ondra/ironmount
1
1
Fork 0
mirror of https://github.com/nicotsx/ironmount.git synced 2025-12-10 12:10:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: download recovery file restic password

Browse Source
This commit is contained in:
Nicolas Meienberger
2025-11-08 17:52:43 +01:00
parent b289920720
commit b5ba03da3d
23 changed files with 957 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
apps/client/app/api-client/@tanstack/react-query.gen.ts
View File

@@ -37,6 +37,7 @@ import {
getBackupScheduleForVolume,
runBackupNow,
getSystemInfo,
downloadResticPassword,
} from "../sdk.gen";
import { queryOptions, type UseMutationOptions, type DefaultError } from "@tanstack/react-query";
import type {
@@ -94,6 +95,9 @@ import type {
RunBackupNowData,
RunBackupNowResponse,
GetSystemInfoData,
DownloadResticPasswordData,
DownloadResticPasswordError,
DownloadResticPasswordResponse,
} from "../types.gen";
import { client as _heyApiClient } from "../client.gen";
@@ -1123,3 +1127,51 @@ export const getSystemInfoOptions = (options?: Options<GetSystemInfoData>) => {
queryKey: getSystemInfoQueryKey(options),
});
};
export const downloadResticPasswordQueryKey = (options?: Options<DownloadResticPasswordData>) =>
createQueryKey("downloadResticPassword", options);
/**
* Download the Restic password file for backup recovery. Requires password re-authentication.
*/
export const downloadResticPasswordOptions = (options?: Options<DownloadResticPasswordData>) => {
return queryOptions({
queryFn: async ({ queryKey, signal }) => {
const { data } = await downloadResticPassword({
...options,
...queryKey[0],
signal,
throwOnError: true,
});
return data;
},
queryKey: downloadResticPasswordQueryKey(options),
});
};
/**
* Download the Restic password file for backup recovery. Requires password re-authentication.
*/
export const downloadResticPasswordMutation = (
options?: Partial<Options<DownloadResticPasswordData>>,
): UseMutationOptions<
DownloadResticPasswordResponse,
DownloadResticPasswordError,
Options<DownloadResticPasswordData>
> => {
const mutationOptions: UseMutationOptions<
DownloadResticPasswordResponse,
DownloadResticPasswordError,
Options<DownloadResticPasswordData>
> = {
mutationFn: async (localOptions) => {
const { data } = await downloadResticPassword({
...options,
...localOptions,
throwOnError: true,
});
return data;
},
};
return mutationOptions;
};

23
apps/client/app/api-client/sdk.gen.ts
View File

@@ -76,6 +76,9 @@ import type {
RunBackupNowResponses,
GetSystemInfoData,
GetSystemInfoResponses,
DownloadResticPasswordData,
DownloadResticPasswordResponses,
DownloadResticPasswordErrors,
} from "./types.gen";
import { client as _heyApiClient } from "./client.gen";
@@ -541,3 +544,23 @@ export const getSystemInfo = <ThrowOnError extends boolean = false>(
...options,
});
};
/**
* Download the Restic password file for backup recovery. Requires password re-authentication.
*/
export const downloadResticPassword = <ThrowOnError extends boolean = false>(
options?: Options<DownloadResticPasswordData, ThrowOnError>,
) => {
return (options?.client ?? _heyApiClient).post<
DownloadResticPasswordResponses,
DownloadResticPasswordErrors,
ThrowOnError
>({
url: "/api/v1/system/restic-password",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
});
};

67
apps/client/app/api-client/types.gen.ts
View File

@@ -18,6 +18,7 @@ export type RegisterResponses = {
message: string;
success: boolean;
user?: {
hasDownloadedResticPassword: boolean;
id: number;
username: string;
};
@@ -44,6 +45,7 @@ export type LoginResponses = {
message: string;
success: boolean;
user?: {
hasDownloadedResticPassword: boolean;
id: number;
username: string;
};
@@ -85,6 +87,7 @@ export type GetMeResponses = {
message: string;
success: boolean;
user?: {
hasDownloadedResticPassword: boolean;
id: number;
username: string;
};
@@ -149,6 +152,8 @@ export type ListVolumesResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -175,6 +180,7 @@ export type ListVolumesResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -196,6 +202,8 @@ export type CreateVolumeData = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -222,6 +230,7 @@ export type CreateVolumeData = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -241,6 +250,8 @@ export type CreateVolumeResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -267,6 +278,7 @@ export type CreateVolumeResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -288,6 +300,8 @@ export type TestConnectionData = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -314,6 +328,7 @@ export type TestConnectionData = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -386,6 +401,8 @@ export type GetVolumeResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -412,6 +429,7 @@ export type GetVolumeResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -435,6 +453,8 @@ export type UpdateVolumeData = {
config?:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -461,6 +481,7 @@ export type UpdateVolumeData = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -488,6 +509,8 @@ export type UpdateVolumeResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -514,6 +537,7 @@ export type UpdateVolumeResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -962,12 +986,11 @@ export type DoctorRepositoryResponses = {
* Doctor operation completed
*/
200: {
message: string;
steps: Array<{
error: string | null;
output: string | null;
step: string;
success: boolean;
error?: string;
output?: string;
}>;
success: boolean;
};
@@ -1036,6 +1059,8 @@ export type ListBackupSchedulesResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -1062,6 +1087,7 @@ export type ListBackupSchedulesResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -1219,6 +1245,8 @@ export type GetBackupScheduleResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -1245,6 +1273,7 @@ export type GetBackupScheduleResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -1383,6 +1412,8 @@ export type GetBackupScheduleForVolumeResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -1409,6 +1440,7 @@ export type GetBackupScheduleForVolumeResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -1468,6 +1500,35 @@ export type GetSystemInfoResponses = {
export type GetSystemInfoResponse = GetSystemInfoResponses[keyof GetSystemInfoResponses];
export type DownloadResticPasswordData = {
body?: {
password: string;
};
path?: never;
query?: never;
url: "/api/v1/system/restic-password";
};
export type DownloadResticPasswordErrors = {
/**
* Authentication required or incorrect password
*/
401: {
message?: string;
};
};
export type DownloadResticPasswordError = DownloadResticPasswordErrors[keyof DownloadResticPasswordErrors];
export type DownloadResticPasswordResponses = {
/**
* Restic password file content
*/
200: string;
};
export type DownloadResticPasswordResponse = DownloadResticPasswordResponses[keyof DownloadResticPasswordResponses];
export type ClientOptions = {
baseUrl: "http://192.168.2.42:4096" | (string & {});
};

2
apps/client/app/app.css
View File

@@ -70,6 +70,8 @@ body {
}
:root {
color-scheme: dark;
--radius: 0.625rem;
--background: oklch(1 0 0);
--foreground: oklch(0.145 0 0);

7
apps/client/app/components/layout.tsx
View File

@@ -1,6 +1,6 @@
import { useMutation } from "@tanstack/react-query";
import { LifeBuoy } from "lucide-react";
import { Outlet, useNavigate } from "react-router";
import { Outlet, redirect, useNavigate } from "react-router";
import { toast } from "sonner";
import { logoutMutation } from "~/api-client/@tanstack/react-query.gen";
import { appContext } from "~/context";
@@ -16,6 +16,11 @@ export const clientMiddleware = [authMiddleware];
export async function clientLoader({ context }: Route.LoaderArgs) {
const ctx = context.get(appContext);
if (ctx.user && !ctx.user.hasDownloadedResticPassword) {
throw redirect("/download-recovery-key");
}
return ctx;
}

1
apps/client/app/components/ui/alert.tsx
View File

@@ -10,6 +10,7 @@ const alertVariants = cva(
variant: {
default: "bg-background text-foreground",
destructive: "border-destructive/50 text-destructive dark:border-destructive [&>svg]:text-destructive",
warning: "border-orange-500/20 bg-orange-500/10 text-orange-500 [&>svg]:text-orange-500",
},
},
defaultVariants: {

106
apps/client/app/modules/auth/routes/download-recovery-key.tsx Normal file
View File

