Implement database export/import functionality for hardware migration
Added comprehensive database export/import system to safely migrate SSH connection data between different server environments. Key Features: - SQLite export format with encrypted data migration - Hardware fingerprint protection and re-encryption - Field mapping between TypeScript and database schemas - Foreign key constraint handling for cross-environment imports - Admin user assignment for imported SSH records - Additive import strategy preserving existing data - File upload support for import operations Technical Implementation: - Complete Drizzle ORM schema consistency - Bidirectional field name mapping (userId ↔ user_id) - Proper encryption/decryption workflow - Multer file upload middleware integration - Error handling and logging throughout Security: - Only exports SSH-related tables (ssh_data, ssh_credentials) - Protects admin user data from migration conflicts - Re-encrypts sensitive fields for target hardware - Validates export file format and version compatibility
This commit is contained in:
ZacharyZcR
@@ -369,37 +369,111 @@
|
||||
"migrationStatus": "迁移状态",
|
||||
"migrationCompleted": "迁移完成",
|
||||
"migrationRequired": "需要迁移",
|
||||
"deviceProtectedMasterKey": "设备保护主密钥",
|
||||
"deviceProtectedMasterKey": "环境保护主密钥",
|
||||
"legacyKeyStorage": "传统密钥存储",
|
||||
"masterKeyEncryptedWithDeviceFingerprint": "主密钥已通过设备指纹加密(KEK 保护已激活)",
|
||||
"keyNotProtectedByDeviceBinding": "密钥未受设备绑定保护(建议升级)",
|
||||
"masterKeyEncryptedWithDeviceFingerprint": "主密钥已通过环境指纹加密(KEK 保护已激活)",
|
||||
"keyNotProtectedByDeviceBinding": "密钥未受环境绑定保护(建议升级)",
|
||||
"valid": "有效",
|
||||
"initializeDatabaseEncryption": "初始化数据库加密",
|
||||
"enableAes256EncryptionWithDeviceBinding": "启用具有设备绑定主密钥保护的 AES-256 加密。这为 SSH 密钥、密码和身份验证令牌创建企业级安全保护。",
|
||||
"enableAes256EncryptionWithDeviceBinding": "启用具有环境绑定主密钥保护的 AES-256 加密。这为 SSH 密钥、密码和身份验证令牌创建企业级安全保护。",
|
||||
"featuresEnabled": "启用的功能:",
|
||||
"aes256GcmAuthenticatedEncryption": "AES-256-GCM 认证加密",
|
||||
"deviceFingerprintMasterKeyProtection": "设备指纹主密钥保护 (KEK)",
|
||||
"deviceFingerprintMasterKeyProtection": "环境指纹主密钥保护 (KEK)",
|
||||
"pbkdf2KeyDerivation": "PBKDF2 密钥推导(10万次迭代)",
|
||||
"automaticKeyManagement": "自动密钥管理和轮换",
|
||||
"initializing": "初始化中...",
|
||||
"initializeEnterpriseEncryption": "初始化企业级加密",
|
||||
"migrateExistingData": "迁移现有数据",
|
||||
"encryptExistingUnprotectedData": "加密数据库中现有的未保护数据。此过程安全可靠,会自动创建备份。",
|
||||
"testMigrationDryRun": "测试迁移(演习模式)",
|
||||
"testMigrationDryRun": "验证加密兼容性",
|
||||
"migrating": "迁移中...",
|
||||
"migrateData": "迁移数据",
|
||||
"securityInformation": "安全信息",
|
||||
"sshPrivateKeysEncryptedWithAes256": "SSH 私钥和密码使用 AES-256-GCM 加密",
|
||||
"userAuthTokensProtected": "用户认证令牌和 2FA 密钥受到保护",
|
||||
"masterKeysProtectedByDeviceFingerprint": "主加密密钥受设备指纹保护 (KEK)",
|
||||
"keysBoundToServerInstance": "密钥绑定到此特定服务器实例",
|
||||
"keysBoundToServerInstance": "密钥绑定到当前服务器环境(可通过环境变量迁移)",
|
||||
"pbkdf2HkdfKeyDerivation": "PBKDF2 + HKDF 密钥推导(10万次迭代)",
|
||||
"backwardCompatibleMigration": "迁移过程中所有数据保持向后兼容",
|
||||
"enterpriseGradeSecurityActive": "企业级安全已激活",
|
||||
"masterKeysProtectedByDeviceBinding": "您的主加密密钥受设备指纹绑定保护。这意味着即使有人获得您的数据库文件访问权限,如果没有对此服务器的物理访问权限,他们也无法解密数据。",
|
||||
"masterKeysProtectedByDeviceBinding": "您的主加密密钥受环境指纹保护。这基于服务器的主机名、路径等环境信息生成保护密钥。如需迁移服务器,可通过设置 DB_ENCRYPTION_KEY 环境变量来实现数据迁移。",
|
||||
"important": "重要提示",
|
||||
"keepEncryptionKeysSecure": "请妥善保管您的加密密钥。丢失加密密钥将导致永久性数据丢失。建议定期备份。",
|
||||
"loadingEncryptionStatus": "正在加载加密状态..."
