From 3fac29436aadbe33228938b038dc639114d398b1 Mon Sep 17 00:00:00 2001 From: Torben Sorensen Date: Sat, 17 Jan 2026 14:34:18 -0800 Subject: [PATCH] still fixin test --- CLAUDE.md | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 3 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index dbd14c85..b4a5156e 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -293,7 +293,7 @@ To add a new secret (e.g., `SENTRY_DSN`): **Shared (used by both environments):** -- `DB_HOST`, `DB_USER`, `DB_PASSWORD` - Database credentials +- `DB_HOST` - Database host (shared PostgreSQL server) - `JWT_SECRET` - Authentication - `GOOGLE_MAPS_API_KEY` - Google Maps - `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET` - Google OAuth @@ -301,14 +301,16 @@ To add a new secret (e.g., `SENTRY_DSN`): **Production-specific:** -- `DB_DATABASE_PROD` - Production database name +- `DB_USER_PROD`, `DB_PASSWORD_PROD` - Production database credentials (`flyer_crawler_prod`) +- `DB_DATABASE_PROD` - Production database name (`flyer-crawler`) - `REDIS_PASSWORD_PROD` - Redis password (uses database 0) - `VITE_GOOGLE_GENAI_API_KEY` - Gemini API key for production - `SENTRY_DSN`, `VITE_SENTRY_DSN` - Bugsink error tracking DSNs (production projects) **Test-specific:** -- `DB_DATABASE_TEST` - Test database name +- `DB_USER_TEST`, `DB_PASSWORD_TEST` - Test database credentials (`flyer_crawler_test`) +- `DB_DATABASE_TEST` - Test database name (`flyer-crawler-test`) - `REDIS_PASSWORD_TEST` - Redis password (uses database 1 for isolation) - `VITE_GOOGLE_GENAI_API_KEY_TEST` - Gemini API key for test - `SENTRY_DSN_TEST`, `VITE_SENTRY_DSN_TEST` - Bugsink error tracking DSNs (test projects) @@ -322,6 +324,55 @@ The test environment (`flyer-crawler-test.projectium.com`) uses **both** Gitea C - **Redis database 1**: Isolates test job queues from production (which uses database 0) - **PM2 process names**: Suffixed with `-test` (e.g., `flyer-crawler-api-test`) +### Database User Setup (Test Environment) + +**CRITICAL**: The test database requires specific PostgreSQL permissions to be configured manually. Schema ownership alone is NOT sufficient - explicit privileges must be granted. + +**Database Users:** + +| User | Database | Purpose | +| -------------------- | -------------------- | ---------- | +| `flyer_crawler_prod` | `flyer-crawler` | Production | +| `flyer_crawler_test` | `flyer-crawler-test` | Testing | + +**Required Setup Commands** (run as `postgres` superuser): + +```bash +# Connect as postgres superuser +sudo -u postgres psql + +# Create the test database and user (if not exists) +CREATE DATABASE "flyer-crawler-test"; +CREATE USER flyer_crawler_test WITH PASSWORD 'your-password-here'; + +# Grant ownership and privileges +ALTER DATABASE "flyer-crawler-test" OWNER TO flyer_crawler_test; +\c "flyer-crawler-test" +ALTER SCHEMA public OWNER TO flyer_crawler_test; +GRANT CREATE, USAGE ON SCHEMA public TO flyer_crawler_test; + +# Create required extension (must be done by superuser) +CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; +``` + +**Why These Steps Are Necessary:** + +1. **Schema ownership alone is insufficient** - PostgreSQL requires explicit `GRANT CREATE, USAGE` privileges even when the user owns the schema +2. **uuid-ossp extension** - Required by the application for UUID generation; must be created by a superuser before the app can use it +3. **Separate users for prod/test** - Prevents accidental cross-environment data access; each environment has its own credentials in Gitea secrets + +**Verification:** + +```bash +# Check schema privileges (should show 'UC' for flyer_crawler_test) +psql -d "flyer-crawler-test" -c "\dn+ public" + +# Expected output: +# Name | Owner | Access privileges +# -------+--------------------+------------------------------------------ +# public | flyer_crawler_test | flyer_crawler_test=UC/flyer_crawler_test +``` + ### Dev Container Environment The dev container runs its own **local Bugsink instance** - it does NOT connect to the production Bugsink server: