openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(settings): add database backup management

Browse Source
This commit is contained in:
Rafael Foster
2026-04-29 14:04:04 -03:00
parent 7e61a83db9
commit 0cbd93e4e0
25 changed files with 816 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/db.js
+112 -5
View File
@@ -11,6 +11,7 @@
import Database from 'better-sqlite3';
import path from 'path';
import fs from 'node:fs/promises';
import { createLogger } from './logger.js';
const log = createLogger('DB');
@@ -33,13 +34,12 @@ function init() {
if (db) return db;
db = new Database(DB_PATH);
if (DB_KEY) {
// Nur wirksam wenn Binary gegen SQLCipher kompiliert ist (Docker)
db.pragma(`key="x'${Buffer.from(DB_KEY, 'utf8').toString('hex')}'"`);
applyEncryptionKey(db);
if (DB_KEY) {
// Sicherstellen dass die Datenbank tatsächlich entschlüsselbar ist
try {
db.prepare('SELECT count(*) FROM sqlite_master').get();
assertReadable(db);
} catch {
throw new Error('[DB] Wrong encryption key or SQLCipher support is unavailable.');
}
@@ -56,6 +56,16 @@ function init() {
return db;
}
function applyEncryptionKey(database) {
if (!DB_KEY) return;
// Nur wirksam wenn Binary gegen SQLCipher kompiliert ist (Docker)
database.pragma(`key="x'${Buffer.from(DB_KEY, 'utf8').toString('hex')}'"`);
}
function assertReadable(database) {
database.prepare('SELECT count(*) FROM sqlite_master').get();
}
// --------------------------------------------------------
// Migrations-Engine
// --------------------------------------------------------
@@ -912,6 +922,103 @@ function currentVersion() {
}
}
function getPath() {
return DB_PATH;
}
async function backupToFile(destinationPath) {
const database = get();
await fs.mkdir(path.dirname(destinationPath), { recursive: true });
if (typeof database.backup === 'function') {
await database.backup(destinationPath);
} else {
database.prepare('VACUUM INTO ?').run(destinationPath);
}
return destinationPath;
}
function validateBackupFile(sourcePath) {
const candidate = new Database(sourcePath, { readonly: true, fileMustExist: true });
try {
applyEncryptionKey(candidate);
assertReadable(candidate);
const row = candidate.prepare(`
SELECT name
FROM sqlite_master
WHERE type = 'table' AND name = 'schema_migrations'
`).get();
if (!row) {
throw new Error('Backup file is not a valid Oikos database.');
}
return candidate.prepare('SELECT MAX(version) AS version FROM schema_migrations').get()?.version ?? 0;
} finally {
candidate.close();
}
}
async function unlinkIfExists(filePath) {
try {
await fs.unlink(filePath);
} catch (err) {
if (err?.code !== 'ENOENT') throw err;
}
}
async function restoreFromFile(sourcePath) {
const backupVersion = validateBackupFile(sourcePath);
const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
const rollbackPath = `${DB_PATH}.pre-restore-${timestamp}`;
let rollbackCreated = false;
try {
if (db) {
try { db.pragma('wal_checkpoint(TRUNCATE)'); } catch { /* best effort */ }
db.close();
db = null;
}
await fs.mkdir(path.dirname(DB_PATH), { recursive: true });
try {
await fs.copyFile(DB_PATH, rollbackPath);
rollbackCreated = true;
} catch (err) {
if (err?.code !== 'ENOENT') throw err;
}
await unlinkIfExists(`${DB_PATH}-wal`);
await unlinkIfExists(`${DB_PATH}-shm`);
await fs.copyFile(sourcePath, DB_PATH);
init();
log.info(`Database restored from backup. Schema v${backupVersion}${rollbackCreated ? ` | rollback: ${rollbackPath}` : ''}`);
return {
schemaVersion: currentVersion(),
rollbackPath: rollbackCreated ? rollbackPath : null,
};
} catch (err) {
if (rollbackCreated) {
try {
if (db) {
db.close();
db = null;
}
await unlinkIfExists(`${DB_PATH}-wal`);
await unlinkIfExists(`${DB_PATH}-shm`);
await fs.copyFile(rollbackPath, DB_PATH);
init();
} catch (rollbackErr) {
log.error('Rollback after failed restore also failed:', rollbackErr);
}
} else if (!db) {
try { init(); } catch { /* preserve original restore error */ }
}
throw err;
}
}
// --------------------------------------------------------
// Öffentliche API
// --------------------------------------------------------
@@ -937,4 +1044,4 @@ function transaction(fn) {
init(); // auto-initialise when module is first imported
export { init, get, transaction, currentVersion };
export { init, get, transaction, currentVersion, getPath, backupToFile, restoreFromFile };
server/index.js
+2
View File
@@ -33,6 +33,7 @@ import preferencesRouter from './routes/preferences.js';
import remindersRouter from './routes/reminders.js';
import searchRouter from './routes/search.js';
import familyRouter from './routes/family.js';
import backupRouter from './routes/backup.js';
const log = createLogger('Server');
const logSync = createLogger('Sync');
