From 605fb1c27c954bc8d7ec1e994b4129f1601fa474 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= Date: Mon, 15 Dec 2025 10:48:35 +0100 Subject: [PATCH 01/28] secret reference core support --- README.md | 19 ++++ app/app.css | 6 + app/client/components/ui/secret-input.tsx | 61 ++++++++++ app/server/utils/crypto.ts | 130 +++++++++++++++++++++- docker-compose.yml | 7 ++ 5 files changed, 217 insertions(+), 6 deletions(-) create mode 100644 app/client/components/ui/secret-input.tsx diff --git a/README.md b/README.md index 257edb03..6b9eb07e 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,25 @@ Repositories are optimized for storage efficiency and data integrity, leveraging To create a repository, navigate to the "Repositories" section in the web interface and click on "Create repository". Fill in the required details such as repository name, type, and connection settings. +## Secret references (env:// and file://) + +Any field that is normally stored encrypted in Zerobyte (passwords, tokens, access keys, etc.) also accepts secret references. + +- `env://VAR_NAME` reads the value from `process.env.VAR_NAME` inside the Zerobyte container. +- `file://secret_name` reads the value from `/run/secrets/secret_name` (Docker secrets). + +If you enter a normal value (not starting with `env://` or `file://`), Zerobyte will encrypt it before storing it in the database (values will look like `encv1:...`). + +Examples: + +```yaml +# SMB volume password from an env var +password: env://SMB_PASSWORD + +# S3 secret access key from a Docker secret +secretAccessKey: file://s3-secret-access-key +``` + ### Using rclone for cloud storage Zerobyte can use [rclone](https://rclone.org/) to support 40+ cloud storage providers including Google Drive, Dropbox, OneDrive, Box, pCloud, Mega, and many more. This gives you the flexibility to store your backups on virtually any cloud storage service. diff --git a/app/app.css b/app/app.css index c12eee55..c84370ed 100644 --- a/app/app.css +++ b/app/app.css @@ -173,3 +173,9 @@ body { --chart-5: oklch(0.645 0.246 16.439); } } + +/* Hide built-in password reveal/clear controls (notably in Edge on Windows) */ +[data-secret-input] input[type="password"]::-ms-reveal, +[data-secret-input] input[type="password"]::-ms-clear { + display: none; +} diff --git a/app/client/components/ui/secret-input.tsx b/app/client/components/ui/secret-input.tsx new file mode 100644 index 00000000..98617fb3 --- /dev/null +++ b/app/client/components/ui/secret-input.tsx @@ -0,0 +1,61 @@ +import { Eye, EyeOff } from "lucide-react"; +import type * as React from "react"; +import { useMemo, useState } from "react"; + +import { cn } from "~/client/lib/utils"; +import { Button } from "./button"; +import { Input } from "./input"; + +export const isStoredSecretValue = (value?: string): boolean => { + if (typeof value !== "string" || value.length === 0) { + return false; + } + + return value.startsWith("env://") || value.startsWith("file://") || value.startsWith("encv1:"); +}; + +type SecretInputProps = Omit, "type"> & { + isDirty?: boolean; +}; + +export const SecretInput = ({ className, isDirty, value, ...props }: SecretInputProps) => { + const [revealed, setRevealed] = useState(false); + + const showAsPlaintext = useMemo(() => { + if (typeof value !== "string") { + return false; + } + + return isStoredSecretValue(value) && !isDirty; + }, [isDirty, value]); + + const type = useMemo(() => { + if (showAsPlaintext) { + return "text"; + } + return revealed ? "text" : "password"; + }, [showAsPlaintext, revealed]); + + return ( +
+ + {!showAsPlaintext && ( + + )} +
+ ); +}; diff --git a/app/server/utils/crypto.ts b/app/server/utils/crypto.ts index 3b475913..a9abe4d2 100644 --- a/app/server/utils/crypto.ts +++ b/app/server/utils/crypto.ts @@ -1,9 +1,15 @@ import crypto from "node:crypto"; +import fs from "node:fs/promises"; +import path from "node:path"; import { RESTIC_PASS_FILE } from "../core/constants"; const algorithm = "aes-256-gcm" as const; const keyLength = 32; -const encryptionPrefix = "encv1"; +const encryptionPrefix = "encv1:"; + +const envSecretPrefix = "env://"; +const fileSecretPrefix = "file://"; +const dockerSecretsBasePath = "/run/secrets"; /** * Checks if a given string is encrypted by looking for the encryption prefix. @@ -12,6 +18,72 @@ const isEncrypted = (val?: string): boolean => { return typeof val === "string" && val.startsWith(encryptionPrefix); }; +/** + * Checks if a string looks like a supported secret reference. + * - env://VAR_NAME -> reads process.env.VAR_NAME + * - file://name -> reads a file /run/secrets/name + */ +const isSecretReference = (val?: string): boolean => { + return typeof val === "string" && (val.startsWith(envSecretPrefix) || val.startsWith(fileSecretPrefix)); +}; + +/** + * Resolves an environment variable secret reference. + */ +const resolveEnvSecret = (ref: string): string => { + const name = ref.slice(envSecretPrefix.length); + if (!name) { + throw new Error("env:// reference is missing variable name"); + } + + const value = process.env[name]; + if (value === undefined) { + throw new Error(`Environment variable not set: ${name}`); + } + + return value; +}; + +/** + * Resolves a file-based secret reference. + * Reads the secret from /run/secrets/{name} + */ +const resolveFileSecret = async (ref: string): Promise => { + const secretName = ref.slice(fileSecretPrefix.length); + if (!secretName) { + throw new Error("file:// reference is missing secret name"); + } + + const normalizedName = secretName.replace(/^\/+/, ""); + if (!normalizedName) { + throw new Error("file:// reference is missing secret name"); + } + if (normalizedName.includes("\0") || normalizedName.includes("/") || normalizedName.includes("\\")) { + throw new Error("Invalid secret reference: secret name must be a single path segment"); + } + + // Docker secrets live on a Linux path. Use POSIX path semantics even when developing on Windows. + const resolvedPath = path.posix.resolve(dockerSecretsBasePath, normalizedName); + const allowedPrefix = dockerSecretsBasePath.endsWith("/") ? dockerSecretsBasePath : `${dockerSecretsBasePath}/`; + if (!resolvedPath.startsWith(allowedPrefix)) { + throw new Error("Invalid secret reference: path escapes secrets directory"); + } + + try { + const content = await fs.readFile(resolvedPath, "utf-8"); + // Docker secrets commonly have a trailing newline. + return content.trimEnd(); + } catch (error) { + if ((error as NodeJS.ErrnoException).code === "ENOENT") { + throw new Error(`Secret file not found: ${resolvedPath}`); + } + if ((error as NodeJS.ErrnoException).code === "EACCES") { + throw new Error(`Permission denied reading secret file: ${resolvedPath}`); + } + throw new Error(`Failed to read secret file ${resolvedPath}: ${(error as Error).message}`); + } +}; + /** * Given a string, encrypts it using a randomly generated salt. * Returns the input unchanged if it's empty or already encrypted. @@ -35,7 +107,7 @@ const encrypt = async (data: string) => { const encrypted = Buffer.concat([cipher.update(data), cipher.final()]); const tag = cipher.getAuthTag(); - return `${encryptionPrefix}:${salt.toString("hex")}:${iv.toString("hex")}:${encrypted.toString("hex")}:${tag.toString("hex")}`; + return `${encryptionPrefix}${salt.toString("hex")}:${iv.toString("hex")}:${encrypted.toString("hex")}:${tag.toString("hex")}`; }; /** @@ -68,8 +140,54 @@ const decrypt = async (encryptedData: string) => { return decrypted.toString(); }; -export const cryptoUtils = { - encrypt, - decrypt, - isEncrypted, +/** + * Resolves secret references and encrypted database values. + * + * - encv1:... -> decrypt + * - env://VAR -> read process.env.VAR + * - file://name -> read /run/secrets/name + * - otherwise returns value unchanged + */ +const resolveSecret = async (value: string): Promise => { + if (!value) { + return value; + } + + if (isEncrypted(value)) { + return decrypt(value); + } + + if (value.startsWith(envSecretPrefix)) { + return resolveEnvSecret(value); + } + + if (value.startsWith(fileSecretPrefix)) { + return resolveFileSecret(value); + } + + return value; +}; + +/** + * Prepares a secret value for storage. + * + * - env://... and file://... are stored as-is (references) + * - encv1:... is stored as-is (already encrypted) + * - otherwise encrypt before storing + */ +const sealSecret = async (value: string): Promise => { + if (!value) { + return value; + } + + if (isEncrypted(value) || isSecretReference(value)) { + return value; + } + + return encrypt(value); +}; + +export const cryptoUtils = { + resolveSecret, + sealSecret, }; diff --git a/docker-compose.yml b/docker-compose.yml index 689f167b..92fc2713 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,8 +12,11 @@ services: - SYS_ADMIN environment: - NODE_ENV=development + # - SMB_PASSWORD=${SMB_PASSWORD} ports: - "4096:4096" + # secrets: + # - s3-secret-access-key volumes: - /etc/localtime:/etc/localtime:ro - /var/lib/zerobyte:/var/lib/zerobyte @@ -42,3 +45,7 @@ services: - /run/docker/plugins:/run/docker/plugins - /var/run/docker.sock:/var/run/docker.sock - ~/.config/rclone:/root/.config/rclone + +# secrets: +# s3-secret-access-key: +# file: ./s3-secret-access-key.txt From 58b1a0574e1a0cde1b5701cfdab6df0afb1f31b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= Date: Mon, 15 Dec 2025 10:50:13 +0100 Subject: [PATCH 02/28] secret reference server usage --- .../modules/backends/smb/smb-backend.ts | 2 +- .../modules/backends/webdav/webdav-backend.ts | 2 +- .../notifications/notifications.service.ts | 32 +++++++++---------- .../repositories/repositories.service.ts | 16 +++++----- app/server/modules/volumes/volume.service.ts | 4 +-- app/server/utils/backend-compatibility.ts | 24 +++++++------- app/server/utils/restic.ts | 20 ++++++------ 7 files changed, 50 insertions(+), 50 deletions(-) diff --git a/app/server/modules/backends/smb/smb-backend.ts b/app/server/modules/backends/smb/smb-backend.ts index 774e10fd..f5500c29 100644 --- a/app/server/modules/backends/smb/smb-backend.ts +++ b/app/server/modules/backends/smb/smb-backend.ts @@ -34,7 +34,7 @@ const mount = async (config: BackendConfig, path: string) => { const run = async () => { await fs.mkdir(path, { recursive: true }); - const password = await cryptoUtils.decrypt(config.password); + const password = await cryptoUtils.resolveSecret(config.password); const source = `//${config.server}/${config.share}`; const options = [ diff --git a/app/server/modules/backends/webdav/webdav-backend.ts b/app/server/modules/backends/webdav/webdav-backend.ts index 2467736d..5de5f05d 100644 --- a/app/server/modules/backends/webdav/webdav-backend.ts +++ b/app/server/modules/backends/webdav/webdav-backend.ts @@ -50,7 +50,7 @@ const mount = async (config: BackendConfig, path: string) => { : ["uid=1000", "gid=1000", "file_mode=0664", "dir_mode=0775"]; if (config.username && config.password) { - const password = await cryptoUtils.decrypt(config.password); + const password = await cryptoUtils.resolveSecret(config.password); const secretsFile = "/etc/davfs2/secrets"; const secretsContent = `${source} ${config.username} ${password}\n`; await fs.appendFile(secretsFile, secretsContent, { mode: 0o600 }); diff --git a/app/server/modules/notifications/notifications.service.ts b/app/server/modules/notifications/notifications.service.ts index b25b79f6..0b951a96 100644 --- a/app/server/modules/notifications/notifications.service.ts +++ b/app/server/modules/notifications/notifications.service.ts @@ -38,42 +38,42 @@ async function encryptSensitiveFields(config: NotificationConfig): Promise = { ...config }; if (config.customPassword) { - encryptedConfig.customPassword = await cryptoUtils.encrypt(config.customPassword); + encryptedConfig.customPassword = await cryptoUtils.sealSecret(config.customPassword); } switch (config.backend) { case "s3": case "r2": - encryptedConfig.accessKeyId = await cryptoUtils.encrypt(config.accessKeyId); - encryptedConfig.secretAccessKey = await cryptoUtils.encrypt(config.secretAccessKey); + encryptedConfig.accessKeyId = await cryptoUtils.sealSecret(config.accessKeyId); + encryptedConfig.secretAccessKey = await cryptoUtils.sealSecret(config.secretAccessKey); break; case "gcs": - encryptedConfig.credentialsJson = await cryptoUtils.encrypt(config.credentialsJson); + encryptedConfig.credentialsJson = await cryptoUtils.sealSecret(config.credentialsJson); break; case "azure": - encryptedConfig.accountKey = await cryptoUtils.encrypt(config.accountKey); + encryptedConfig.accountKey = await cryptoUtils.sealSecret(config.accountKey); break; case "rest": if (config.username) { - encryptedConfig.username = await cryptoUtils.encrypt(config.username); + encryptedConfig.username = await cryptoUtils.sealSecret(config.username); } if (config.password) { - encryptedConfig.password = await cryptoUtils.encrypt(config.password); + encryptedConfig.password = await cryptoUtils.sealSecret(config.password); } break; case "sftp": - encryptedConfig.privateKey = await cryptoUtils.encrypt(config.privateKey); + encryptedConfig.privateKey = await cryptoUtils.sealSecret(config.privateKey); break; } diff --git a/app/server/modules/volumes/volume.service.ts b/app/server/modules/volumes/volume.service.ts index 3f415c0b..ef7fcf23 100644 --- a/app/server/modules/volumes/volume.service.ts +++ b/app/server/modules/volumes/volume.service.ts @@ -25,12 +25,12 @@ async function encryptSensitiveFields(config: BackendConfig): Promise { }; if (config.isExistingRepository && config.customPassword) { - const decryptedPassword = await cryptoUtils.decrypt(config.customPassword); + const decryptedPassword = await cryptoUtils.resolveSecret(config.customPassword); const passwordFilePath = path.join("/tmp", `zerobyte-pass-${crypto.randomBytes(8).toString("hex")}.txt`); await fs.writeFile(passwordFilePath, decryptedPassword, { mode: 0o600 }); @@ -117,17 +117,17 @@ const buildEnv = async (config: RepositoryConfig) => { switch (config.backend) { case "s3": - env.AWS_ACCESS_KEY_ID = await cryptoUtils.decrypt(config.accessKeyId); - env.AWS_SECRET_ACCESS_KEY = await cryptoUtils.decrypt(config.secretAccessKey); + env.AWS_ACCESS_KEY_ID = await cryptoUtils.resolveSecret(config.accessKeyId); + env.AWS_SECRET_ACCESS_KEY = await cryptoUtils.resolveSecret(config.secretAccessKey); break; case "r2": - env.AWS_ACCESS_KEY_ID = await cryptoUtils.decrypt(config.accessKeyId); - env.AWS_SECRET_ACCESS_KEY = await