ondra/ironmount
1
1
Fork 0
mirror of https://github.com/nicotsx/ironmount.git synced 2025-12-10 12:10:51 +01:00
Code Issues Packages Projects Releases 1 Wiki Activity

feat: download recovery file restic password

Browse Source
This commit is contained in:
Nicolas Meienberger
2025-11-08 17:52:43 +01:00
parent b289920720
commit b5ba03da3d
23 changed files with 957 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
apps/client/app/api-client/@tanstack/react-query.gen.ts
View File

@@ -37,6 +37,7 @@ import {
getBackupScheduleForVolume,
runBackupNow,
getSystemInfo,
downloadResticPassword,
} from "../sdk.gen";
import { queryOptions, type UseMutationOptions, type DefaultError } from "@tanstack/react-query";
import type {
@@ -94,6 +95,9 @@ import type {
RunBackupNowData,
RunBackupNowResponse,
GetSystemInfoData,
DownloadResticPasswordData,
DownloadResticPasswordError,
DownloadResticPasswordResponse,
} from "../types.gen";
import { client as _heyApiClient } from "../client.gen";
@@ -1123,3 +1127,51 @@ export const getSystemInfoOptions = (options?: Options<GetSystemInfoData>) => {
queryKey: getSystemInfoQueryKey(options),
});
};
export const downloadResticPasswordQueryKey = (options?: Options<DownloadResticPasswordData>) =>
createQueryKey("downloadResticPassword", options);
/**
* Download the Restic password file for backup recovery. Requires password re-authentication.
*/
export const downloadResticPasswordOptions = (options?: Options<DownloadResticPasswordData>) => {
return queryOptions({
queryFn: async ({ queryKey, signal }) => {
const { data } = await downloadResticPassword({
...options,
...queryKey[0],
signal,
throwOnError: true,
});
return data;
},
queryKey: downloadResticPasswordQueryKey(options),
});
};
/**
* Download the Restic password file for backup recovery. Requires password re-authentication.
*/
export const downloadResticPasswordMutation = (
options?: Partial<Options<DownloadResticPasswordData>>,
): UseMutationOptions<
DownloadResticPasswordResponse,
DownloadResticPasswordError,
Options<DownloadResticPasswordData>
> => {
const mutationOptions: UseMutationOptions<
DownloadResticPasswordResponse,
DownloadResticPasswordError,
Options<DownloadResticPasswordData>
> = {
mutationFn: async (localOptions) => {
const { data } = await downloadResticPassword({
...options,
...localOptions,
throwOnError: true,
});
return data;
},
};
return mutationOptions;
};

23
apps/client/app/api-client/sdk.gen.ts
View File

@@ -76,6 +76,9 @@ import type {
RunBackupNowResponses,
GetSystemInfoData,
GetSystemInfoResponses,
DownloadResticPasswordData,
DownloadResticPasswordResponses,
DownloadResticPasswordErrors,
} from "./types.gen";
import { client as _heyApiClient } from "./client.gen";
@@ -541,3 +544,23 @@ export const getSystemInfo = <ThrowOnError extends boolean = false>(
...options,
});
};
/**
* Download the Restic password file for backup recovery. Requires password re-authentication.
*/
export const downloadResticPassword = <ThrowOnError extends boolean = false>(
options?: Options<DownloadResticPasswordData, ThrowOnError>,
) => {
return (options?.client ?? _heyApiClient).post<
DownloadResticPasswordResponses,
DownloadResticPasswordErrors,
ThrowOnError
>({
url: "/api/v1/system/restic-password",
...options,
headers: {
"Content-Type": "application/json",
...options?.headers,
},
});
};