@@ -0,0 +1,106 @@
import { useMutation } from "@tanstack/react-query";
import { AlertTriangle, Download } from "lucide-react";
import { useState } from "react";
import { useNavigate } from "react-router";
import { toast } from "sonner";
import { downloadResticPasswordMutation } from "~/api-client/@tanstack/react-query.gen";
import { AuthLayout } from "~/components/auth-layout";
import { Alert, AlertDescription, AlertTitle } from "~/components/ui/alert";
import { Button } from "~/components/ui/button";
import { Input } from "~/components/ui/input";
import { Label } from "~/components/ui/label";
import { authMiddleware } from "~/middleware/auth";
import type { Route } from "./+types/download-recovery-key";
export const clientMiddleware = [authMiddleware];
export function meta(_: Route.MetaArgs) {
return [
{ title: "Download Recovery Key" },
{
name: "description",
content: "Download your backup recovery key to ensure you can restore your data.",
},
];
}
export default function DownloadRecoveryKeyPage() {
const navigate = useNavigate();
const [password, setPassword] = useState("");
const downloadResticPassword = useMutation({
...downloadResticPasswordMutation(),
onSuccess: (data) => {
const blob = new Blob([data], { type: "text/plain" });
const url = window.URL.createObjectURL(blob);
const a = document.createElement("a");
a.href = url;
a.download = "restic.pass";
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
window.URL.revokeObjectURL(url);
toast.success("Recovery key downloaded successfully!");
navigate("/volumes", { replace: true });
},
onError: (error) => {
toast.error("Failed to download recovery key", { description: error.message });
},
});
const handleSubmit = (e: React.FormEvent) => {
e.preventDefault();
if (!password) {
toast.error("Password is required");
return;
}
downloadResticPassword.mutate({
body: {
password,
},
});
};
return (
<AuthLayout
title="Download Your Recovery Key"
description="This is a critical step to ensure you can recover your backups"
>
<Alert variant="warning" className="mb-6">
<AlertTriangle className="size-5" />
<AlertTitle>Important: Save This File Securely</AlertTitle>
<AlertDescription>
Your Restic password is essential for recovering your backup data. If you lose access to this server without
this file, your backups will be unrecoverable. Store it in a password manager or encrypted storage.
</AlertDescription>
</Alert>
<form onSubmit={handleSubmit} className="space-y-4">
<div className="space-y-2">
<Label htmlFor="password">Confirm Your Password</Label>
<Input
id="password"
type="password"
value={password}
onChange={(e) => setPassword(e.target.value)}
placeholder="Enter your password"
required
autoFocus
disabled={downloadResticPassword.isPending}
/>
<p className="text-xs text-muted-foreground">Enter your account password to download the recovery key</p>
</div>
<div className="flex flex-col gap-2">
<Button type="submit" loading={downloadResticPassword.isPending} className="w-full">
<Download size={16} className="mr-2" />
Download Recovery Key
</Button>
</div>
</form>
</AuthLayout>
);
}

8
apps/client/app/modules/auth/routes/login.tsx
View File

@@ -44,8 +44,12 @@ export default function LoginPage() {
const login = useMutation({
...loginMutation(),
onSuccess: async () => {
navigate("/volumes");
onSuccess: async (data) => {
if (data.user && !data.user.hasDownloadedResticPassword) {
navigate("/download-recovery-key");
} else {
navigate("/volumes");
}
},
onError: (error) => {
console.error(error);

2
apps/client/app/modules/auth/routes/onboarding.tsx
View File

@@ -48,7 +48,7 @@ export default function OnboardingPage() {
...registerMutation(),
onSuccess: async () => {
toast.success("Admin user created successfully!");
navigate("/volumes");
navigate("/download-recovery-key");
},
onError: (error) => {
console.error(error);