cryptoUtils.decrypt(config.secretAccessKey); + env.AWS_ACCESS_KEY_ID = await cryptoUtils.resolveSecret(config.accessKeyId); + env.AWS_SECRET_ACCESS_KEY = await cryptoUtils.resolveSecret(config.secretAccessKey); env.AWS_REGION = "auto"; env.AWS_S3_FORCE_PATH_STYLE = "true"; break; case "gcs": { - const decryptedCredentials = await cryptoUtils.decrypt(config.credentialsJson); + const decryptedCredentials = await cryptoUtils.resolveSecret(config.credentialsJson); const credentialsPath = path.join("/tmp", `zerobyte-gcs-${crypto.randomBytes(8).toString("hex")}.json`); await fs.writeFile(credentialsPath, decryptedCredentials, { mode: 0o600 }); env.GOOGLE_PROJECT_ID = config.projectId; @@ -136,7 +136,7 @@ const buildEnv = async (config: RepositoryConfig) => { } case "azure": { env.AZURE_ACCOUNT_NAME = config.accountName; - env.AZURE_ACCOUNT_KEY = await cryptoUtils.decrypt(config.accountKey); + env.AZURE_ACCOUNT_KEY = await cryptoUtils.resolveSecret(config.accountKey); if (config.endpointSuffix) { env.AZURE_ENDPOINT_SUFFIX = config.endpointSuffix; } @@ -144,15 +144,15 @@ const buildEnv = async (config: RepositoryConfig) => { } case "rest": { if (config.username) { - env.RESTIC_REST_USERNAME = await cryptoUtils.decrypt(config.username); + env.RESTIC_REST_USERNAME = await cryptoUtils.resolveSecret(config.username); } if (config.password) { - env.RESTIC_REST_PASSWORD = await cryptoUtils.decrypt(config.password); + env.RESTIC_REST_PASSWORD = await cryptoUtils.resolveSecret(config.password); } break; } case "sftp": { - const decryptedKey = await cryptoUtils.decrypt(config.privateKey); + const decryptedKey = await cryptoUtils.resolveSecret(config.privateKey); const keyPath = path.join("/tmp", `ironmount-ssh-${crypto.randomBytes(8).toString("hex")}`); let normalizedKey = decryptedKey.replace(/\r\n/g, "\n"); From c4ec8ea62b5eab86dc6f7a3491283508e2526031 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= Date: Mon, 15 Dec 2025 10:50:24 +0100 Subject: [PATCH 03/28] secret reference frontend usage --- .../components/create-notification-form.tsx | 31 ++++++++++++++++--- .../components/create-repository-form.tsx | 8 ++++- .../azure-repository-form.tsx | 8 ++++- .../repository-forms/r2-repository-form.tsx | 8 ++++- .../repository-forms/rest-repository-form.tsx | 8 ++++- .../repository-forms/s3-repository-form.tsx | 8 ++++- .../components/volume-forms/smb-form.tsx | 8 ++++- .../components/volume-forms/webdav-form.tsx | 8 ++++- 8 files changed, 75 insertions(+), 12 deletions(-) diff --git a/app/client/modules/notifications/components/create-notification-form.tsx b/app/client/modules/notifications/components/create-notification-form.tsx index dc89d550..c13e8af2 100644 --- a/app/client/modules/notifications/components/create-notification-form.tsx +++ b/app/client/modules/notifications/components/create-notification-form.tsx @@ -14,6 +14,7 @@ import { FormMessage, } from "~/client/components/ui/form"; import { Input } from "~/client/components/ui/input"; +import { SecretInput } from "~/client/components/ui/secret-input"; import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "~/client/components/ui/select"; import { Checkbox } from "~/client/components/ui/checkbox"; import { notificationConfigSchema } from "~/schemas/notifications"; @@ -213,7 +214,11 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue Password (Optional) - + @@ -415,7 +420,11 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue App Token - + Application token from Gotify. @@ -510,7 +519,11 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue Password (Optional) - + Password for server authentication, if required. @@ -567,7 +580,11 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue API Token - + Application API token from your Pushover application. @@ -627,7 +644,11 @@ export const CreateNotificationForm = ({ onSubmit, mode = "create", initialValue Bot Token - + Telegram bot token. Get this from BotFather when you create your bot. diff --git a/app/client/modules/repositories/components/create-repository-form.tsx b/app/client/modules/repositories/components/create-repository-form.tsx index dc99c6d4..f09d52bc 100644 --- a/app/client/modules/repositories/components/create-repository-form.tsx +++ b/app/client/modules/repositories/components/create-repository-form.tsx @@ -16,6 +16,7 @@ import { FormMessage, } from "../../../components/ui/form"; import { Input } from "../../../components/ui/input"; +import { SecretInput } from "../../../components/ui/secret-input"; import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../components/ui/select"; import { Tooltip, TooltipContent, TooltipTrigger } from "../../../components/ui/tooltip"; import { useSystemInfo } from "~/client/hooks/use-system-info"; @@ -241,7 +242,12 @@ export const CreateRepositoryForm = ({ Repository Password - + The password used to encrypt this repository. It will be stored securely. diff --git a/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx index de2442fe..b4620a17 100644 --- a/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx +++ b/app/client/modules/repositories/components/repository-forms/azure-repository-form.tsx @@ -8,6 +8,7 @@ import { FormMessage, } from "../../../../components/ui/form"; import { Input } from "../../../../components/ui/input"; +import { SecretInput } from "../../../../components/ui/secret-input"; import type { RepositoryFormValues } from "../create-repository-form"; type Props = { @@ -52,7 +53,12 @@ export const AzureRepositoryForm = ({ form }: Props) => { Account Key - + Azure Storage account key for authentication. diff --git a/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx index b4cfa242..d2a61f4d 100644 --- a/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx +++ b/app/client/modules/repositories/components/repository-forms/r2-repository-form.tsx @@ -8,6 +8,7 @@ import { FormMessage, } from "../../../../components/ui/form"; import { Input } from "../../../../components/ui/input"; +import { SecretInput } from "../../../../components/ui/secret-input"; import type { RepositoryFormValues } from "../create-repository-form"; type Props = { @@ -68,7 +69,12 @@ export const R2RepositoryForm = ({ form }: Props) => { Secret Access Key - + R2 API token Secret Access Key (shown once when creating token). diff --git a/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx index 5721c1db..26750cc1 100644 --- a/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx +++ b/app/client/modules/repositories/components/repository-forms/rest-repository-form.tsx @@ -8,6 +8,7 @@ import { FormMessage, } from "../../../../components/ui/form"; import { Input } from "../../../../components/ui/input"; +import { SecretInput } from "../../../../components/ui/secret-input"; import type { RepositoryFormValues } from "../create-repository-form"; type Props = { @@ -66,7 +67,12 @@ export const RestRepositoryForm = ({ form }: Props) => { Password (Optional) - + Password for REST server authentication. diff --git a/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx b/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx index 16082434..7950bbef 100644 --- a/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx +++ b/app/client/modules/repositories/components/repository-forms/s3-repository-form.tsx @@ -8,6 +8,7 @@ import { FormMessage, } from "../../../../components/ui/form"; import { Input } from "../../../../components/ui/input"; +import { SecretInput } from "../../../../components/ui/secret-input"; import type { RepositoryFormValues } from "../create-repository-form"; type Props = { @@ -66,7 +67,12 @@ export const S3RepositoryForm = ({ form }: Props) => { Secret Access Key - + S3 secret access key for authentication. diff --git a/app/client/modules/volumes/components/volume-forms/smb-form.tsx b/app/client/modules/volumes/components/volume-forms/smb-form.tsx index 7f995c46..5d41e636 100644 --- a/app/client/modules/volumes/components/volume-forms/smb-form.tsx +++ b/app/client/modules/volumes/components/volume-forms/smb-form.tsx @@ -9,6 +9,7 @@ import { FormMessage, } from "../../../../components/ui/form"; import { Input } from "../../../../components/ui/input"; +import { SecretInput } from "../../../../components/ui/secret-input"; import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../../../../components/ui/select"; type Props = { @@ -67,7 +68,12 @@ export const SMBForm = ({ form }: Props) => { Password - + Password for SMB authentication. diff --git a/app/client/modules/volumes/components/volume-forms/webdav-form.tsx b/app/client/modules/volumes/components/volume-forms/webdav-form.tsx index 1a399ed7..c7eb6152 100644 --- a/app/client/modules/volumes/components/volume-forms/webdav-form.tsx +++ b/app/client/modules/volumes/components/volume-forms/webdav-form.tsx @@ -9,6 +9,7 @@ import { FormMessage, } from "../../../../components/ui/form"; import { Input } from "../../../../components/ui/input"; +import { SecretInput } from "../../../../components/ui/secret-input"; type Props = { form: UseFormReturn; @@ -66,7 +67,12 @@ export const WebDAVForm = ({ form }: Props) => { Password (Optional) - + Password for WebDAV authentication (optional). From b51f3549c29f2c37d553ab61cc6fded4c18bf968 Mon Sep 17 00:00:00 2001 From: Raj Dave Date: Mon, 15 Dec 2025 13:13:34 +0300 Subject: [PATCH 04/28] Backend and UI modifications to allow reordering of backup schedules Adds drag-and-drop functionality to reorder backup schedules Introduces a sort order field to the database schema and implements API endpoints to update the schedule order. This allows users to visually prioritize their backup jobs. --- .../components/sortable-backup-card.tsx | 82 ++++++++++ app/client/modules/backups/routes/backups.tsx | 154 +++++++++++------- app/drizzle/0022_add_backup_sort_order.sql | 2 + app/drizzle/meta/0022_snapshot.json | 17 ++ app/drizzle/meta/_journal.json | 7 + app/server/db/schema.ts | 1 + .../modules/backups/backups.controller.ts | 10 ++ app/server/modules/backups/backups.dto.ts | 31 ++++ app/server/modules/backups/backups.service.ts | 14 +- package.json | 3 + 10 files changed, 263 insertions(+), 58 deletions(-) create mode 100644 app/client/modules/backups/components/sortable-backup-card.tsx create mode 100644 app/drizzle/0022_add_backup_sort_order.sql create mode 100644 app/drizzle/meta/0022_snapshot.json diff --git a/app/client/modules/backups/components/sortable-backup-card.tsx b/app/client/modules/backups/components/sortable-backup-card.tsx new file mode 100644 index 00000000..8a7b98f5 --- /dev/null +++ b/app/client/modules/backups/components/sortable-backup-card.tsx @@ -0,0 +1,82 @@ +import { useSortable } from "@dnd-kit/sortable"; +import { CSS } from "@dnd-kit/utilities"; +import { CalendarClock, Database, GripVertical, HardDrive } from "lucide-react"; +import { Link } from "react-router"; +import { BackupStatusDot } from "./backup-status-dot"; +import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/client/components/ui/card"; +import type { ListBackupSchedulesResponse } from "~/client/api-client"; + +type Schedule = ListBackupSchedulesResponse[number]; + +interface SortableBackupCardProps { + schedule: Schedule; + isDragging?: boolean; +} + +export function SortableBackupCard({ schedule, isDragging }: SortableBackupCardProps) { + const { attributes, listeners, setNodeRef, transform, transition } = useSortable({ + id: schedule.id, + }); + + const style = { + transform: CSS.Transform.toString(transform), + transition, + opacity: isDragging ? 0.5 : 1, + }; + + return ( +
+
+ +
+ + + +
+
+ + {schedule.name} +
+ +
+ + + {schedule.volume.name} + + + {schedule.repository.name} + +
+ +
+
+ Schedule + {schedule.cronExpression} +
+
+ Last backup + + {schedule.lastBackupAt ? new Date(schedule.lastBackupAt).toLocaleDateString() : "Never"} + +
+
+ Next backup + + {schedule.nextBackupAt ? new Date(schedule.nextBackupAt).toLocaleDateString() : "N/A"} + +
+
+
+
+ +
+ ); +} diff --git a/app/client/modules/backups/routes/backups.tsx b/app/client/modules/backups/routes/backups.tsx index 651c86f4..929da13c 100644 --- a/app/client/modules/backups/routes/backups.tsx +++ b/app/client/modules/backups/routes/backups.tsx @@ -1,6 +1,18 @@ -import { useQuery } from "@tanstack/react-query"; +import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query"; +import { + DndContext, + closestCenter, + KeyboardSensor, + PointerSensor, + useSensor, + useSensors, + type DragEndEvent, +} from "@dnd-kit/core"; +import { arrayMove, SortableContext, sortableKeyboardCoordinates, rectSortingStrategy } from "@dnd-kit/sortable"; import { CalendarClock, Database, HardDrive, Plus } from "lucide-react"; import { Link } from "react-router"; +import { useState, useEffect } from "react"; +import { SortableBackupCard } from "../components/sortable-backup-card"; import { BackupStatusDot } from "../components/backup-status-dot"; import { EmptyState } from "~/client/components/empty-state"; import { Button } from "~/client/components/ui/button"; @@ -9,6 +21,21 @@ import type { Route } from "./+types/backups"; import { listBackupSchedules } from "~/client/api-client"; import { listBackupSchedulesOptions } from "~/client/api-client/@tanstack/react-query.gen"; +// Temporary helper until API client is regenerated +async function reorderBackupSchedules(scheduleIds: number[]) { + const response = await fetch("/api/v1/backups/reorder", { + method: "POST", + headers: { + "Content-Type": "application/json", + }, + body: JSON.stringify({ scheduleIds }), + }); + if (!response.ok) { + throw new Error("Failed to reorder backup schedules"); + } + return response.json(); +} + export const handle = { breadcrumb: () => [{ label: "Backups" }], }; @@ -30,11 +57,58 @@ export const clientLoader = async () => { }; export default function Backups({ loaderData }: Route.ComponentProps) { + const queryClient = useQueryClient(); const { data: schedules, isLoading } = useQuery({ ...listBackupSchedulesOptions(), initialData: loaderData, }); + const [items, setItems] = useState(schedules?.map((s) => s.id) ?? []); + + // Keep items in sync with schedules + useEffect(() => { + if (schedules) { + setItems(schedules.map((s) => s.id)); + } + }, [schedules]); + + const sensors = useSensors( + useSensor(PointerSensor, { + activationConstraint: { + distance: 8, + }, + }), + useSensor(KeyboardSensor, { + coordinateGetter: sortableKeyboardCoordinates, + }), + ); + + const reorderMutation = useMutation({ + mutationFn: async (scheduleIds: number[]) => { + await reorderBackupSchedules(scheduleIds); + }, + onSuccess: () => { + queryClient.invalidateQueries({ queryKey: ["listBackupSchedules"] }); + }, + }); + + const handleDragEnd = (event: DragEndEvent) => { + const { active, over } = event; + + if (over && active.id !== over.id) { + setItems((items) => { + const oldIndex = items.indexOf(active.id as number); + const newIndex = items.indexOf(over.id as number); + const newItems = arrayMove(items, oldIndex, newIndex); + + // Save the new order + reorderMutation.mutate(newItems); + + return newItems; + }); + } + }; + if (isLoading) { return (
