tiny-forge/internal/api/backups.go

package api

import (
	"io"
	"log/slog"
	"net/http"
	"os"
	"path/filepath"
	"strings"
	"time"

	"github.com/alexei/tinyforge/internal/store"
	"github.com/go-chi/chi/v5"
)

// listBackups handles GET /api/backups.
func (s *Server) listBackups(w http.ResponseWriter, r *http.Request) {
	if s.backupEngine == nil {
		respondError(w, http.StatusServiceUnavailable, "backup engine not initialized")
		return
	}

	backups, err := s.backupEngine.ListBackups()
	if err != nil {
		respondError(w, http.StatusInternalServerError, "failed to list backups: "+err.Error())
		return
	}

	if backups == nil {
		backups = []store.Backup{}
	}

	respondJSON(w, http.StatusOK, backups)
}

// triggerBackup handles POST /api/backups.
func (s *Server) triggerBackup(w http.ResponseWriter, r *http.Request) {
	if s.backupEngine == nil {
		respondError(w, http.StatusServiceUnavailable, "backup engine not initialized")
		return
	}

	backup, err := s.backupEngine.CreateBackup("manual")
	if err != nil {
		respondError(w, http.StatusInternalServerError, "failed to create backup: "+err.Error())
		return
	}

	// Prune after manual backup too.
	settings, err := s.store.GetSettings()
	if err == nil && settings.BackupRetentionCount > 0 {
		s.backupEngine.Prune(settings.BackupRetentionCount)
	}

	respondJSON(w, http.StatusCreated, backup)
}

// downloadBackup handles GET /api/backups/{id}/download.
func (s *Server) downloadBackup(w http.ResponseWriter, r *http.Request) {
	if s.backupEngine == nil {
		respondError(w, http.StatusServiceUnavailable, "backup engine not initialized")
		return
	}

	id := chi.URLParam(r, "id")
	backup, err := s.backupEngine.GetBackup(id)
	if err != nil {
		respondError(w, http.StatusNotFound, "backup not found")
		return
	}

	filePath := s.backupEngine.FilePath(backup)

	// Validate the resolved path stays within the backup directory to prevent path traversal.
	absPath, err := filepath.Abs(filePath)
	if err != nil {
		respondError(w, http.StatusInternalServerError, "failed to resolve backup path")
		return
	}
	absBackupDir, _ := filepath.Abs(s.backupEngine.BackupDir())
	if !strings.HasPrefix(absPath, absBackupDir+string(filepath.Separator)) {
		respondError(w, http.StatusForbidden, "access denied")
		return
	}

	f, err := os.Open(absPath)
	if err != nil {
		respondError(w, http.StatusNotFound, "backup file not found on disk")
		return
	}
	defer f.Close()

	stat, err := f.Stat()
	if err != nil {
		respondError(w, http.StatusInternalServerError, "failed to read backup file")
		return
	}

	w.Header().Set("Content-Type", "application/octet-stream")
	w.Header().Set("Content-Disposition", "attachment; filename=\""+filepath.Base(backup.Filename)+"\"")
	http.ServeContent(w, r, filepath.Base(backup.Filename), stat.ModTime(), f)
}

// deleteBackup handles DELETE /api/backups/{id}.
func (s *Server) deleteBackup(w http.ResponseWriter, r *http.Request) {
	if s.backupEngine == nil {
		respondError(w, http.StatusServiceUnavailable, "backup engine not initialized")
		return
	}

	id := chi.URLParam(r, "id")
	if err := s.backupEngine.DeleteBackup(id); err != nil {
		respondError(w, http.StatusInternalServerError, "failed to delete backup: "+err.Error())
		return
	}

	respondJSON(w, http.StatusOK, map[string]string{"status": "deleted"})
}

// restoreBackup handles POST /api/backups/{id}/restore.
// This replaces the current database with the backup and triggers a graceful shutdown.
func (s *Server) restoreBackup(w http.ResponseWriter, r *http.Request) {
	if s.backupEngine == nil {
		respondError(w, http.StatusServiceUnavailable, "backup engine not initialized")
		return
	}

	id := chi.URLParam(r, "id")
	restorePath, err := s.backupEngine.RestorePath(id)
	if err != nil {
		respondError(w, http.StatusNotFound, "backup not found: "+err.Error())
		return
	}

	// Create a safety backup before restore so the user can undo if needed.
	if _, err := s.backupEngine.CreateBackup("pre-restore"); err != nil {
		slog.Warn("failed to create pre-restore backup", "error", err)
	}

	// Send the response BEFORE closing the DB so the client gets confirmation.
	respondJSON(w, http.StatusOK, map[string]any{
		"status":  "restoring",
		"message": "Database restore initiated. The server will restart shortly.",
	})

	// Flush the response.
	if f, ok := w.(http.Flusher); ok {
		f.Flush()
	}

	// Perform the destructive restore in a goroutine with a brief delay
	// to allow the HTTP response to be fully sent.
	go func() {
		time.Sleep(500 * time.Millisecond)

		// Close the current database to release locks.
		if err := s.store.Close(); err != nil {
			slog.Error("restore: failed to close database", "error", err)
			return
		}

		// Copy the backup file over the main database using streaming (no full read into memory).
		src, err := os.Open(restorePath)
		if err != nil {
			slog.Error("restore: failed to open backup file", "error", err)
			return
		}
		defer src.Close()

		dst, err := os.Create(s.dbPath)
		if err != nil {
			slog.Error("restore: failed to create database file", "error", err)
			return
		}
		defer dst.Close()

		if _, err := io.Copy(dst, src); err != nil {
			slog.Error("restore: failed to copy backup to database", "error", err)
			return
		}

		// Remove WAL and SHM files to ensure clean state.
		os.Remove(s.dbPath + "-wal")
		os.Remove(s.dbPath + "-shm")

		slog.Info("restore: database replaced, triggering shutdown")

		// Signal the server to shut down gracefully so it can be restarted.
		if s.shutdownFunc != nil {
			s.shutdownFunc()
		}
	}()
}