From ddeba04bd6b59858917330a695a60b415bdea765 Mon Sep 17 00:00:00 2001
From: marco370 <48531002-marco370@users.noreply.replit.com>
Date: Mon, 17 Nov 2025 17:02:02 +0000
Subject: [PATCH] Add ability to update system and synchronize database schema
 from Git

Introduced `update_from_git.sh` for system updates and `export_db_schema.sh` for database schema export to Git.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 73928b7c-5285-4753-b497-d89555ba98b5
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/CGAMfXu
---
 .gitignore                     |   5 +
 .replit                        |   4 +
 deployment/export_db_schema.sh |  70 ++++++++++++
 replit.md                      |  21 ++++
 update_from_git.sh             | 193 +++++++++++++++++++++++++++++++++
 5 files changed, 293 insertions(+)
 create mode 100644 deployment/export_db_schema.sh
 create mode 100644 update_from_git.sh

diff --git a/.gitignore b/.gitignore
index 948bafc..8536f56 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,6 +18,11 @@ backups/
 *.log
 *.log.*
 
+# Database schema (SOLO schema.sql committato, NO dati)
+database-schema/*
+!database-schema/
+!database-schema/schema.sql
+
 # Python
 __pycache__/
 *.py[cod]
diff --git a/.replit b/.replit
index af7007c..1e3c111 100644
--- a/.replit
+++ b/.replit
@@ -14,6 +14,10 @@ run = ["npm", "run", "start"]
 localPort = 5000
 externalPort = 80
 
+[[ports]]
+localPort = 38641
+externalPort = 3000
+
 [env]
 PORT = "5000"
 
diff --git a/deployment/export_db_schema.sh b/deployment/export_db_schema.sh
new file mode 100644
index 0000000..7b3004c
--- /dev/null
+++ b/deployment/export_db_schema.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+# ============================================================================
+# Export Database Schema (NO DATA)
+# ============================================================================
+# Esporta solo la struttura del database (DDL) senza dati sensibili
+# Da committare su git per versioning dello schema
+
+set -e
+
+# Colori
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+echo -e "${BLUE}╔═══════════════════════════════════════════════╗${NC}"
+echo -e "${BLUE}║   Database Schema Export                     ║${NC}"
+echo -e "${BLUE}╚═══════════════════════════════════════════════╝${NC}"
+echo ""
+
+# Carica configurazione da .env
+if [ -f "/opt/ids/.env" ]; then
+    source /opt/ids/.env
+    echo -e "${GREEN}✅ Configurazione caricata da .env${NC}"
+else
+    echo -e "${RED}❌ File .env non trovato${NC}"
+    exit 1
+fi
+
+# File output
+SCHEMA_FILE="/opt/ids/database-schema/schema.sql"
+TIMESTAMP=$(date +%Y%m%d_%H%M%S)
+
+# Crea directory se non esiste
+mkdir -p /opt/ids/database-schema
+
+echo -e "${BLUE}📄 Export schema da database: ${PGDATABASE}${NC}"
+
+# Export solo schema (--schema-only = NO DATA)
+export PGPASSWORD="$PGPASSWORD"
+pg_dump \
+    -h "${PGHOST:-127.0.0.1}" \
+    -p "${PGPORT:-5432}" \
+    -U "${PGUSER}" \
+    -d "${PGDATABASE}" \
+    --schema-only \
+    --no-owner \
+    --no-privileges \
+    > "$SCHEMA_FILE"
+
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✅ Schema esportato: $SCHEMA_FILE${NC}"
+    
+    # Statistiche
+    TABLES=$(grep -c "CREATE TABLE" "$SCHEMA_FILE" || echo 0)
+    INDEXES=$(grep -c "CREATE INDEX" "$SCHEMA_FILE" || echo 0)
+    SIZE=$(du -h "$SCHEMA_FILE" | cut -f1)
+    
+    echo ""
+    echo -e "${BLUE}📊 Statistiche:${NC}"
+    echo -e "   - Tabelle: ${GREEN}${TABLES}${NC}"
+    echo -e "   - Indici: ${GREEN}${INDEXES}${NC}"
+    echo -e "   - Dimensione: ${GREEN}${SIZE}${NC}"
+    echo ""
+    echo -e "${GREEN}✅ File pronto per commit su git${NC}"
+else
+    echo -e "${RED}❌ Errore durante export schema${NC}"
+    exit 1
+fi
diff --git a/replit.md b/replit.md
index 17104b2..86ac2e9 100644
--- a/replit.md
+++ b/replit.md
@@ -79,6 +79,27 @@ Sistema di rilevamento intrusioni per router MikroTik basato su Machine Learning
 - `server/db.ts`: PostgreSQL connection
 - `shared/schema.ts`: Drizzle ORM schema
 