@@ -61,64 +135,30 @@ export default function Backups({ loaderData }: Route.ComponentProps) { ); } + // Create a map for quick lookup + const scheduleMap = new Map(schedules.map((s) => [s.id, s])); + return (
-
- {schedules.map((schedule) => ( - - - -
-
- - {schedule.name} -
- -
- - - {schedule.volume.name} - - - {schedule.repository.name} - -
- -
-
- Schedule - {schedule.cronExpression} -
-
- Last backup - - {schedule.lastBackupAt ? new Date(schedule.lastBackupAt).toLocaleDateString() : "Never"} - -
-
- Next backup - - {schedule.nextBackupAt ? new Date(schedule.nextBackupAt).toLocaleDateString() : "N/A"} - -
-
-
-
- - ))} - - - - - Create a backup job - - - -
+ + +
+ {items.map((id) => { + const schedule = scheduleMap.get(id); + if (!schedule) return null; + return ; + })} + + + + + Create a backup job + + + +
+
+
); } diff --git a/app/drizzle/0022_add_backup_sort_order.sql b/app/drizzle/0022_add_backup_sort_order.sql new file mode 100644 index 00000000..487a1bff --- /dev/null +++ b/app/drizzle/0022_add_backup_sort_order.sql @@ -0,0 +1,2 @@ +ALTER TABLE `backup_schedules_table` ADD `sort_order` integer DEFAULT 0 NOT NULL; + diff --git a/app/drizzle/meta/0022_snapshot.json b/app/drizzle/meta/0022_snapshot.json new file mode 100644 index 00000000..bf0ce995 --- /dev/null +++ b/app/drizzle/meta/0022_snapshot.json @@ -0,0 +1,17 @@ +{ + "version": "6", + "dialect": "sqlite", + "id": "0022_add_backup_sort_order", + "prevId": "0021_steady_viper", + "tables": {}, + "enums": {}, + "_meta": { + "schemas": {}, + "tables": {}, + "columns": {} + }, + "internal": { + "indexes": {} + } +} + diff --git a/app/drizzle/meta/_journal.json b/app/drizzle/meta/_journal.json index 004e9b77..f4f849f8 100644 --- a/app/drizzle/meta/_journal.json +++ b/app/drizzle/meta/_journal.json @@ -155,6 +155,13 @@ "when": 1765307881092, "tag": "0021_steady_viper", "breakpoints": true + }, + { + "idx": 22, + "version": "6", + "when": 1734278400000, + "tag": "0022_add_backup_sort_order", + "breakpoints": true } ] } \ No newline at end of file diff --git a/app/server/db/schema.ts b/app/server/db/schema.ts index 55c741c2..cb94d29b 100644 --- a/app/server/db/schema.ts +++ b/app/server/db/schema.ts @@ -92,6 +92,7 @@ export const backupSchedulesTable = sqliteTable("backup_schedules_table", { lastBackupStatus: text("last_backup_status").$type<"success" | "error" | "in_progress" | "warning">(), lastBackupError: text("last_backup_error"), nextBackupAt: int("next_backup_at", { mode: "number" }), + sortOrder: int("sort_order", { mode: "number" }).notNull().default(0), createdAt: int("created_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`), updatedAt: int("updated_at", { mode: "number" }).notNull().default(sql`(unixepoch() * 1000)`), }); diff --git a/app/server/modules/backups/backups.controller.ts b/app/server/modules/backups/backups.controller.ts index 0bcc93eb..653cd659 100644 --- a/app/server/modules/backups/backups.controller.ts +++ b/app/server/modules/backups/backups.controller.ts @@ -16,6 +16,8 @@ import { updateScheduleMirrorsDto, updateScheduleMirrorsBody, getMirrorCompatibilityDto, + reorderBackupSchedulesDto, + reorderBackupSchedulesBody, type CreateBackupScheduleDto, type DeleteBackupScheduleDto, type GetBackupScheduleDto, @@ -28,6 +30,7 @@ import { type GetScheduleMirrorsDto, type UpdateScheduleMirrorsDto, type GetMirrorCompatibilityDto, + type ReorderBackupSchedulesDto, } from "./backups.dto"; import { backupsService } from "./backups.service"; import { @@ -139,4 +142,11 @@ export const backupScheduleController = new Hono() const compatibility = await backupsService.getMirrorCompatibility(scheduleId); return c.json(compatibility, 200); + }) + .post("/reorder", reorderBackupSchedulesDto, validator("json", reorderBackupSchedulesBody), async (c) => { + const body = c.req.valid("json"); + + await backupsService.reorderSchedules(body.scheduleIds); + + return c.json({ success: true }, 200); }); diff --git a/app/server/modules/backups/backups.dto.ts b/app/server/modules/backups/backups.dto.ts index fc771bf1..6173bd82 100644 --- a/app/server/modules/backups/backups.dto.ts +++ b/app/server/modules/backups/backups.dto.ts @@ -367,3 +367,34 @@ export const getMirrorCompatibilityDto = describeRoute({ }, }, }); + +/** + * Reorder backup schedules + */ +export const reorderBackupSchedulesBody = type({ + scheduleIds: "number[]", +}); + +export type ReorderBackupSchedulesBody = typeof reorderBackupSchedulesBody.infer; + +export const reorderBackupSchedulesResponse = type({ + success: "boolean", +}); + +export type ReorderBackupSchedulesDto = typeof reorderBackupSchedulesResponse.infer; + +export const reorderBackupSchedulesDto = describeRoute({ + description: "Reorder backup schedules by providing an array of schedule IDs in the desired order", + operationId: "reorderBackupSchedules", + tags: ["Backups"], + responses: { + 200: { + description: "Backup schedules reordered successfully", + content: { + "application/json": { + schema: resolver(reorderBackupSchedulesResponse), + }, + }, + }, + }, +}); diff --git a/app/server/modules/backups/backups.service.ts b/app/server/modules/backups/backups.service.ts index 9994e503..372ac0d8 100644 --- a/app/server/modules/backups/backups.service.ts +++ b/app/server/modules/backups/backups.service.ts @@ -1,4 +1,4 @@ -import { and, eq, ne } from "drizzle-orm"; +import { and, asc, eq, ne } from "drizzle-orm"; import cron from "node-cron"; import { CronExpressionParser } from "cron-parser"; import { NotFoundError, BadRequestError, ConflictError } from "http-errors-enhanced"; @@ -38,6 +38,7 @@ const listSchedules = async () => { volume: true, repository: true, }, + orderBy: [asc(backupSchedulesTable.sortOrder), asc(backupSchedulesTable.id)], }); return schedules; }; @@ -637,6 +638,16 @@ const getMirrorCompatibility = async (scheduleId: number) => { return compatibility; }; +const reorderSchedules = async (scheduleIds: number[]) => { + // Update each schedule's sortOrder based on its position in the array + for (let i = 0; i < scheduleIds.length; i++) { + await db + .update(backupSchedulesTable) + .set({ sortOrder: i, updatedAt: Date.now() }) + .where(eq(backupSchedulesTable.id, scheduleIds[i])); + } +}; + export const backupsService = { listSchedules, getSchedule, @@ -651,4 +662,5 @@ export const backupsService = { getMirrors, updateMirrors, getMirrorCompatibility, + reorderSchedules, }; diff --git a/package.json b/package.json index e6d2fcb9..697d0fe4 100644 --- a/package.json +++ b/package.json @@ -17,6 +17,9 @@ "studio": "drizzle-kit studio" }, "dependencies": { + "@dnd-kit/core": "^6.3.1", + "@dnd-kit/sortable": "^10.0.0", + "@dnd-kit/utilities": "^3.2.2", "@hono/standard-validator": "^0.2.0", "@hookform/resolvers": "^5.2.2", "@radix-ui/react-alert-dialog": "^1.1.15", From fa8e06a92e35a8450ca41ce3fe547f5e51b2c8e6 Mon Sep 17 00:00:00 2001 From: Raj Dave Date: Mon, 15 Dec 2025 13:26:47 +0300 Subject: [PATCH 05/28] fix timestamp in drizzle journal --- app/drizzle/meta/_journal.