4
apps/client/app/modules/repositories/tabs/info.tsx
View File

@@ -135,9 +135,7 @@ export const RepositoryInfoTabContent = ({ repository }: Props) => {
<AlertDialogContent className="max-w-2xl">
<AlertDialogHeader>
<AlertDialogTitle>Doctor Results</AlertDialogTitle>
<AlertDialogDescription>
{doctorMutation.data?.message || "Repository doctor operation completed"}
</AlertDialogDescription>
<AlertDialogDescription>Repository doctor operation completed</AlertDialogDescription>
</AlertDialogHeader>
{doctorMutation.data && (

121
apps/client/app/modules/settings/routes/settings.tsx
View File

@@ -1,11 +1,24 @@
import { useMutation } from "@tanstack/react-query";
import { KeyRound, User } from "lucide-react";
import { Download, KeyRound, User } from "lucide-react";
import { useState } from "react";
import { useNavigate } from "react-router";
import { toast } from "sonner";
import { changePasswordMutation, logoutMutation } from "~/api-client/@tanstack/react-query.gen";
import {
changePasswordMutation,
downloadResticPasswordMutation,
logoutMutation,
} from "~/api-client/@tanstack/react-query.gen";
import { Button } from "~/components/ui/button";
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/components/ui/card";
import { Card, CardContent, CardDescription, CardTitle } from "~/components/ui/card";
import {
Dialog,
DialogContent,
DialogDescription,
DialogFooter,
DialogHeader,
DialogTitle,
DialogTrigger,
} from "~/components/ui/dialog";
import { Input } from "~/components/ui/input";
import { Label } from "~/components/ui/label";
import { appContext } from "~/context";
@@ -30,6 +43,8 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
const [currentPassword, setCurrentPassword] = useState("");
const [newPassword, setNewPassword] = useState("");
const [confirmPassword, setConfirmPassword] = useState("");
const [downloadDialogOpen, setDownloadDialogOpen] = useState(false);
const [downloadPassword, setDownloadPassword] = useState("");
const navigate = useNavigate();
const logout = useMutation({
@@ -56,6 +71,28 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
},
});
const downloadResticPassword = useMutation({
...downloadResticPasswordMutation(),
onSuccess: (data) => {
const blob = new Blob([data], { type: "text/plain" });
const url = window.URL.createObjectURL(blob);
const a = document.createElement("a");
a.href = url;
a.download = "restic.pass";
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
window.URL.revokeObjectURL(url);
toast.success("Restic password file downloaded successfully");
setDownloadDialogOpen(false);
setDownloadPassword("");
},
onError: (error) => {
toast.error("Failed to download Restic password", { description: error.message });
},
});
const handleChangePassword = (e: React.FormEvent) => {
e.preventDefault();
@@ -77,6 +114,21 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
});
};
const handleDownloadResticPassword = (e: React.FormEvent) => {
e.preventDefault();
if (!downloadPassword) {
toast.error("Password is required");
return;
}
downloadResticPassword.mutate({
body: {
password: downloadPassword,
},
});
};
return (
<Card className="p-0 gap-0">
<div className="border-b border-border/50 bg-card-header p-6">
@@ -143,6 +195,69 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
</Button>
</form>
</CardContent>
<div className="border-t border-border/50 bg-card-header p-6">
<CardTitle className="flex items-center gap-2">
<Download className="size-5" />
Backup Recovery Key
</CardTitle>
<CardDescription className="mt-1.5">Download your Restic password file for disaster recovery</CardDescription>
</div>
<CardContent className="p-6 space-y-4">
<p className="text-sm text-muted-foreground max-w-2xl">
This file contains the encryption password used by Restic to secure your backups. Store it in a safe place
(like a password manager or encrypted storage). If you lose access to this server, you'll need this file to
recover your backup data.
</p>
<Dialog open={downloadDialogOpen} onOpenChange={setDownloadDialogOpen}>
<DialogTrigger asChild>
<Button variant="outline">
<Download size={16} className="mr-2" />
Download Restic Password
</Button>
</DialogTrigger>
<DialogContent>
<form onSubmit={handleDownloadResticPassword}>
<DialogHeader>
<DialogTitle>Download Restic Password</DialogTitle>
<DialogDescription>
For security reasons, please enter your account password to download the Restic password file.
</DialogDescription>
</DialogHeader>
<div className="space-y-4 py-4">
<div className="space-y-2">
<Label htmlFor="download-password">Your Password</Label>
<Input
id="download-password"
type="password"
value={downloadPassword}
onChange={(e) => setDownloadPassword(e.target.value)}
placeholder="Enter your password"
required
autoFocus
/>
</div>
</div>
<DialogFooter>
<Button
type="button"
variant="outline"
onClick={() => {
setDownloadDialogOpen(false);
setDownloadPassword("");
}}
>
Cancel
</Button>
<Button type="submit" loading={downloadResticPassword.isPending}>
Download
</Button>
</DialogFooter>
</form>
</DialogContent>
</Dialog>
</CardContent>
</Card>
);
}

