cb95a916ae
- Add verify-migration.js script for testing database migrations - Add database config module for centralized configuration - Add chutes.txt prompt for system responses - Update database implementation and testing documentation - Add database migration and setup scripts - Update session system and LLM tool configuration - Update deployment checklist and environment example - Update Dockerfile and docker-compose configuration
7.8 KiB
7.8 KiB
Testing Guide: Secure Database Implementation
This guide walks you through testing the secure database implementation locally and in a container.
Prerequisites
- Node.js 20+ installed
- Docker installed (for container testing)
- OpenSSL (for generating keys)
Local Testing
1. Install Dependencies
cd chat
npm install
2. Generate Encryption Keys
export DATABASE_ENCRYPTION_KEY=$(openssl rand -hex 32)
export JWT_SECRET=$(openssl rand -hex 32)
echo "Save these keys for future use:"
echo "DATABASE_ENCRYPTION_KEY=$DATABASE_ENCRYPTION_KEY"
echo "JWT_SECRET=$JWT_SECRET"
3. Setup Database
node scripts/setup-database.js
Expected output:
✅ Database connected
✅ Database schema created
✅ Database tables created: users, sessions, refresh_tokens, etc.
4. Test Encryption
cat > test-encryption.js << 'EOF'
const { initEncryption, encrypt, decrypt } = require('./src/utils/encryption');
const crypto = require('crypto');
const key = crypto.randomBytes(32).toString('hex');
initEncryption(key);
const plaintext = 'sensitive@email.com';
const encrypted = encrypt(plaintext);
const decrypted = decrypt(encrypted);
console.log('✅ Encryption test:', plaintext === decrypted ? 'PASSED' : 'FAILED');
EOF
node test-encryption.js
rm test-encryption.js
5. Test Repositories
cat > test-repos.js << 'EOF'
const { initDatabase, closeDatabase } = require('./src/database/connection');
const { initEncryption } = require('./src/utils/encryption');
const userRepo = require('./src/repositories/userRepository');
const crypto = require('crypto');
initEncryption(process.env.DATABASE_ENCRYPTION_KEY);
initDatabase('./.data/shopify_ai.db');
const user = userRepo.createUser({
id: 'test123',
email: 'test@example.com',
passwordHash: '$2b$12$test',
emailVerified: true
});
console.log('✅ User created:', user.email);
const found = userRepo.getUserById('test123');
console.log('✅ User retrieved:', found.email);
userRepo.deleteUser('test123');
console.log('✅ User deleted');
closeDatabase();
EOF
node test-repos.js
rm test-repos.js
6. Test Migration
Create sample JSON data:
mkdir -p .data
cat > .data/users.json << 'EOF'
[
{
"id": "user1",
"email": "test@example.com",
"passwordHash": "$2b$12$test",
"emailVerified": true,
"plan": "professional"
}
]
EOF
cat > .data/user-sessions.json << 'EOF'
{
"token123": {
"id": "session1",
"userId": "user1",
"expiresAt": 9999999999999
}
}
EOF
Run migration:
# Remove existing database
rm -f .data/shopify_ai.db*
# Setup fresh database
node scripts/setup-database.js
# Run migration
node scripts/migrate-to-database.js
Expected output:
✅ Migration complete!
Users: ✓ Success: 1
Sessions: ✓ Success: 1
7. Test JSON Compatibility Mode
# Switch to JSON mode
export USE_JSON_DATABASE=1
# Your app should now use JSON files instead of database
# (Integration with server.js needed)
Container Testing
1. Build Container
cd /home/runner/work/shopify-ai-backup/shopify-ai-backup
docker build -t shopify-ai-builder:test .
2. Run Container with Environment Variables
docker run -d \
--name shopify-ai-test \
-p 4500:4500 \
-e DATABASE_ENCRYPTION_KEY=$(openssl rand -hex 32) \
-e JWT_SECRET=$(openssl rand -hex 32) \
-v shopify-data:/home/web/data \
shopify-ai-builder:test
3. Check Logs
docker logs shopify-ai-test
Expected in logs:
🔍 Checking database status...
🔧 Database not found, setting up new database...
⚠️ Generated new encryption key (save this!)
✅ Database setup complete!
