From dc32f8f6d255d110c27e30aa09e5c8e4bfb5e8d5 Mon Sep 17 00:00:00 2001 From: "soroush.asadi" Date: Wed, 17 Jun 2026 00:40:14 +0330 Subject: [PATCH] diag: dump system admins --- .gitea/workflows/diag.yml | 49 ++++++++------------------------------- 1 file changed, 10 insertions(+), 39 deletions(-) diff --git a/.gitea/workflows/diag.yml b/.gitea/workflows/diag.yml index ecc2824..71c486d 100644 --- a/.gitea/workflows/diag.yml +++ b/.gitea/workflows/diag.yml @@ -3,48 +3,19 @@ on: push: branches: [diag/admin-otp] jobs: - otp: - name: "Diag · admin send-otp 404" + admins: + name: "Diag · system admins" runs-on: self-hosted - timeout-minutes: 6 + timeout-minutes: 4 env: PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin steps: - - name: CDN vs origin for POST + - name: Dump SystemAdmins run: | set -eu - probe() { # $1=label $2=method $3=url - echo "--- $1: $2 $3 ---" - curl -sk -o /tmp/body -D /tmp/hdr -X "$2" "$3" \ - -H 'content-type: application/json' -H 'origin: https://admin.meezi.ir' \ - --data '{"phoneNumber":"09120000000"}' --max-time 15 \ - -w 'HTTP=%{http_code} ct=%{content_type}\n' || echo "curl failed" - grep -iE '^(server|wcdn-status|wcdn-nfc-reason|content-type):' /tmp/hdr | sed 's/^/ hdr: /' || true - echo " body(head): $(head -c 160 /tmp/body | tr -d '\n')" - echo "" - } - echo "### Through public DNS (same path as the browser / WCDN edge) ###" - probe "ADMIN-API send-otp" POST "https://admin-api.meezi.ir/api/admin/auth/send-otp" - probe "ADMIN-API send-otp GET" GET "https://admin-api.meezi.ir/api/admin/auth/send-otp" - probe "MAIN-API send-otp" POST "https://api.meezi.ir/api/auth/send-otp" - - echo "### Bypass WCDN — hit the origin Caddy directly on the host ###" - # find the caddy/proxy container and its host-published 443, else use container IP - docker ps --format '{{.Names}} {{.Image}} {{.Ports}}' | grep -iE 'caddy|proxy|nginx|traefik' || true - CADDY=$(docker ps --format '{{.Names}}' | grep -iE 'caddy|proxy' | head -1 || true) - echo "caddy=$CADDY" - if [ -n "$CADDY" ]; then - IP=$(docker inspect "$CADDY" --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' | awk '{print $1}') - echo "caddy ip=$IP" - echo "--- ORIGIN admin-api POST (via --resolve to caddy) ---" - curl -sk -o /tmp/b2 -D /tmp/h2 -X POST "https://admin-api.meezi.ir/api/admin/auth/send-otp" \ - --resolve "admin-api.meezi.ir:443:$IP" -H 'content-type: application/json' \ - --data '{"phoneNumber":"09120000000"}' --max-time 15 \ - -w 'HTTP=%{http_code} ct=%{content_type}\n' || echo "curl failed" - grep -iE '^(server|content-type):' /tmp/h2 | sed 's/^/ hdr: /' || true - echo " body(head): $(head -c 200 /tmp/b2 | tr -d '\n')" - fi - echo "" - echo "### admin-api container + did the POST reach the app? ###" - docker inspect meezi-admin-api --format 'state={{.State.Status}} restarts={{.RestartCount}} started={{.State.StartedAt}}' || true - docker logs meezi-admin-api --since 8m 2>&1 | grep -iE 'send-otp|auth' | tail -15 || echo "(no send-otp lines in admin-api logs → request never reached it)" + U=$(docker exec meezi-db env | grep '^POSTGRES_USER=' | cut -d= -f2) + D=$(docker exec meezi-db env | grep '^POSTGRES_DB=' | cut -d= -f2) + echo "=== SystemAdmins (phone / username / active / deleted / has-password) ===" + docker exec meezi-db psql -U "$U" -d "$D" -c "SELECT \"Id\", \"Phone\", \"Username\", \"IsActive\", \"DeletedAt\", (\"PasswordHash\" IS NOT NULL) AS has_pw, \"CreatedAt\" FROM \"SystemAdmins\" ORDER BY \"CreatedAt\";" || true + echo "=== count ===" + docker exec meezi-db psql -U "$U" -d "$D" -t -c "SELECT count(*) FROM \"SystemAdmins\";" || true