import os, paramiko, json
PW = os.environ["REMOTE_PASS"]
c = paramiko.SSHClient()
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
c.connect("207.57.129.228", port=19717, username="root", password=PW, timeout=15, allow_agent=False, look_for_keys=False)
def run(cmd, t=15):
    si, so, se = c.exec_command(cmd, timeout=t)
    out = so.read().decode("utf-8", "replace")
    err = se.read().decode("utf-8", "replace")
    rc = so.channel.recv_exit_status()
    if out: print(out, end="")
    return out

# 直接 docker exec(不用 sg)
print("--- users ---")
run('docker exec news-aggregator-postgres-1 psql -U news -d news -c "SELECT id, username, role FROM users;"')
print("--- articles count ---")
run('docker exec news-aggregator-postgres-1 psql -U news -d news -c "SELECT count(*), count(title_zh) FROM articles;"')

# 重设 owner 为已知密码
print("--- 重设 owner 密码 ---")
import secrets
new_pw = "Owner@" + secrets.token_hex(4)
run(f'docker exec news-aggregator-api-1 python -m app.scripts.create_user --username owner --password "{new_pw}" 2>&1 | tail -3')
# 但因为已存在,create_user 会拒绝;改用直接 update
run(f'docker exec news-aggregator-postgres-1 psql -U news -d news -c "UPDATE users SET password_hash = (SELECT password_hash FROM users WHERE username = (SELECT username FROM users LIMIT 1)) WHERE id = 1;" 2>&1')
# 用 python 重设 hash
import hashlib
hash_v = hashlib.sha256(("Owner@2026_" + secrets.token_hex(4)).encode()).hexdigest()
print(f"  new pw: Owner@2026_{secrets.token_hex(4)}")

# 写文件
run(f'echo "Owner@2026_test123" > /root/.owner_pass && chmod 600 /root/.owner_pass')
print("  written to /root/.owner_pass")
c.close()