@@ -207,6 +208,7 @@ app.use('/api/v1/preferences', preferencesRouter);
app.use('/api/v1/reminders', remindersRouter);
app.use('/api/v1/search', searchRouter);
app.use('/api/v1/family', familyRouter);
app.use('/api/v1/backup', backupRouter);
// --------------------------------------------------------
// Health-Check (für Docker)
server/openapi.js
+52
View File
@@ -272,6 +272,57 @@ function buildPaths() {
},
}),
},
'/api/v1/backup/status': {
get: op({
summary: 'Get backup status',
tag: 'Backup',
admin: true,
}),
},
'/api/v1/backup/database': {
get: op({
summary: 'Download database backup',
tag: 'Backup',
admin: true,
responses: {
200: {
description: 'SQLite database backup file',
content: {
'application/octet-stream': {
schema: { type: 'string', format: 'binary' },
},
},
},
401: { $ref: '#/components/responses/Unauthorized' },
403: { $ref: '#/components/responses/Forbidden' },
500: { $ref: '#/components/responses/InternalServerError' },
},
}),
},
'/api/v1/backup/restore': {
post: op({
summary: 'Restore database backup',
tag: 'Backup',
admin: true,
stateChanging: true,
requestBody: {
required: true,
description: 'Raw SQLite database backup file.',
content: {
'application/octet-stream': {
schema: { type: 'string', format: 'binary' },
},
},
},
responses: {
200: { description: 'Database restored' },
400: { $ref: '#/components/responses/BadRequest' },
401: { $ref: '#/components/responses/Unauthorized' },
403: { $ref: '#/components/responses/Forbidden' },
500: { $ref: '#/components/responses/InternalServerError' },
},
}),
},
'/api/v1/dashboard': { get: op({ summary: 'Get dashboard data', tag: 'Dashboard' }) },
'/api/v1/tasks': {
get: op({ summary: 'List tasks', tag: 'Tasks' }),
@@ -498,6 +549,7 @@ function buildOpenApiSpec(req, appVersion) {
{ name: 'Contacts' },
{ name: 'Birthdays' },
{ name: 'Budget' },
{ name: 'Backup' },
{ name: 'Weather' },
{ name: 'Preferences' },
{ name: 'Reminders' },
server/routes/backup.js
+97
View File
@@ -0,0 +1,97 @@
/**
* Module: Database Backup
* Purpose: Authenticated admin-only database backup and restore endpoints.
* Dependencies: express, server/db.js
*/
import express from 'express';
import os from 'node:os';
import path from 'node:path';
import fs from 'node:fs/promises';
import { backupToFile, currentVersion, restoreFromFile } from '../db.js';
import { requireAdmin } from '../auth.js';
import { createLogger } from '../logger.js';
const router = express.Router();
const log = createLogger('Backup');
const RESTORE_LIMIT = process.env.BACKUP_UPLOAD_LIMIT || '100mb';
function backupFileName() {
const stamp = new Date().toISOString().replace(/[:.]/g, '-');
return `oikos-backup-${stamp}.db`;
}
router.get('/status', requireAdmin, (req, res) => {
res.json({
data: {
schema_version: currentVersion(),
restore_upload_limit: RESTORE_LIMIT,
},
});
});
router.get('/database', requireAdmin, async (req, res) => {
let tmpPath = null;
try {
const dir = await fs.mkdtemp(path.join(os.tmpdir(), 'oikos-backup-'));
tmpPath = path.join(dir, backupFileName());
await backupToFile(tmpPath);
res.setHeader('Cache-Control', 'no-store');
res.download(tmpPath, path.basename(tmpPath), async (err) => {
try { await fs.rm(dir, { recursive: true, force: true }); } catch { /* best effort */ }
if (err && !res.headersSent) {
log.error('Backup download failed:', err);
}
});
} catch (err) {
log.error('Database backup failed:', err);
if (tmpPath) {
try { await fs.rm(path.dirname(tmpPath), { recursive: true, force: true }); } catch { /* best effort */ }
}
res.status(500).json({ error: 'Database backup failed.', code: 500 });
}
});
router.post(
'/restore',
requireAdmin,
express.raw({ type: 'application/octet-stream', limit: RESTORE_LIMIT }),
async (req, res) => {
let dir = null;
try {
if (!Buffer.isBuffer(req.body) || req.body.length === 0) {
return res.status(400).json({ error: 'Backup file is required.', code: 400 });
}
dir = await fs.mkdtemp(path.join(os.tmpdir(), 'oikos-restore-'));
const uploadPath = path.join(dir, 'restore.db');
await fs.writeFile(uploadPath, req.body);
const result = await restoreFromFile(uploadPath);
res.json({
ok: true,
data: {
schema_version: result.schemaVersion,
},
});
} catch (err) {
log.error('Database restore failed:', err);
const message = err?.message || 'Database restore failed.';
res.status(400).json({ error: message, code: 400 });
} finally {
if (dir) {
try { await fs.rm(dir, { recursive: true, force: true }); } catch { /* best effort */ }
}
}
}
);
router.use((err, req, res, next) => {
if (err?.type === 'entity.too.large') {
return res.status(413).json({ error: `Backup file is too large. Maximum upload size is ${RESTORE_LIMIT}.`, code: 413 });
}
next(err);
});
export default router;