing sensitive credentials using AES-256-CBC encryption with OpenSSL.

New utilities:
- scripts/backup-secrets.sh: Encrypts and backs up all .env files to timestamped directory
- scripts/restore-secrets.sh: Decrypts and restores .env files from backup
- scripts/README.md: Complete documentation with usage examples and best practices

Features:
- AES-256-CBC encryption with PBKDF2 key derivation (strong encryption)
- Interactive password prompts with confirmation
- Non-interactive mode via BACKUP_PASSWORD environment variable
- Automatic README generation in each backup with restore instructions
- Color-coded output for better UX
- Validation and error handling

Backup structure:
secrets-backup/
└── YYYY-MM-DD_HH-MM-SS/
    ├── backend-.env.enc
    ├── backend-.env.prod.enc
    ├── telegram-bot-.env.enc
    ├── telegram-bot-.env.prod.enc
    └── README.md

Updated .gitignore to allow committing encrypted .gpg/.enc files while
blocking decrypted .env files in secrets-backup directory.

Usage:
./scripts/backup-secrets.sh                    # Create encrypted backup
./scripts/restore-secrets.sh [backup-date]     # Restore from backup

Tested with OpenSSL (pre-installed on most systems). Provides secure way to
version control and sync credentials across development and production environments.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-11 12:36:43 +02:00

3 Commits