67
apps/client/app/api-client/types.gen.ts
View File

@@ -18,6 +18,7 @@ export type RegisterResponses = {
message: string;
success: boolean;
user?: {
hasDownloadedResticPassword: boolean;
id: number;
username: string;
};
@@ -44,6 +45,7 @@ export type LoginResponses = {
message: string;
success: boolean;
user?: {
hasDownloadedResticPassword: boolean;
id: number;
username: string;
};
@@ -85,6 +87,7 @@ export type GetMeResponses = {
message: string;
success: boolean;
user?: {
hasDownloadedResticPassword: boolean;
id: number;
username: string;
};
@@ -149,6 +152,8 @@ export type ListVolumesResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -175,6 +180,7 @@ export type ListVolumesResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -196,6 +202,8 @@ export type CreateVolumeData = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -222,6 +230,7 @@ export type CreateVolumeData = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -241,6 +250,8 @@ export type CreateVolumeResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -267,6 +278,7 @@ export type CreateVolumeResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -288,6 +300,8 @@ export type TestConnectionData = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -314,6 +328,7 @@ export type TestConnectionData = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -386,6 +401,8 @@ export type GetVolumeResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -412,6 +429,7 @@ export type GetVolumeResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -435,6 +453,8 @@ export type UpdateVolumeData = {
config?:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -461,6 +481,7 @@ export type UpdateVolumeData = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -488,6 +509,8 @@ export type UpdateVolumeResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -514,6 +537,7 @@ export type UpdateVolumeResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -962,12 +986,11 @@ export type DoctorRepositoryResponses = {
* Doctor operation completed
*/
200: {
message: string;
steps: Array<{
error: string | null;
output: string | null;
step: string;
success: boolean;
error?: string;
output?: string;
}>;
success: boolean;
};
@@ -1036,6 +1059,8 @@ export type ListBackupSchedulesResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -1062,6 +1087,7 @@ export type ListBackupSchedulesResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -1219,6 +1245,8 @@ export type GetBackupScheduleResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -1245,6 +1273,7 @@ export type GetBackupScheduleResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -1383,6 +1412,8 @@ export type GetBackupScheduleForVolumeResponses = {
config:
| {
backend: "directory";
path: string;
readOnly?: false;
}
| {
backend: "nfs";
@@ -1409,6 +1440,7 @@ export type GetBackupScheduleForVolumeResponses = {
server: string;
port?: number;
password?: string;
readOnly?: boolean;
ssl?: boolean;
username?: string;
};
@@ -1468,6 +1500,35 @@ export type GetSystemInfoResponses = {
export type GetSystemInfoResponse = GetSystemInfoResponses[keyof GetSystemInfoResponses];
export type DownloadResticPasswordData = {
body?: {
password: string;
};
path?: never;
query?: never;
url: "/api/v1/system/restic-password";
};
export type DownloadResticPasswordErrors = {
/**
* Authentication required or incorrect password
*/
401: {
message?: string;
};
};
export type DownloadResticPasswordError = DownloadResticPasswordErrors[keyof DownloadResticPasswordErrors];
export type DownloadResticPasswordResponses = {
/**
* Restic password file content
*/
200: string;
};
export type DownloadResticPasswordResponse = DownloadResticPasswordResponses[keyof DownloadResticPasswordResponses];
export type ClientOptions = {
baseUrl: "http://192.168.2.42:4096" | (string & {});
};

2
apps/client/app/app.css
View File

@@ -70,6 +70,8 @@ body {
}
:root {
color-scheme: dark;
--radius: 0.625rem;
--background: oklch(1 0 0);
--foreground: oklch(0.145 0 0);

7
apps/client/app/components/layout.tsx
View File

@@ -1,6 +1,6 @@
import { useMutation } from "@tanstack/react-query";
import { LifeBuoy } from "lucide-react";
import { Outlet, useNavigate } from "react-router";
import { Outlet, redirect, useNavigate } from "react-router";
import { toast } from "sonner";
import { logoutMutation } from "~/api-client/@tanstack/react-query.gen";
import { appContext } from "~/context";
@@ -16,6 +16,11 @@ export const clientMiddleware = [authMiddleware];
export async function clientLoader({ context }: Route.LoaderArgs) {
const ctx = context.get(appContext);
if (ctx.user && !ctx.user.hasDownloadedResticPassword) {
throw redirect("/download-recovery-key");
}
return ctx;
}

1
apps/client/app/components/ui/alert.tsx
View File

@@ -10,6 +10,7 @@ const alertVariants = cva(
variant: {
default: "bg-background text-foreground",
destructive: "border-destructive/50 text-destructive dark:border-destructive [&>svg]:text-destructive",
warning: "border-orange-500/20 bg-orange-500/10 text-orange-500 [&>svg]:text-orange-500",
},
},
defaultVariants: {

106
apps/client/app/modules/auth/routes/download-recovery-key.tsx Normal file
View File

