soroushdes/meezi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

diag: dump system admins
Diag / Diag · system admins (push) Successful in 0s
Details

Browse Source
This commit is contained in:
soroush.asadi
2026-06-17 00:40:14 +03:30
parent 130d867c45
commit dc32f8f6d2
1 changed files with 10 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/diag.yml
+10 -39
View File
@@ -3,48 +3,19 @@ on:
push: push:
branches: [diag/admin-otp] branches: [diag/admin-otp]
jobs: jobs:
otp: admins:
name: "Diag · admin send-otp 404" name: "Diag · system admins"
runs-on: self-hosted runs-on: self-hosted
timeout-minutes: 6 timeout-minutes: 4
env: env:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
steps: steps:
- name: CDN vs origin for POST - name: Dump SystemAdmins
run: | run: |
set -eu set -eu
probe() { # $1=label $2=method $3=url U=$(docker exec meezi-db env | grep '^POSTGRES_USER=' | cut -d= -f2)
echo "--- $1: $2 $3 ---" D=$(docker exec meezi-db env | grep '^POSTGRES_DB=' | cut -d= -f2)
curl -sk -o /tmp/body -D /tmp/hdr -X "$2" "$3" \ echo "=== SystemAdmins (phone / username / active / deleted / has-password) ==="
-H 'content-type: application/json' -H 'origin: https://admin.meezi.ir' \ docker exec meezi-db psql -U "$U" -d "$D" -c "SELECT \"Id\", \"Phone\", \"Username\", \"IsActive\", \"DeletedAt\", (\"PasswordHash\" IS NOT NULL) AS has_pw, \"CreatedAt\" FROM \"SystemAdmins\" ORDER BY \"CreatedAt\";" || true
--data '{"phoneNumber":"09120000000"}' --max-time 15 \ echo "=== count ==="
-w 'HTTP=%{http_code} ct=%{content_type}\n' || echo "curl failed" docker exec meezi-db psql -U "$U" -d "$D" -t -c "SELECT count(*) FROM \"SystemAdmins\";" || true
grep -iE '^(server|wcdn-status|wcdn-nfc-reason|content-type):' /tmp/hdr | sed 's/^/ hdr: /' || true
echo " body(head): $(head -c 160 /tmp/body | tr -d '\n')"
echo ""
}
echo "### Through public DNS (same path as the browser / WCDN edge) ###"
probe "ADMIN-API send-otp" POST "https://admin-api.meezi.ir/api/admin/auth/send-otp"
probe "ADMIN-API send-otp GET" GET "https://admin-api.meezi.ir/api/admin/auth/send-otp"
probe "MAIN-API send-otp" POST "https://api.meezi.ir/api/auth/send-otp"
echo "### Bypass WCDN — hit the origin Caddy directly on the host ###"
# find the caddy/proxy container and its host-published 443, else use container IP
docker ps --format '{{.Names}} {{.Image}} {{.Ports}}' | grep -iE 'caddy|proxy|nginx|traefik' || true
CADDY=$(docker ps --format '{{.Names}}' | grep -iE 'caddy|proxy' | head -1 || true)
echo "caddy=$CADDY"
if [ -n "$CADDY" ]; then
IP=$(docker inspect "$CADDY" --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}' | awk '{print $1}')
echo "caddy ip=$IP"
echo "--- ORIGIN admin-api POST (via --resolve to caddy) ---"
curl -sk -o /tmp/b2 -D /tmp/h2 -X POST "https://admin-api.meezi.ir/api/admin/auth/send-otp" \
--resolve "admin-api.meezi.ir:443:$IP" -H 'content-type: application/json' \
--data '{"phoneNumber":"09120000000"}' --max-time 15 \
-w 'HTTP=%{http_code} ct=%{content_type}\n' || echo "curl failed"
grep -iE '^(server|content-type):' /tmp/h2 | sed 's/^/ hdr: /' || true
echo " body(head): $(head -c 200 /tmp/b2 | tr -d '\n')"
fi
echo ""
echo "### admin-api container + did the POST reach the app? ###"
docker inspect meezi-admin-api --format 'state={{.State.Status}} restarts={{.RestartCount}} started={{.State.StartedAt}}' || true
docker logs meezi-admin-api --since 8m 2>&1 | grep -iE 'send-otp|auth' | tail -15 || echo "(no send-otp lines in admin-api logs → request never reached it)"