1
apps/client/app/routes.ts
View File

@@ -3,6 +3,7 @@ import { layout, type RouteConfig, route } from "@react-router/dev/routes";
export default [
route("onboarding", "./modules/auth/routes/onboarding.tsx"),
route("login", "./modules/auth/routes/login.tsx"),
route("download-recovery-key", "./modules/auth/routes/download-recovery-key.tsx"),
layout("./components/layout.tsx", [
route("/", "./routes/root.tsx"),
route("volumes", "./modules/volumes/routes/volumes.tsx"),

1
apps/server/drizzle/0010_perfect_proemial_gods.sql Normal file
View File

@@ -0,0 +1 @@
ALTER TABLE `users_table` ADD `has_downloaded_restic_password` integer DEFAULT false NOT NULL;

459
apps/server/drizzle/meta/0010_snapshot.json Normal file
View File

@@ -0,0 +1,459 @@
{
"version": "6",
"dialect": "sqlite",
"id": "17f234ba-4123-4951-a39f-6002d537435f",
"prevId": "6a326ac0-cb3a-4c63-8800-bc86d18e0c1d",
"tables": {
"backup_schedules_table": {
"name": "backup_schedules_table",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"volume_id": {
"name": "volume_id",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"repository_id": {
"name": "repository_id",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"enabled": {
"name": "enabled",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": true
},
"cron_expression": {
"name": "cron_expression",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"retention_policy": {
"name": "retention_policy",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"exclude_patterns": {
"name": "exclude_patterns",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false,
"default": "'[]'"
},
"include_patterns": {
"name": "include_patterns",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false,
"default": "'[]'"
},
"last_backup_at": {
"name": "last_backup_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"last_backup_status": {
"name": "last_backup_status",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"last_backup_error": {
"name": "last_backup_error",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"next_backup_at": {
"name": "next_backup_at",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
},
"updated_at": {
"name": "updated_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
}
},
"indexes": {},
"foreignKeys": {
"backup_schedules_table_volume_id_volumes_table_id_fk": {
"name": "backup_schedules_table_volume_id_volumes_table_id_fk",
"tableFrom": "backup_schedules_table",
"tableTo": "volumes_table",
"columnsFrom": [
"volume_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
},
"backup_schedules_table_repository_id_repositories_table_id_fk": {
"name": "backup_schedules_table_repository_id_repositories_table_id_fk",
"tableFrom": "backup_schedules_table",
"tableTo": "repositories_table",
"columnsFrom": [
"repository_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"repositories_table": {
"name": "repositories_table",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"type": {
"name": "type",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"config": {
"name": "config",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"compression_mode": {
"name": "compression_mode",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false,
"default": "'auto'"
},
"status": {
"name": "status",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false,
"default": "'unknown'"
},
"last_checked": {
"name": "last_checked",
"type": "integer",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"last_error": {
"name": "last_error",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
},
"updated_at": {
"name": "updated_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
}
},
"indexes": {
"repositories_table_name_unique": {
"name": "repositories_table_name_unique",
"columns": [
"name"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"sessions_table": {
"name": "sessions_table",
"columns": {
"id": {
"name": "id",
"type": "text",
"primaryKey": true,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"expires_at": {
"name": "expires_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
}
},
"indexes": {},
"foreignKeys": {
"sessions_table_user_id_users_table_id_fk": {
"name": "sessions_table_user_id_users_table_id_fk",
"tableFrom": "sessions_table",
"tableTo": "users_table",
"columnsFrom": [
"user_id"
],
"columnsTo": [
"id"
],
"onDelete": "cascade",
"onUpdate": "no action"
}
},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"users_table": {
"name": "users_table",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"username": {
"name": "username",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"password_hash": {
"name": "password_hash",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"has_downloaded_restic_password": {
"name": "has_downloaded_restic_password",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": false
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
},
"updated_at": {
"name": "updated_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
}
},
"indexes": {
"users_table_username_unique": {
"name": "users_table_username_unique",
"columns": [
"username"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
},
"volumes_table": {
"name": "volumes_table",
"columns": {
"id": {
"name": "id",
"type": "integer",
"primaryKey": true,
"notNull": true,
"autoincrement": true
},
"name": {
"name": "name",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"type": {
"name": "type",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"status": {
"name": "status",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "'unmounted'"
},
"last_error": {
"name": "last_error",
"type": "text",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"last_health_check": {
"name": "last_health_check",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
},
"created_at": {
"name": "created_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
},
"updated_at": {
"name": "updated_at",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(unixepoch())"
},
"config": {
"name": "config",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"auto_remount": {
"name": "auto_remount",
"type": "integer",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": true
}
},
"indexes": {
"volumes_table_name_unique": {
"name": "volumes_table_name_unique",
"columns": [
"name"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraints": {}
}
},
"views": {},
"enums": {},
"_meta": {
"schemas": {},
"tables": {},
"columns": {}
},
"internal": {
"indexes": {}
}
}