@@ -0,0 +1,106 @@
import { useMutation } from "@tanstack/react-query";
import { AlertTriangle, Download } from "lucide-react";
import { useState } from "react";
import { useNavigate } from "react-router";
import { toast } from "sonner";
import { downloadResticPasswordMutation } from "~/api-client/@tanstack/react-query.gen";
import { AuthLayout } from "~/components/auth-layout";
import { Alert, AlertDescription, AlertTitle } from "~/components/ui/alert";
import { Button } from "~/components/ui/button";
import { Input } from "~/components/ui/input";
import { Label } from "~/components/ui/label";
import { authMiddleware } from "~/middleware/auth";
import type { Route } from "./+types/download-recovery-key";
export const clientMiddleware = [authMiddleware];
export function meta(_: Route.MetaArgs) {
return [
{ title: "Download Recovery Key" },
{
name: "description",
content: "Download your backup recovery key to ensure you can restore your data.",
},
];
}
export default function DownloadRecoveryKeyPage() {
const navigate = useNavigate();
const [password, setPassword] = useState("");
const downloadResticPassword = useMutation({
...downloadResticPasswordMutation(),
onSuccess: (data) => {
const blob = new Blob([data], { type: "text/plain" });
const url = window.URL.createObjectURL(blob);
const a = document.createElement("a");
a.href = url;
a.download = "restic.pass";
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
window.URL.revokeObjectURL(url);
toast.success("Recovery key downloaded successfully!");
navigate("/volumes", { replace: true });
},
onError: (error) => {
toast.error("Failed to download recovery key", { description: error.message });
},
});
const handleSubmit = (e: React.FormEvent) => {
e.preventDefault();
if (!password) {
toast.error("Password is required");
return;
}
downloadResticPassword.mutate({
body: {
password,
},
});
};
return (
<AuthLayout
title="Download Your Recovery Key"
description="This is a critical step to ensure you can recover your backups"
>
<Alert variant="warning" className="mb-6">
<AlertTriangle className="size-5" />
<AlertTitle>Important: Save This File Securely</AlertTitle>
<AlertDescription>
Your Restic password is essential for recovering your backup data. If you lose access to this server without
this file, your backups will be unrecoverable. Store it in a password manager or encrypted storage.
</AlertDescription>
</Alert>
<form onSubmit={handleSubmit} className="space-y-4">
<div className="space-y-2">
<Label htmlFor="password">Confirm Your Password</Label>
<Input
id="password"
type="password"
value={password}
onChange={(e) => setPassword(e.target.value)}
placeholder="Enter your password"
required
autoFocus
disabled={downloadResticPassword.isPending}
/>
<p className="text-xs text-muted-foreground">Enter your account password to download the recovery key</p>
</div>
<div className="flex flex-col gap-2">
<Button type="submit" loading={downloadResticPassword.isPending} className="w-full">
<Download size={16} className="mr-2" />
Download Recovery Key
</Button>
</div>
</form>
</AuthLayout>
);
}

8
apps/client/app/modules/auth/routes/login.tsx
View File

@@ -44,8 +44,12 @@ export default function LoginPage() {
const login = useMutation({
...loginMutation(),
onSuccess: async () => {
navigate("/volumes");
onSuccess: async (data) => {
if (data.user && !data.user.hasDownloadedResticPassword) {
navigate("/download-recovery-key");
} else {
navigate("/volumes");
}
},
onError: (error) => {
console.error(error);

2
apps/client/app/modules/auth/routes/onboarding.tsx
View File

@@ -48,7 +48,7 @@ export default function OnboardingPage() {
...registerMutation(),
onSuccess: async () => {
toast.success("Admin user created successfully!");
navigate("/volumes");
navigate("/download-recovery-key");
},
onError: (error) => {
console.error(error);

4
apps/client/app/modules/repositories/tabs/info.tsx
View File

@@ -135,9 +135,7 @@ export const RepositoryInfoTabContent = ({ repository }: Props) => {
<AlertDialogContent className="max-w-2xl">
<AlertDialogHeader>
<AlertDialogTitle>Doctor Results</AlertDialogTitle>
<AlertDialogDescription>
{doctorMutation.data?.message || "Repository doctor operation completed"}
</AlertDialogDescription>
<AlertDialogDescription>Repository doctor operation completed</AlertDialogDescription>
</AlertDialogHeader>
{doctorMutation.data && (