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/drizzle/meta/_journal.json b/app/drizzle/meta/_journal.json index f4f849f8..05caf4a0 100644 --- a/app/drizzle/meta/_journal.json +++ b/app/drizzle/meta/_journal.json @@ -159,7 +159,7 @@ { "idx": 22, "version": "6", - "when": 1734278400000, + "when": 1765794227000, "tag": "0022_add_backup_sort_order", "breakpoints": true } From c3f5cd6b4e4c9f45a54f29124210125f55d4b892 Mon Sep 17 00:00:00 2001 From: Raj Dave Date: Mon, 15 Dec 2025 13:30:51 +0300 Subject: [PATCH 06/28] properly generate migration --- ...kup_sort_order.sql => 0022_woozy_shen.sql} | 3 +- app/drizzle/meta/0022_snapshot.json | 824 +++++++++++++++++- app/drizzle/meta/_journal.json | 4 +- 3 files changed, 822 insertions(+), 9 deletions(-) rename app/drizzle/{0022_add_backup_sort_order.sql => 0022_woozy_shen.sql} (75%) diff --git a/app/drizzle/0022_add_backup_sort_order.sql b/app/drizzle/0022_woozy_shen.sql similarity index 75% rename from app/drizzle/0022_add_backup_sort_order.sql rename to app/drizzle/0022_woozy_shen.sql index 487a1bff..df63c5aa 100644 --- a/app/drizzle/0022_add_backup_sort_order.sql +++ b/app/drizzle/0022_woozy_shen.sql @@ -1,2 +1 @@ -ALTER TABLE `backup_schedules_table` ADD `sort_order` integer DEFAULT 0 NOT NULL; - +ALTER TABLE `backup_schedules_table` ADD `sort_order` integer DEFAULT 0 NOT NULL; \ No newline at end of file diff --git a/app/drizzle/meta/0022_snapshot.json b/app/drizzle/meta/0022_snapshot.json index bf0ce995..ee9d34d9 100644 --- a/app/drizzle/meta/0022_snapshot.json +++ b/app/drizzle/meta/0022_snapshot.json @@ -1,9 +1,824 @@ { "version": "6", "dialect": "sqlite", - "id": "0022_add_backup_sort_order", - "prevId": "0021_steady_viper", - "tables": {}, + "id": "11c24867-3186-4578-b8dd-cee4c48a28d1", + "prevId": "e7c02f6c-e255-402e-9f18-d50a3fef8e4d", + "tables": { + "app_metadata": { + "name": "app_metadata", + "columns": { + "key": { + "name": "key", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "value": { + "name": "value", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + }, + "updated_at": { + "name": "updated_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "backup_schedule_mirrors_table": { + "name": "backup_schedule_mirrors_table", + "columns": { + "id": { + "name": "id", + "type": "integer", + "primaryKey": true, + "notNull": true, + "autoincrement": true + }, + "schedule_id": { + "name": "schedule_id", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "repository_id": { + "name": "repository_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "last_copy_at": { + "name": "last_copy_at", + "type": "integer", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "last_copy_status": { + "name": "last_copy_status", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "last_copy_error": { + "name": "last_copy_error", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + } + }, + "indexes": { + "backup_schedule_mirrors_table_schedule_id_repository_id_unique": { + "name": "backup_schedule_mirrors_table_schedule_id_repository_id_unique", + "columns": [ + "schedule_id", + "repository_id" + ], + "isUnique": true + } + }, + "foreignKeys": { + "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk": { + "name": "backup_schedule_mirrors_table_schedule_id_backup_schedules_table_id_fk", + "tableFrom": "backup_schedule_mirrors_table", + "tableTo": "backup_schedules_table", + "columnsFrom": [ + "schedule_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk": { + "name": "backup_schedule_mirrors_table_repository_id_repositories_table_id_fk", + "tableFrom": "backup_schedule_mirrors_table", + "tableTo": "repositories_table", + "columnsFrom": [ + "repository_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "backup_schedule_notifications_table": { + "name": "backup_schedule_notifications_table", + "columns": { + "schedule_id": { + "name": "schedule_id", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "destination_id": { + "name": "destination_id", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "notify_on_start": { + "name": "notify_on_start", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": false + }, + "notify_on_success": { + "name": "notify_on_success", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": false + }, + "notify_on_warning": { + "name": "notify_on_warning", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "notify_on_failure": { + "name": "notify_on_failure", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + } + }, + "indexes": {}, + "foreignKeys": { + "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk": { + "name": "backup_schedule_notifications_table_schedule_id_backup_schedules_table_id_fk", + "tableFrom": "backup_schedule_notifications_table", + "tableTo": "backup_schedules_table", + "columnsFrom": [ + "schedule_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk": { + "name": "backup_schedule_notifications_table_destination_id_notification_destinations_table_id_fk", + "tableFrom": "backup_schedule_notifications_table", + "tableTo": "notification_destinations_table", + "columnsFrom": [ + "destination_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": { + "backup_schedule_notifications_table_schedule_id_destination_id_pk": { + "columns": [ + "schedule_id", + "destination_id" + ], + "name": "backup_schedule_notifications_table_schedule_id_destination_id_pk" + } + }, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "backup_schedules_table": { + "name": "backup_schedules_table", + "columns": { + "id": { + "name": "id", + "type": "integer", + "primaryKey": true, + "notNull": true, + "autoincrement": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "volume_id": { + "name": "volume_id", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "repository_id": { + "name": "repository_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "cron_expression": { + "name": "cron_expression", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "retention_policy": { + "name": "retention_policy", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "exclude_patterns": { + "name": "exclude_patterns", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false, + "default": "'[]'" + }, + "exclude_if_present": { + "name": "exclude_if_present", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false, + "default": "'[]'" + }, + "include_patterns": { + "name": "include_patterns", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false, + "default": "'[]'" + }, + "last_backup_at": { + "name": "last_backup_at", + "type": "integer", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "last_backup_status": { + "name": "last_backup_status", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "last_backup_error": { + "name": "last_backup_error", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "next_backup_at": { + "name": "next_backup_at", + "type": "integer", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "sort_order": { + "name": "sort_order", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": 