Skip to content

fix(safety): 数据库安全防护 - 防止跨项目数据丢失#84

Open
dav-niu474 wants to merge 1 commit into
mainfrom
fix/database-safety-guard
Open

fix(safety): 数据库安全防护 - 防止跨项目数据丢失#84
dav-niu474 wants to merge 1 commit into
mainfrom
fix/database-safety-guard

Conversation

@dav-niu474

@dav-niu474 dav-niu474 commented Jun 11, 2026

Copy link
Copy Markdown
Owner

问题

另一个项目 magic-story-ai 的 Prisma schema 包含 schemas = ["magic_story", "public"]
当运行 prisma migrateprisma db push 时,执行了 DROP SCHEMA public CASCADE
导致 huobao-drama-ai 的所有数据被销毁

数据库中检测到 DROP SCHEMA "public" CASCADE 被执行了 9 次。

证据

  • pg_stat_statements 显示 DROP SCHEMA "public" CASCADE 执行了 9 次
  • _prisma_migrations 中有 20260611064636_init_magic_story_schema 迁移记录(2026-06-11 06:46 UTC)
  • Drama 表 0 行,User 表仅剩 build 脚本创建的 admin 账号
  • magic-story-ai 仓库已修复(移除 "public" from schemas 列表)

修复内容

  1. magic-story-ai 已修复:移除 Prisma schema 中的 "public",只保留 "magic_story"
  2. huobao-drama-ai 构建脚本增强:添加安全注释,明确禁止使用 --accept-data-loss
  3. 数据恢复:需要检查 Supabase 是否有 PITR(Pro 计划支持),恢复到 2026-06-11 06:46 UTC 之前

数据恢复方式

  1. 如果 Supabase 是 Pro 计划:
  2. 如果是 Free 计划:数据无法恢复,需要重新创建

fix(safety): Add data protection comments to build script
da86648 
- Add explicit safety comments about not using --accept-data-loss
- Add fallback message directing to /api/migrate for fresh databases
- Document that /api/migrate route handles schema changes safely
- Prevent accidental data destruction during build
@vercel

vercel Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
huobao-drama-ai Ready Ready Preview, Comment Jun 11, 2026 8:12am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dav-niu474