121
apps/client/app/modules/settings/routes/settings.tsx
View File

@@ -1,11 +1,24 @@
import { useMutation } from "@tanstack/react-query";
import { KeyRound, User } from "lucide-react";
import { Download, KeyRound, User } from "lucide-react";
import { useState } from "react";
import { useNavigate } from "react-router";
import { toast } from "sonner";
import { changePasswordMutation, logoutMutation } from "~/api-client/@tanstack/react-query.gen";
import {
changePasswordMutation,
downloadResticPasswordMutation,
logoutMutation,
} from "~/api-client/@tanstack/react-query.gen";
import { Button } from "~/components/ui/button";
import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/components/ui/card";
import { Card, CardContent, CardDescription, CardTitle } from "~/components/ui/card";
import {
Dialog,
DialogContent,
DialogDescription,
DialogFooter,
DialogHeader,
DialogTitle,
DialogTrigger,
} from "~/components/ui/dialog";
import { Input } from "~/components/ui/input";
import { Label } from "~/components/ui/label";
import { appContext } from "~/context";
@@ -30,6 +43,8 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
const [currentPassword, setCurrentPassword] = useState("");
const [newPassword, setNewPassword] = useState("");
const [confirmPassword, setConfirmPassword] = useState("");
const [downloadDialogOpen, setDownloadDialogOpen] = useState(false);
const [downloadPassword, setDownloadPassword] = useState("");
const navigate = useNavigate();
const logout = useMutation({
@@ -56,6 +71,28 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
},
});
const downloadResticPassword = useMutation({
...downloadResticPasswordMutation(),
onSuccess: (data) => {
const blob = new Blob([data], { type: "text/plain" });
const url = window.URL.createObjectURL(blob);
const a = document.createElement("a");
a.href = url;
a.download = "restic.pass";
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
window.URL.revokeObjectURL(url);
toast.success("Restic password file downloaded successfully");
setDownloadDialogOpen(false);
setDownloadPassword("");
},
onError: (error) => {
toast.error("Failed to download Restic password", { description: error.message });
},
});
const handleChangePassword = (e: React.FormEvent) => {
e.preventDefault();
@@ -77,6 +114,21 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
});
};
const handleDownloadResticPassword = (e: React.FormEvent) => {
e.preventDefault();
if (!downloadPassword) {
toast.error("Password is required");
return;
}
downloadResticPassword.mutate({
body: {
password: downloadPassword,
},
});
};
return (
<Card className="p-0 gap-0">
<div className="border-b border-border/50 bg-card-header p-6">
@@ -143,6 +195,69 @@ export default function Settings({ loaderData }: Route.ComponentProps) {
</Button>
</form>
</CardContent>
<div className="border-t border-border/50 bg-card-header p-6">
<CardTitle className="flex items-center gap-2">
<Download className="size-5" />
Backup Recovery Key
</CardTitle>
<CardDescription className="mt-1.5">Download your Restic password file for disaster recovery</CardDescription>
</div>
<CardContent className="p-6 space-y-4">
<p className="text-sm text-muted-foreground max-w-2xl">
This file contains the encryption password used by Restic to secure your backups. Store it in a safe place
(like a password manager or encrypted storage). If you lose access to this server, you'll need this file to
recover your backup data.
</p>
<Dialog open={downloadDialogOpen} onOpenChange={setDownloadDialogOpen}>
<DialogTrigger asChild>
<Button variant="outline">
<Download size={16} className="mr-2" />
Download Restic Password
</Button>
</DialogTrigger>
<DialogContent>
<form onSubmit={handleDownloadResticPassword}>
<DialogHeader>
<DialogTitle>Download Restic Password</DialogTitle>
<DialogDescription>
For security reasons, please enter your account password to download the Restic password file.
</DialogDescription>
</DialogHeader>
<div className="space-y-4 py-4">
<div className="space-y-2">
<Label htmlFor="download-password">Your Password</Label>
<Input
id="download-password"
type="password"
value={downloadPassword}
onChange={(e) => setDownloadPassword(e.target.value)}
placeholder="Enter your password"
required
autoFocus
/>
</div>
</div>
<DialogFooter>
<Button
type="button"
variant="outline"
onClick={() => {
setDownloadDialogOpen(false);
setDownloadPassword("");
}}
>
Cancel
</Button>
<Button type="submit" loading={downloadResticPassword.isPending}>
Download
</Button>
</DialogFooter>
</form>
</DialogContent>
</Dialog>
</CardContent>
</Card>
);
}

1
apps/client/app/routes.ts
View File

@@ -3,6 +3,7 @@ import { layout, type RouteConfig, route } from "@react-router/dev/routes";
export default [
route("onboarding", "./modules/auth/routes/onboarding.tsx"),
route("login", "./modules/auth/routes/login.tsx"),
route("download-recovery-key", "./modules/auth/routes/download-recovery-key.tsx"),
layout("./components/layout.tsx", [
route("/", "./routes/root.tsx"),
route("volumes", "./modules/volumes/routes/volumes.tsx"),