0 + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + }, + "updated_at": { + "name": "updated_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + } + }, + "indexes": { + "backup_schedules_table_name_unique": { + "name": "backup_schedules_table_name_unique", + "columns": [ + "name" + ], + "isUnique": true + } + }, + "foreignKeys": { + "backup_schedules_table_volume_id_volumes_table_id_fk": { + "name": "backup_schedules_table_volume_id_volumes_table_id_fk", + "tableFrom": "backup_schedules_table", + "tableTo": "volumes_table", + "columnsFrom": [ + "volume_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + }, + "backup_schedules_table_repository_id_repositories_table_id_fk": { + "name": "backup_schedules_table_repository_id_repositories_table_id_fk", + "tableFrom": "backup_schedules_table", + "tableTo": "repositories_table", + "columnsFrom": [ + "repository_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "notification_destinations_table": { + "name": "notification_destinations_table", + "columns": { + "id": { + "name": "id", + "type": "integer", + "primaryKey": true, + "notNull": true, + "autoincrement": true + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "enabled": { + "name": "enabled", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "config": { + "name": "config", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + }, + "updated_at": { + "name": "updated_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + } + }, + "indexes": { + "notification_destinations_table_name_unique": { + "name": "notification_destinations_table_name_unique", + "columns": [ + "name" + ], + "isUnique": true + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "repositories_table": { + "name": "repositories_table", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "short_id": { + "name": "short_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "config": { + "name": "config", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "compression_mode": { + "name": "compression_mode", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false, + "default": "'auto'" + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false, + "default": "'unknown'" + }, + "last_checked": { + "name": "last_checked", + "type": "integer", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + }, + "updated_at": { + "name": "updated_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + } + }, + "indexes": { + "repositories_table_short_id_unique": { + "name": "repositories_table_short_id_unique", + "columns": [ + "short_id" + ], + "isUnique": true + }, + "repositories_table_name_unique": { + "name": "repositories_table_name_unique", + "columns": [ + "name" + ], + "isUnique": true + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "sessions_table": { + "name": "sessions_table", + "columns": { + "id": { + "name": "id", + "type": "text", + "primaryKey": true, + "notNull": true, + "autoincrement": false + }, + "user_id": { + "name": "user_id", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "expires_at": { + "name": "expires_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + } + }, + "indexes": {}, + "foreignKeys": { + "sessions_table_user_id_users_table_id_fk": { + "name": "sessions_table_user_id_users_table_id_fk", + "tableFrom": "sessions_table", + "tableTo": "users_table", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "cascade", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "users_table": { + "name": "users_table", + "columns": { + "id": { + "name": "id", + "type": "integer", + "primaryKey": true, + "notNull": true, + "autoincrement": true + }, + "username": { + "name": "username", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "password_hash": { + "name": "password_hash", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "has_downloaded_restic_password": { + "name": "has_downloaded_restic_password", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": false + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + }, + "updated_at": { + "name": "updated_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + } + }, + "indexes": { + "users_table_username_unique": { + "name": "users_table_username_unique", + "columns": [ + "username" + ], + "isUnique": true + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + }, + "volumes_table": { + "name": "volumes_table", + "columns": { + "id": { + "name": "id", + "type": "integer", + "primaryKey": true, + "notNull": true, + "autoincrement": true + }, + "short_id": { + "name": "short_id", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "name": { + "name": "name", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "type": { + "name": "type", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "status": { + "name": "status", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "'unmounted'" + }, + "last_error": { + "name": "last_error", + "type": "text", + "primaryKey": false, + "notNull": false, + "autoincrement": false + }, + "last_health_check": { + "name": "last_health_check", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + }, + "created_at": { + "name": "created_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + }, + "updated_at": { + "name": "updated_at", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": "(unixepoch() * 1000)" + }, + "config": { + "name": "config", + "type": "text", + "primaryKey": false, + "notNull": true, + "autoincrement": false + }, + "auto_remount": { + "name": "auto_remount", + "type": "integer", + "primaryKey": false, + "notNull": true, + "autoincrement": false, + "default": true + } + }, + "indexes": { + "volumes_table_short_id_unique": { + "name": "volumes_table_short_id_unique", + "columns": [ + "short_id" + ], + "isUnique": true + }, + "volumes_table_name_unique": { + "name": "volumes_table_name_unique", + "columns": [ + "name" + ], + "isUnique": true + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {}, + "checkConstraints": {} + } + }, + "views": {}, "enums": {}, "_meta": { "schemas": {}, @@ -13,5 +828,4 @@ "internal": { "indexes": {} } -} - +} \ No newline at end of file diff --git a/app/drizzle/meta/_journal.json b/app/drizzle/meta/_journal.json index 05caf4a0..2b034fbf 100644 --- a/app/drizzle/meta/_journal.json +++ b/app/drizzle/meta/_journal.json @@ -159,8 +159,8 @@ { "idx": 22, "version": "6", - "when": 1765794227000, - "tag": "0022_add_backup_sort_order", + "when": 1765794552191, + "tag": "0022_woozy_shen", "breakpoints": true } ] From 8e49b100426af46d65ef4316646f199596354525 Mon Sep 17 00:00:00 2001 From: Raj Dave Date: Mon, 15 Dec 2025 16:06:21 +0300 Subject: [PATCH 07/28] Validates and improves schedule reordering Ensures schedule reordering requests are valid by checking for duplicate and non-existent IDs. Improves performance by using a transaction for batch updates. --- app/server/modules/backups/backups.service.ts | 35 +++++++++++++++---- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/app/server/modules/backups/backups.service.ts b/app/server/modules/backups/backups.service.ts index 372ac0d8..fd7943b6 100644 --- a/app/server/modules/backups/backups.service.ts +++ b/app/server/modules/backups/backups.service.ts @@ -639,13 +639,36 @@ const getMirrorCompatibility = async (scheduleId: number) => { }; const reorderSchedules = async (scheduleIds: number[]) => { - // Update each schedule's sortOrder based on its position in the array - for (let i = 0; i < scheduleIds.length; i++) { - await db - .update(backupSchedulesTable) - .set({ sortOrder: i, updatedAt: Date.now() }) - .where(eq(backupSchedulesTable.id, scheduleIds[i])); + // Validate input - check for duplicates + const uniqueIds = new Set(scheduleIds); + if (uniqueIds.size !