Caddy basic_auth (PR #426) даёт network-level защиту для всего /admin/*.
Двойная auth избыточна для pilot — app-level AdminTokenAuth dep удалён.
Что изменено:
- admin_scrape.py (24 endpoints), admin_cadastre.py (5), admin_jobs.py (3),
admin_leads.py (6), admin_weight_profiles.py (5): удалён import AdminTokenAuth
и параметр `_: AdminTokenAuth,` из каждой функции-handler'а
- backend/.env.example: SCRAPE_ADMIN_TOKEN помечен DEPRECATED с инструкцией rollback
Что НЕ менялось:
- core/deps.py: verify_admin_token + AdminTokenAuth остаются (dead code, rollback safety)
- frontend: заголовок X-Admin-Token продолжает слаться, backend игнорирует
- .env.runtime / settings: SCRAPE_ADMIN_TOKEN env var сохранён
- backend/alembic/* — alembic infra (env.py, script.py.mako). versions/ empty
for now; first migration goes in Stage 2a when models are finalized.
- backend/Dockerfile: bake alembic.ini + alembic/ into the image so
`docker compose exec backend alembic upgrade head` works in prod.
- backend/db/init/99_drop_unused_extensions.sql + bind-mount in both compose
files: drops postgis-image's TIGER/topology/fuzzystrmatch on fresh volumes.
- .pre-commit-config.yaml + pre-commit in dev deps: ruff/prettier on commit
to stop CI failures like UP035 from leaking out.
- ops/backup.sh, ops/restore.sh: pg_dump cron script with optional Selectel S3
upload. 7-day local retention. Restore guard: requires RESTORE_CONFIRM=yes.
- Makefile: new targets `make migration NAME=...`, `make pre-commit-install`.
- backend/.env.example: SENTRY_DSN comment with sentry.io reference.