Clean up hardcoded Auth
Closed this issue · 2 comments
Niicck commented
- Change default master/api password
- Create different API users/permissions
- Update api username/password
- Remove hardcoded auth in js code
- Remove hardcoded auth in sql code
- Create different passwords for prod vs dev deployments
Niicck commented
Updating an old schema file requires hacking the "migrations" table. Manually set the hash for the updated schema file. Do an inert update on other migration files so that they stay in the same order in the db. This is the only way for our node migration library to accept the hack.
update migrations set id=0 where id=0;
update migrations set hash='ff8e4e1d17991c247dc48b93864181beb5671372' where id=1;
update migrations set id=2 where id=2;
update migrations set id=3 where id=3;
update migrations set id=4 where id=4;
update migrations set id=5 where id=5;
update migrations set id=6 where id=6;
update migrations set id=7 where id=7;
update migrations set id=8 where id=8;
update migrations set id=9 where id=9;
update migrations set id=10 where id=10;
update migrations set id=11 where id=11;
Niicck commented
Also need to manually set floods_graphql role on existing dev and master environments for the initial merge.
drop role floods_postgraphql;
create role floods_graphql login password 'xxx';
grant floods_super_admin to floods_graphql;
grant floods_password_resetter to floods_graphql;