Home Explore Help
Sign In
lanfr
/
LocalFoodAI_lanfr144
1
0
Fork 0
Files Issues 0 Wiki
Tree: 620543f87d
Branches Tags
LocalFoodAI_lan...
/
setup_db.py

setup_db.py 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 
  1. import pymysql
    2. 

  2. import getpass
    3. 

  3. import os
    4. 

  4. 

  5. def run_db_setup():
    6. 

  6.     """ 
    7. 

  7.     This Python script prompts for passwords securely and executes CREATE USER / GRANT 
    8. 

  8.     statements to provision the MySQL server dynamically without config files.
    9. 

  9.     """
    10. 

  10.     print("Welcome to Local Food AI Initial Setup.")
    11. 

  11.     print("WARNING: This will configure your MySQL server. You must know the MySQL root password.\n")
    12. 

  12.     
    13. 

  13.     # Automatically fetch passwords for secure CI/CD deployment or fallback for exam/local setup
    14. 

  14.     root_password = os.environ.get("MYSQL_ROOT_PASSWORD", "")
    15. 

  15.     owner_pass = os.environ.get("DB_OWNER_PASS", "BTSai123")
    16. 

  16.     reader_pass = os.environ.get("DB_READER_PASS", "BTSai123")
    17. 

  17.     loader_pass = os.environ.get("DB_LOADER_PASS", "BTSai123")
    18. 

  18.     app_auth_pass = os.environ.get("DB_AUTH_PASS", "BTSai123")
    19. 

  19. 

  20.     print("\nConnecting as root to configure server...")
    21. 

  21.     try:
    22. 

  22.         # Connect using the local unix socket which allows seamless auth_socket root login on Ubuntu
    23. 

  23.         conn = pymysql.connect(
    24. 

  24.             unix_socket='/var/run/mysqld/mysqld.sock', 
    25. 

  25.             user='root',
    26. 

  26.             password=root_password,
    27. 

  27.             autocommit=True
    28. 

  28.         )
    29. 

  29.         cursor = conn.cursor()
    30. 

  30.     except Exception as e:
    31. 

  31.         print(f"Failed to connect: {e}")
    32. 

  32.         return
    33. 

  33. 

  34.     queries = [
    35. 

  35.         "CREATE DATABASE IF NOT EXISTS food_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;",
    36. 

  36.         
    37. 

  37.         # Owner User
    38. 

  38.         f"CREATE USER IF NOT EXISTS 'db_owner'@'%' IDENTIFIED BY '{owner_pass}';",
    39. 

  39.         "GRANT ALL PRIVILEGES ON food_db.* TO 'db_owner'@'%' WITH GRANT OPTION;",
    40. 

  40.         
    41. 

  41.         # Reader User
    42. 

  42.         f"CREATE USER IF NOT EXISTS 'db_reader'@'%' IDENTIFIED BY '{reader_pass}';",
    43. 

  43.         "GRANT USAGE ON *.* TO 'db_reader'@'%';",
    44. 

  44.         
    45. 

  45.         # Loader User
    46. 

  46.         f"CREATE USER IF NOT EXISTS 'db_loader'@'%' IDENTIFIED BY '{loader_pass}';",
    47. 

  47.         "GRANT USAGE ON *.* TO 'db_loader'@'%';",
    48. 

  48.         "GRANT FILE ON *.* TO 'db_loader'@'%';",  
    49. 

  49.         
    50. 

  50.         # App Auth User (PoLP)
    51. 

  51.         f"CREATE USER IF NOT EXISTS 'db_app_auth'@'%' IDENTIFIED BY '{app_auth_pass}';",
    52. 

  52.         "GRANT USAGE ON *.* TO 'db_app_auth'@'%';",
    53. 

  53.         
    54. 

  54.         "FLUSH PRIVILEGES;"
    55. 

  55.     ]
    56. 

  56. 

  57.     for q in queries:
    58. 

  58.         print(f"Executing: {q[:60]}...")
    59. 

  59.         cursor.execute(q)
    60. 

  60. 

  61.     # Now create the table logic safely
    62. 

  62.     print("\nCreating Tables and Granting Table-Specific Access...")
    63. 

  63.     
    64. 

  64.     # 1. Users Table
    65. 

  65.     cursor.execute("""
    66. 

  66.     CREATE TABLE IF NOT EXISTS food_db.users (
    67. 

  67.         id INT AUTO_INCREMENT PRIMARY KEY,
    68. 

  68.         username VARCHAR(100) UNIQUE NOT NULL,
    69. 

  69.         password_hash VARCHAR(255) NOT NULL,
    70. 

  70.         email VARCHAR(255) NULL,
    71. 

  71.         search_limit VARCHAR(10) DEFAULT '50',
    72. 

  72.         created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
    73. 

  73.     ) ENGINE=InnoDB;
    74. 

  74.     """)
    75. 

  75. 

  76.     # Gracefully add email and search_limit to existing tables if script is re-run
    77. 

  77.     try:
    78. 

  78.         cursor.execute("ALTER TABLE food_db.users ADD COLUMN email VARCHAR(255) NULL;")
    79. 

  79.     except Warning:
    80. 

  80.         pass
    81. 

  81.     except Exception as e:
    82. 

  82.         if 'Duplicate column name' not in str(e):
    83. 