7
apps/server/drizzle/meta/_journal.json
View File

@@ -71,6 +71,13 @@
"when": 1762095226041,
"tag": "0009_little_adam_warlock",
"breakpoints": true
},
{
"idx": 10,
"version": "6",
"when": 1762610065889,
"tag": "0010_perfect_proemial_gods",
"breakpoints": true
}
]
}

1
apps/server/src/db/schema.ts
View File

@@ -32,6 +32,7 @@ export const usersTable = sqliteTable("users_table", {
id: int().primaryKey({ autoIncrement: true }),
username: text().notNull().unique(),
passwordHash: text("password_hash").notNull(),
hasDownloadedResticPassword: int("has_downloaded_restic_password", { mode: "boolean" }).notNull().default(false),
createdAt: int("created_at", { mode: "number" }).notNull().default(sql`(unixepoch())`),
updatedAt: int("updated_at", { mode: "number" }).notNull().default(sql`(unixepoch())`),
});

16
apps/server/src/modules/auth/auth.controller.ts
View File

@@ -43,7 +43,15 @@ export const authController = new Hono()
});
return c.json<RegisterDto>(
{ success: true, message: "User registered successfully", user: { id: user.id, username: user.username } },
{
success: true,
message: "User registered successfully",
user: {
id: user.id,
username: user.username,
hasDownloadedResticPassword: user.hasDownloadedResticPassword,
},
},
201,
);
} catch (error) {
@@ -64,7 +72,11 @@ export const authController = new Hono()
return c.json<LoginDto>({
success: true,
message: "Login successful",
user: { id: user.id, username: user.username },
user: {
id: user.id,
username: user.username,
hasDownloadedResticPassword: user.hasDownloadedResticPassword,
},
});
} catch (error) {
return c.json<LoginDto>({ success: false, message: toMessage(error) }, 401);

1
apps/server/src/modules/auth/auth.dto.ts
View File

@@ -18,6 +18,7 @@ const loginResponseSchema = type({
user: type({
id: "number",
username: "string",
hasDownloadedResticPassword: "boolean",
}).optional(),
});

1
apps/server/src/modules/auth/auth.middleware.ts
View File

@@ -15,6 +15,7 @@ declare module "hono" {
user: {
id: number;
username: string;
hasDownloadedResticPassword: boolean;
};
}
}