+## Deployment e Aggiornamenti
+
+### Aggiornamento da Git (Server AlmaLinux)
+```bash
+# Aggiornamento standard (codice + dipendenze)
+cd /opt/ids
+./update_from_git.sh
+
+# Aggiornamento con sincronizzazione schema database
+./update_from_git.sh --db
+```
+
+### Export Schema Database (Solo Struttura)
+```bash
+# Su server production, esporta schema per commit su git
+cd /opt/ids/deployment
+./export_db_schema.sh
+
+# Risultato: database-schema/schema.sql (NO dati, SOLO DDL)
+```
+
 ## Comandi Utili
 
 ### Start Python Backend
diff --git a/update_from_git.sh b/update_from_git.sh
new file mode 100644
index 0000000..a3bc4ca
--- /dev/null
+++ b/update_from_git.sh
@@ -0,0 +1,193 @@
+#!/bin/bash
+
+# =============================================================================
+# IDS - Aggiornamento Sistema da git.alfacom.it
+# =============================================================================
+# Eseguire come ROOT: ./update_from_git.sh [--db]
+# Lo script esegue i comandi git come utente 'ids' automaticamente
+#
+# Opzioni:
+#   --db    Sincronizza anche schema database da database-schema/schema.sql
+# =============================================================================
+
+set -e
+
+# Colori per output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+# Opzioni
+UPDATE_DB=false
+if [ "$1" == "--db" ]; then
+    UPDATE_DB=true
+fi
+
+echo -e "${BLUE}"
+echo "╔═══════════════════════════════════════════════╗"
+echo "║   🔄 AGGIORNAMENTO SISTEMA IDS DA GIT         ║"
+echo "╚═══════════════════════════════════════════════╝"
+echo -e "${NC}"
+
+IDS_DIR="/opt/ids"
+IDS_USER="ids"
+
+# Verifica di essere root
+if [ "$EUID" -ne 0 ]; then 
+    echo -e "${RED}❌ Questo script deve essere eseguito come root${NC}"
+    echo -e "${YELLOW}   Esegui: sudo ./update_from_git.sh [--db]${NC}"
+    exit 1
+fi
+
+cd "$IDS_DIR" || exit 1
+
+# Fix git ownership se necessario
+echo -e "${BLUE}🔧 Verifica configurazione git...${NC}"
+if ! sudo -u $IDS_USER git config --global --get-all safe.directory | grep -q "^/opt/ids$"; then
+    echo -e "${YELLOW}   Configuro safe directory...${NC}"
+    sudo -u $IDS_USER git config --global --add safe.directory /opt/ids
+    echo -e "${GREEN}   ✅ Configurato${NC}"
+fi
+
+# Backup configurazione locale
+echo -e "\n${BLUE}💾 Backup configurazione locale...${NC}"
+if [ -f ".env" ]; then
+    cp .env .env.backup
+    echo -e "${GREEN}✅ .env salvato in .env.backup${NC}"
+fi
+
+if [ -f "git.env" ]; then
+    cp git.env git.env.backup
+    echo -e "${GREEN}✅ git.env salvato in git.env.backup${NC}"
+fi
+
+# Verifica modifiche locali
+echo -e "\n${BLUE}🔍 Verifica modifiche locali...${NC}"
+if ! sudo -u $IDS_USER git diff-index --quiet HEAD -- 2>/dev/null; then
+    echo -e "${YELLOW}⚠️  Ci sono modifiche locali non committate${NC}"
+    echo -e "${YELLOW}   Esegui 'git status' per vedere i dettagli${NC}"
+    read -p "Vuoi procedere comunque? (y/n) " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        exit 1
+    fi
+    # Stash modifiche locali
+    echo -e "${BLUE}   Salvo modifiche locali temporaneamente...${NC}"
+    sudo -u $IDS_USER git stash
+fi
+
+# Pull da git
+echo -e "\n${BLUE}📥 Download aggiornamenti da git.alfacom.it...${NC}"
+sudo -u $IDS_USER git fetch origin
+sudo -u $IDS_USER git pull origin main
+
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✅ Aggiornamenti scaricati con successo${NC}"
+else
+    echo -e "${RED}❌ Errore durante il download${NC}"
+    exit 1
+fi
+
+# Ripristina configurazione locale
+echo -e "\n${BLUE}🔄 Ripristino configurazione locale...${NC}"