4. Verify Database Created
docker exec shopify-ai-test ls -lh /home/web/data/.data/
Expected output:
shopify_ai.db
shopify_ai.db-wal
shopify_ai.db-shm
.encryption_key
.jwt_secret
5. Test Auto-Initialization on Restart
# Restart container
docker restart shopify-ai-test
# Check logs
docker logs shopify-ai-test | tail -20
Expected:
✅ Database already exists
6. Test Migration in Container
# Copy sample JSON files
docker exec shopify-ai-test sh -c 'cat > /home/web/data/.data/users.json << EOF
[{"id":"user1","email":"test@example.com","passwordHash":"test"}]
EOF'
# Run migration
docker exec shopify-ai-test node /opt/webchat/scripts/migrate-to-database.js
7. Verify Tables
docker exec shopify-ai-test sqlcipher /home/web/data/.data/shopify_ai.db "PRAGMA key = '$DATABASE_ENCRYPTION_KEY'; .tables"
Expected output:
affiliate_accounts payment_sessions token_blacklist
affiliates refresh_tokens users
audit_log sessions withdrawals
contact_messages feature_requests
8. Check Encryption Keys Persisted
docker exec shopify-ai-test cat /home/web/data/.data/.encryption_key
docker exec shopify-ai-test cat /home/web/data/.data/.jwt_secret
Save these keys to your environment configuration!
9. Test JSON Fallback Mode
# Stop container
docker stop shopify-ai-test
docker rm shopify-ai-test
# Start with JSON mode
docker run -d \
--name shopify-ai-test \
-p 4500:4500 \
-e USE_JSON_DATABASE=1 \
-v shopify-data:/home/web/data \
shopify-ai-builder:test
# Check logs
docker logs shopify-ai-test | grep "JSON"
Expected:
📁 Running in JSON compatibility mode
10. Cleanup
docker stop shopify-ai-test
docker rm shopify-ai-test
docker volume rm shopify-data
Production Deployment
Environment Variables Required
# Required
DATABASE_ENCRYPTION_KEY=<64-char-hex> # Generate: openssl rand -hex 32
JWT_SECRET=<64-char-hex> # Generate: openssl rand -hex 32
# Optional
DATABASE_PATH=./.data/shopify_ai.db
DATABASE_BACKUP_ENABLED=1
DATABASE_WAL_MODE=1
USE_JSON_DATABASE=0 # Set to 1 for JSON mode
JWT_ACCESS_TOKEN_TTL=900 # 15 minutes
JWT_REFRESH_TOKEN_TTL=604800 # 7 days
First Deployment
- Generate keys and save them securely
- Deploy container with environment variables
- Verify logs show database initialization
- Save generated keys from logs if not pre-set
- Test authentication (once integrated)
Subsequent Deployments
- Use same keys from first deployment
- Database persists via volume
- No migration needed unless upgrading from JSON
Rollback to JSON
If issues occur:
- Set
USE_JSON_DATABASE=1 - Restart container
- System uses JSON files
- Original JSON backups preserved
Troubleshooting
Database Not Found
# Check data directory
ls -la /home/web/data/.data/
# Re-run initialization
node scripts/init-database.js
Encryption Error
# Verify key is 64 characters (hex)
echo $DATABASE_ENCRYPTION_KEY | wc -c # Should be 65 (64 + newline)
# Regenerate if needed
export DATABASE_ENCRYPTION_KEY=$(openssl rand -hex 32)
Migration Failed
# Check JSON files exist
ls -la .data/*.json
# Check database exists
ls -la .data/shopify_ai.db
# View backup
ls -la .data/migration_backup_*/
Permission Issues
# In container
chown -R root:root /home/web/data
chmod -R 755 /home/web/data
Security Checklist
- Encryption keys generated securely
- Keys stored in secure environment (not in code)
- Database file permissions restricted (600/700)
- Backup encryption keys offline
- Test rollback procedure
- Verify audit logging works
- Test session revocation
- Test token refresh
Next Steps
- ✅ Database implementation complete
- ✅ Encryption working
- ✅ Migration tested
- ⏳ Integrate with server.js authentication
- ⏳ Add auth API endpoints
- ⏳ End-to-end testing
- ⏳ Production deployment
Support
For issues:
- Check logs:
docker logs <container> - Verify environment variables
- Test locally first
- Review DATABASE_IMPLEMENTATION.md