|
||||
"keepEncryptionKeysSecure": "确保数据安全:定期备份数据库文件和服务器配置。如需迁移到新服务器,请在新环境中设置 DB_ENCRYPTION_KEY 环境变量,或保持相同的主机名和目录结构。",
|
||||
"loadingEncryptionStatus": "正在加载加密状态...",
|
||||
"testMigrationDescription": "验证现有数据是否可以安全地迁移到加密格式,不会实际修改任何数据",
|
||||
"serverMigrationGuide": "服务器迁移指南",
|
||||
"migrationInstructions": "要将加密数据迁移到新服务器:1) 备份数据库文件,2) 在新服务器设置环境变量 DB_ENCRYPTION_KEY=\"你的密钥\",3) 恢复数据库文件",
|
||||
"environmentProtection": "环境保护",
|
||||
"environmentProtectionDesc": "基于服务器环境信息(主机名、路径等)保护加密密钥,可通过环境变量实现迁移",
|
||||
"verificationCompleted": "兼容性验证完成 - 未修改任何数据",
|
||||
"verificationInProgress": "验证完成",
|
||||
"dataMigrationCompleted": "数据迁移完成!",
|
||||
"migrationCompleted": "迁移完成",
|
||||
"verificationFailed": "兼容性验证失败",
|
||||
"migrationFailed": "迁移失败",
|
||||
"runningVerification": "正在进行兼容性验证...",
|
||||
"startingMigration": "开始迁移...",
|
||||
"hardwareFingerprintSecurity": "硬件指纹安全",
|
||||
"hardwareBoundEncryption": "硬件绑定加密已激活",
|
||||
"masterKeysNowProtectedByHardwareFingerprint": "主密钥现在受真实硬件指纹保护,而非环境变量",
|
||||
"cpuSerialNumberDetection": "CPU 序列号检测",
|
||||
"motherboardUuidIdentification": "主板 UUID 识别",
|
||||
"diskSerialNumberVerification": "磁盘序列号验证",
|
||||
"biosSerialNumberCheck": "BIOS 序列号检查",
|
||||
"stableMacAddressFiltering": "稳定 MAC 地址过滤",
|
||||
"databaseFileEncryption": "数据库文件加密",
|
||||
"dualLayerProtection": "双层保护已激活",
|
||||
"bothFieldAndFileEncryptionActive": "字段级和文件级加密现均已激活,提供最大安全保护",
|
||||
"fieldLevelAes256Encryption": "敏感数据的字段级 AES-256 加密",
|
||||
"fileLevelDatabaseEncryption": "硬件绑定的文件级数据库加密",
|
||||
"hardwareBoundFileKeys": "硬件绑定的文件加密密钥",
|
||||
"automaticEncryptedBackups": "自动加密备份创建",
|
||||
"createEncryptedBackup": "创建加密备份",
|
||||
"creatingBackup": "创建备份中...",
|
||||
"backupCreated": "备份已创建",
|
||||
"encryptedBackupCreatedSuccessfully": "加密备份创建成功",
|
||||
"backupCreationFailed": "备份创建失败",
|
||||
"databaseMigration": "数据库迁移",
|
||||
"exportForMigration": "导出用于迁移",
|
||||
"exportDatabaseForHardwareMigration": "导出 SQLite 格式的解密数据库以迁移到新硬件",
|
||||
"exportDatabase": "导出 SQLite 数据库",
|
||||
"exporting": "导出中...",
|
||||
"exportCreated": "SQLite 导出已创建",
|
||||
"exportContainsDecryptedData": "SQLite 导出包含解密数据 - 请保持安全!",
|
||||
"databaseExportedSuccessfully": "SQLite 数据库导出成功",
|
||||
"databaseExportFailed": "SQLite 数据库导出失败",
|
||||
"importFromMigration": "从迁移导入",
|
||||
"importDatabaseFromAnotherSystem": "从其他系统或硬件导入 SQLite 数据库",
|
||||
"importDatabase": "导入 SQLite 数据库",
|
||||
"importing": "导入中...",
|
||||
"selectedFile": "选定 SQLite 文件",
|
||||
"importWillReplaceExistingData": "SQLite 导入将替换现有数据 - 建议备份!",
|
||||
"pleaseSelectImportFile": "请选择 SQLite 导入文件",
|
||||
"databaseImportedSuccessfully": "SQLite 数据库导入成功",
|
||||
"databaseImportFailed": "SQLite 数据库导入失败",
|
||||
"manageEncryptionAndBackups": "管理加密密钥、数据库安全和备份操作",
|
||||
"activeSecurityFeatures": "当前活跃的安全措施和保护功能",
|
||||
"deviceBindingTechnology": "高级硬件密钥保护技术",
|
||||
"backupAndRecovery": "安全备份创建和数据库恢复选项",
|
||||
"crossSystemDataTransfer": "跨系统数据库导出和导入",
|
||||
"noMigrationNeeded": "无需迁移",
|
||||
"encryptionKey": "加密密钥",
|
||||
"keyProtection": "密钥保护",
|
||||
"active": "已激活",
|
||||
"legacy": "旧版",
|
||||
"dataStatus": "数据状态",
|
||||
"encrypted": "已加密",
|
||||
"needsMigration": "需要迁移",
|
||||
"ready": "就绪",
|
||||
"initializeEncryption": "初始化加密",
|
||||
"initialize": "初始化",
|
||||
"test": "测试",
|
||||
"migrate": "迁移",
|
||||
"backup": "备份",
|
||||
"createBackup": "创建备份",
|
||||
"exportImport": "导出/导入",
|
||||
"export": "导出",
|
||||
"import": "导入"
|
||||
},
|
||||
"hosts": {
|
||||
"title": "主机管理",
|
||||
|
||||
Reference in New Issue
Block a user