  83.             print(f"Skipped altering users (Email): {e}")
    84. 

  84.             
    85. 

  85.     try:
    86. 

  86.         cursor.execute("ALTER TABLE food_db.users ADD COLUMN search_limit VARCHAR(10) DEFAULT '50';")
    87. 

  87.     except Warning:
    88. 

  88.         pass
    89. 

  89.     except Exception as e:
    90. 

  90.         if 'Duplicate column name' not in str(e):
    91. 

  91.             print(f"Skipped altering users (Limit): {e}")
    92. 

  92. 

  93.     # 1.5 Medical Profiles Table (EAV Migration)
    94. 

  94.     # We drop the old schema to clear constraints, allowing the dynamic structure to take over
    95. 

  95.     cursor.execute("DROP TABLE IF EXISTS food_db.user_profiles;")
    96. 

  96.     cursor.execute("""
    97. 

  97.     CREATE TABLE IF NOT EXISTS food_db.user_health_profiles (
    98. 

  98.         id INT AUTO_INCREMENT PRIMARY KEY,
    99. 

  99.         user_id INT NOT NULL,
    100. 

  100.         illness_health_condition_diet_dislikes_name VARCHAR(100) NOT NULL DEFAULT 'None',
    101. 

  101.         illness_health_condition_diet_dislikes_value VARCHAR(255) NOT NULL DEFAULT 'None',
    102. 

  102.         FOREIGN KEY (user_id) REFERENCES food_db.users(id) ON DELETE CASCADE
    103. 

  103.     ) ENGINE=InnoDB;
    104. 

  104.     """)
    105. 

  105. 

  106.     # 2. Plates Table (For storing custom combos)
    107. 

  107.     cursor.execute("""
    108. 

  108.     CREATE TABLE IF NOT EXISTS food_db.plates (
    109. 

  109.         id INT AUTO_INCREMENT PRIMARY KEY,
    110. 

  110.         user_id INT NOT NULL,
    111. 

  111.         plate_name VARCHAR(255) NOT NULL,
    112. 

  112.         created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    113. 

  113.         FOREIGN KEY (user_id) REFERENCES food_db.users(id) ON DELETE CASCADE
    114. 

  114.     ) ENGINE=InnoDB;
    115. 

  115.     """)
    116. 

  116. 

  117.     # 3. Plate Items Table (Linking products to a plate natively)
    118. 

  118.     cursor.execute("""
    119. 

  119.     CREATE TABLE IF NOT EXISTS food_db.plate_items (
    120. 

  120.         id INT AUTO_INCREMENT PRIMARY KEY,
    121. 

  121.         plate_id INT NOT NULL,
    122. 

  122.         product_code VARCHAR(50) NOT NULL,
    123. 

  123.         quantity_grams DOUBLE NOT NULL,
    124. 

  124.         FOREIGN KEY (plate_id) REFERENCES food_db.plates(id) ON DELETE CASCADE
    125. 

  125.     ) ENGINE=InnoDB;
    126. 

  126.     """)
    127. 

  127. 

  128.     # The products table is now dynamically generated by ingest_csv.py to support all ~200 columns.
    129. 

  129.     
    130. 

  130.     # Table Context Grants (PoLP)
    131. 

  131.     # The authenticated app process can handle credentials and now read/write custom plates!
    132. 

  132.     cursor.execute("GRANT SELECT, INSERT, UPDATE, DELETE ON food_db.users TO 'db_app_auth'@'%';")
    133. 

  133.     cursor.execute("GRANT SELECT, INSERT, UPDATE, DELETE ON food_db.user_health_profiles TO 'db_app_auth'@'%';")
    134. 

  134.     cursor.execute("GRANT SELECT, INSERT, UPDATE, DELETE ON food_db.plates TO 'db_app_auth'@'%';")
    135. 

  135.     cursor.execute("GRANT SELECT, INSERT, UPDATE, DELETE ON food_db.plate_items TO 'db_app_auth'@'%';")
    136. 

  136.     
    137. 

  137.     # Give the app read privileges on the whole database
    138. 

  138.     cursor.execute("GRANT SELECT ON food_db.* TO 'db_app_auth'@'%';")
    139. 

  139.     
    140. 

  140.     cursor.execute("GRANT SELECT ON food_db.* TO 'db_reader'@'%';")
    141. 

  141.     cursor.execute("GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE, ALTER, INDEX, CREATE VIEW ON food_db.* TO 'db_loader'@'%';")
    142. 

  142.     cursor.execute("FLUSH PRIVILEGES;")
    143. 

  143. 

  144.     print("\n✅ Database, Users, and Tables created successfully!")
    145. 

  145.     cursor.close()
    146. 

  146.     conn.close()
    147. 

  147. 

  148.     print("\n🎉 Setup Complete.")
    149. 

  149.     print("\n!!! IMPORTANT NEXT STEPS !!!")
    150. 

  150.     print("Now, use `mysql_config_editor` to store these passwords locally so the app can use them:")
    151. 

  151.     print("  mysql_config_editor set --login-path=app_reader --host=127.0.0.1 --user=db_reader --password")
    152. 

  152.     print("  mysql_config_editor set --login-path=app_auth --host=127.0.0.1 --user=db_app_auth --password")
    153. 

  153. 

  154. if __name__ == "__main__":
    155. 

  155.     run_db_setup()
    156.