+if [ -f ".env.backup" ]; then
+    cp .env.backup .env
+    chown $IDS_USER:$IDS_USER .env
+    echo -e "${GREEN}✅ .env ripristinato${NC}"
+fi
+
+if [ -f "git.env.backup" ]; then
+    cp git.env.backup git.env
+    chown $IDS_USER:$IDS_USER git.env
+    echo -e "${GREEN}✅ git.env ripristinato${NC}"
+fi
+
+# Sincronizza schema database se richiesto
+if [ "$UPDATE_DB" = true ]; then
+    echo -e "\n${BLUE}🗄️  Sincronizzazione schema database...${NC}"
+    
+    SCHEMA_FILE="$IDS_DIR/database-schema/schema.sql"
+    
+    if [ -f "$SCHEMA_FILE" ]; then
+        # Carica configurazione database
+        if [ -f "$IDS_DIR/.env" ]; then
+            source "$IDS_DIR/.env"
+            
+            echo -e "${YELLOW}⚠️  Applicazione schema da git al database${NC}"
+            echo -e "${YELLOW}   Database: ${PGDATABASE}${NC}"
+            read -p "Confermi? (y/n) " -n 1 -r
+            echo
+            
+            if [[ $REPLY =~ ^[Yy]$ ]]; then
+                # Applica schema
+                export PGPASSWORD="$PGPASSWORD"
+                psql -h "${PGHOST:-127.0.0.1}" -p "${PGPORT:-5432}" -U "${PGUSER}" -d "${PGDATABASE}" < "$SCHEMA_FILE"
+                
+                if [ $? -eq 0 ]; then
+                    echo -e "${GREEN}✅ Schema database sincronizzato${NC}"
+                else
+                    echo -e "${RED}❌ Errore sincronizzazione schema${NC}"
+                    exit 1
+                fi
+            else
+                echo -e "${YELLOW}⏭️  Sincronizzazione schema saltata${NC}"
+            fi
+        else
+            echo -e "${RED}❌ File .env non trovato${NC}"
+            exit 1
+        fi
+    else
+        echo -e "${YELLOW}⚠️  File schema.sql non trovato in database-schema/${NC}"
+        echo -e "${YELLOW}   Esegui ./deployment/export_db_schema.sh sul server di riferimento${NC}"
+    fi
+fi
+
+# Aggiorna dipendenze Node.js
+echo -e "\n${BLUE}📦 Aggiornamento dipendenze Node.js...${NC}"
+sudo -u $IDS_USER npm install
+
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✅ Dipendenze Node.js aggiornate${NC}"
+else
+    echo -e "${YELLOW}⚠️  Possibili warning npm (spesso ignorabili)${NC}"
+fi
+
+# Aggiorna dipendenze Python
+echo -e "\n${BLUE}📦 Aggiornamento dipendenze Python...${NC}"
+cd python_ml
+sudo -u $IDS_USER /usr/bin/python3.11 -m pip install --upgrade -r requirements.txt
+cd ..
+
+if [ $? -eq 0 ]; then
+    echo -e "${GREEN}✅ Dipendenze Python aggiornate${NC}"
+fi
+
+# Restart servizi
+echo -e "\n${BLUE}🔄 Restart servizi...${NC}"
+if [ -f "./deployment/restart_all.sh" ]; then
+    chmod +x ./deployment/restart_all.sh
+    ./deployment/restart_all.sh
+    echo -e "${GREEN}✅ Servizi riavviati${NC}"
+else
+    echo -e "${YELLOW}⚠️  Script restart_all.sh non trovato${NC}"
+    echo -e "${YELLOW}   Riavvia manualmente i servizi se necessario${NC}"
+fi
+
+echo ""
+echo -e "${GREEN}╔═══════════════════════════════════════════════╗${NC}"
+echo -e "${GREEN}║   ✅ AGGIORNAMENTO COMPLETATO                 ║${NC}"
+echo -e "${GREEN}╚═══════════════════════════════════════════════╝${NC}"
+echo ""
+echo -e "${BLUE}📋 VERIFICA SISTEMA:${NC}"
+echo -e "   • Log backend:  ${YELLOW}tail -f /var/log/ids/backend.log${NC}"
+echo -e "   • Log frontend: ${YELLOW}tail -f /var/log/ids/frontend.log${NC}"
+echo -e "   • API backend:  ${YELLOW}curl http://localhost:8000/health${NC}"
+echo -e "   • Frontend:     ${YELLOW}curl http://localhost:5000${NC}"
+echo ""
+echo -e "${BLUE}📊 STATO SERVIZI:${NC}"
+ps aux | grep -E 'python.*main|npm.*dev|syslog_parser' | grep -v grep
+echo ""
+
+exit 0