17
apps/server/src/modules/auth/auth.service.ts
View File

@@ -38,7 +38,15 @@ export class AuthService {
expiresAt,
});
return { user: { id: user.id, username: user.username, createdAt: user.createdAt }, sessionId };
return {
user: {
id: user.id,
username: user.username,
createdAt: user.createdAt,
hasDownloadedResticPassword: user.hasDownloadedResticPassword,
},
sessionId,
};
}
/**
@@ -70,7 +78,11 @@ export class AuthService {
return {
sessionId,
user: { id: user.id, username: user.username },
user: {
id: user.id,
username: user.username,
hasDownloadedResticPassword: user.hasDownloadedResticPassword,
},
expiresAt,
};
}
@@ -109,6 +121,7 @@ export class AuthService {
user: {
id: session.user.id,
username: session.user.username,
hasDownloadedResticPassword: session.user.hasDownloadedResticPassword,
},
session: {
id: session.session.id,

58
apps/server/src/modules/system/system.controller.ts
View File

@@ -1,9 +1,57 @@
import { Hono } from "hono";
import { systemInfoDto, type SystemInfoDto } from "./system.dto";
import { validator } from "hono-openapi";
import {
downloadResticPasswordBodySchema,
downloadResticPasswordDto,
systemInfoDto,
type SystemInfoDto,
} from "./system.dto";
import { systemService } from "./system.service";
import { requireAuth } from "../auth/auth.middleware";
import { RESTIC_PASS_FILE } from "../../core/constants";
import { db } from "../../db/db";
import { usersTable } from "../../db/schema";
import { eq } from "drizzle-orm";
export const systemController = new Hono().get("/info", systemInfoDto, async (c) => {
const info = await systemService.getSystemInfo();
export const systemController = new Hono()
.get("/info", systemInfoDto, async (c) => {
const info = await systemService.getSystemInfo();
return c.json<SystemInfoDto>(info, 200);
});
return c.json<SystemInfoDto>(info, 200);
})
.post(
"/restic-password",
downloadResticPasswordDto,
requireAuth,
validator("json", downloadResticPasswordBodySchema),
async (c) => {
const user = c.get("user");
const body = c.req.valid("json");
const [dbUser] = await db.select().from(usersTable).where(eq(usersTable.id, user.id));
if (!dbUser) {
return c.json({ message: "User not found" }, 401);
}
const isValid = await Bun.password.verify(body.password, dbUser.passwordHash);
if (!isValid) {
return c.json({ message: "Incorrect password" }, 401);
}
try {
const file = Bun.file(RESTIC_PASS_FILE);
const content = await file.text();
await db.update(usersTable).set({ hasDownloadedResticPassword: true }).where(eq(usersTable.id, user.id));
c.header("Content-Type", "text/plain");
c.header("Content-Disposition", 'attachment; filename="restic.pass"');
return c.text(content);
} catch (_error) {
return c.json({ message: "Failed to read Restic password file" }, 500);
}
},
);

20
apps/server/src/modules/system/system.dto.ts
View File

@@ -26,3 +26,23 @@ export const systemInfoDto = describeRoute({
},
},
});
export const downloadResticPasswordBodySchema = type({
password: "string",
});
export const downloadResticPasswordDto = describeRoute({
description: "Download the Restic password file for backup recovery. Requires password re-authentication.",
tags: ["System"],
operationId: "downloadResticPassword",
responses: {
200: {
description: "Restic password file content",
content: {
"text/plain": {
schema: { type: "string" },
},
},
},
},
});

9
apps/server/src/modules/volumes/volume.service.ts
View File

@@ -130,11 +130,10 @@ const getVolume = async (name: string) => {
let statfs: Partial<StatFs> = {};
if (volume.status === "mounted") {
statfs = await withTimeout(getStatFs(getVolumePath(volume)), OPERATION_TIMEOUT, "getStatFs")
.catch((error) => {
logger.warn(`Failed to get statfs for volume ${name}: ${toMessage(error)}`);
return {};
});
statfs = await withTimeout(getStatFs(getVolumePath(volume)), 1000, "getStatFs").catch((error) => {
logger.warn(`Failed to get statfs for volume ${name}: ${toMessage(error)}`);
return {};
});
}
return { volume, statfs };