馃悰 Fixed staff token can't export DB #16094
Conversation
Allows staff tokens to make backups of the DB by issuing a GET request to the `/db` API endpoint.
|
I agree about the note about I can see how supporting DB exports via the API could be convenient for what you describe, but it also brings added risks because it makes it easier to ex-filtrate personally identifiable information (PII), including names and emails. An alternate way to make daily backups is run a cron job or other daily timer which backups up the MySQL database and uploads that somewhere. Or, if you are using Cloud hosting, you have the option to trigger daily snapshots. Finally, you can reverse engineer how the web-based backups created by admins are authenticated and use your same kind of pattern by setting those auth headers. It seems the admin cookies may expire after a few months, so if you attempt this you may need some way to refresh the admin cookie periodically. Because this is rarely requested feature and because it comes with additional data privacy risk, I recommend against merging this PR. |
Allows staff tokens to make backups of the DB by issuing a GET request to the
/dbAPI endpoint. My use case is automatic daily backups (from a GitHub action).yarn test:allandyarn lint)p.s. it might be worth noting that
yarn test:allshould be run insideghost/core, it took me a white to figure that out.