== scheduleIds.length) { + throw new BadRequestError("Duplicate schedule IDs in reorder request"); } + + // Verify all schedules exist + const existingSchedules = await db.query.backupSchedulesTable.findMany({ + columns: { id: true }, + }); + const existingIds = new Set(existingSchedules.map((s) => s.id)); + + for (const id of scheduleIds) { + if (!existingIds.has(id)) { + throw new NotFoundError(`Backup schedule with ID ${id} not found`); + } + } + + // Batch update in a transaction + await db.transaction(async (tx) => { + const now = Date.now(); + await Promise.all( + scheduleIds.map((scheduleId, index) => + tx + .update(backupSchedulesTable) + .set({ sortOrder: index, updatedAt: now }) + .where(eq(backupSchedulesTable.id, scheduleId)), + ), + ); + }); }; export const backupsService = { From 008af5487df7e971108c2c37f745e1132b85a34b Mon Sep 17 00:00:00 2001 From: Raj Dave Date: Mon, 15 Dec 2025 16:19:33 +0300 Subject: [PATCH 08/28] Invalidates backup schedule queries on reorder Ensures the backup schedule list is refreshed after reordering, both on success and on error, by using the dedicated query key instead of a generic string. This guarantees the UI reflects the latest state. --- app/client/modules/backups/routes/backups.tsx | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/app/client/modules/backups/routes/backups.tsx b/app/client/modules/backups/routes/backups.tsx index 929da13c..764ba0ec 100644 --- a/app/client/modules/backups/routes/backups.tsx +++ b/app/client/modules/backups/routes/backups.tsx @@ -19,7 +19,7 @@ import { Button } from "~/client/components/ui/button"; import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "~/client/components/ui/card"; import type { Route } from "./+types/backups"; import { listBackupSchedules } from "~/client/api-client"; -import { listBackupSchedulesOptions } from "~/client/api-client/@tanstack/react-query.gen"; +import { listBackupSchedulesOptions, listBackupSchedulesQueryKey } from "~/client/api-client/@tanstack/react-query.gen"; // Temporary helper until API client is regenerated async function reorderBackupSchedules(scheduleIds: number[]) { @@ -88,7 +88,11 @@ export default function Backups({ loaderData }: Route.ComponentProps) { await reorderBackupSchedules(scheduleIds); }, onSuccess: () => { - queryClient.invalidateQueries({ queryKey: ["listBackupSchedules"] }); + queryClient.invalidateQueries({ queryKey: listBackupSchedulesQueryKey() }); + }, + onError: () => { + // Revert the order or display error to user + queryClient.invalidateQueries({ queryKey: listBackupSchedulesQueryKey() }); }, }); From c8962bb0233696439fe9d7d2fae759f84f06e748 Mon Sep 17 00:00:00 2001 From: Nicolas Meienberger Date: Tue, 16 Dec 2025 17:38:02 +0100 Subject: [PATCH 09/28] chore(frontend): parametrize server IP --- app/client/api-client/client.gen.ts | 2 +- app/client/api-client/types.gen.ts | 2 +- app/server/core/config.ts | 2 ++ app/server/index.ts | 3 ++- openapi-ts.config.ts | 3 ++- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/app/client/api-client/client.gen.ts b/app/client/api-client/client.gen.ts index 4dc9424f..a31c7b49 100644 --- a/app/client/api-client/client.gen.ts +++ b/app/client/api-client/client.gen.ts @@ -13,4 +13,4 @@ import type { ClientOptions as ClientOptions2 } from './types.gen'; */ export type CreateClientConfig = (override?: Config) => Config & T>; -export const client = createClient(createConfig({ baseUrl: 'http://192.168.2.42:4096' })); +export const client = createClient(createConfig({ baseUrl: 'http://localhost:4096' })); diff --git a/app/client/api-client/types.gen.ts b/app/client/api-client/types.gen.ts index 87b61d3e..9da667c1 100644 --- a/app/client/api-client/types.gen.ts +++ b/app/client/api-client/types.gen.ts @@ -1,7 +1,7 @@ // This file is auto-generated by @hey-api/openapi-ts export type ClientOptions = { - baseUrl: 'http://192.168.2.42:4096' | (string & {}); + baseUrl: 'http://localhost:4096' | (string & {}); }; export type RegisterData = { diff --git a/app/server/core/config.ts b/app/server/core/config.ts index bd138c4b..356b341f 100644 --- a/app/server/core/config.ts +++ b/app/server/core/config.ts @@ -3,9 +3,11 @@ import "dotenv/config"; const envSchema = type({ NODE_ENV: type.enumerated("development", "production", "test").default("production"), + SERVER_IP: 'string = "localhost"', }).pipe((s) => ({ __prod__: s.NODE_ENV === "production", environment: s.NODE_ENV, + serverIp: s.SERVER_IP, })); const parseConfig = (env: unknown) => { diff --git a/app/server/index.ts b/app/server/index.ts index 4e4516a5..a9a1d647 100644 --- a/app/server/index.ts +++ b/app/server/index.ts @@ -19,6 +19,7 @@ import { logger } from "./utils/logger"; import { shutdown } from "./modules/lifecycle/shutdown"; import { REQUIRED_MIGRATIONS } from "./core/constants"; import { validateRequiredMigrations } from "./modules/lifecycle/checkpoint"; +import { config } from "./core/config"; export const generalDescriptor = (app: Hono) => openAPIRouteHandler(app, { @@ -28,7 +29,7 @@ export const generalDescriptor = (app: Hono) => version: "1.0.0", description: "API for managing volumes", }, - servers: [{ url: "http://192.168.2.42:4096", description: "Development Server" }], + servers: [{ url: `http://${config.serverIp}:4096`, description: "Development Server" }], }, }); diff --git a/openapi-ts.config.ts b/openapi-ts.config.ts index 08a16687..1cde65df 100644 --- a/openapi-ts.config.ts +++ b/openapi-ts.config.ts @@ -1,7 +1,8 @@ import { defaultPlugins, defineConfig } from "@hey-api/openapi-ts"; +import { config } from "./app/server/core/config.js"; export default defineConfig({ - input: "http://192.168.2.42:4096/api/v1/openapi.json", + input: `http://${config.serverIp}:4096/api/v1/openapi.json`, output: { path: "./app/client/api-client", format: "biome", From 3efff035c587eff29a3b1f8588b39b542b569bef Mon Sep 17 00:00:00 2001 From: Nico <47644445+nicotsx@users.noreply.github.com> Date: Fri, 12 Dec 2025 17:55:37 +0100 Subject: [PATCH 10/28] fix(doctor): fail gracefully in case of unexpected error (#132) --- app/client/modules/repositories/tabs/info.tsx | 8 ++++---- .../modules/repositories/repositories.service.ts | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/app/client/modules/repositories/tabs/info.tsx b/app/client/modules/repositories/tabs/info.tsx index bd198ea8..ac56cbd7 100644 --- a/app/client/modules/repositories/tabs/info.tsx +++ b/app/client/modules/repositories/tabs/info.tsx @@ -87,7 +87,7 @@ export const RepositoryInfoTabContent = ({ repository }: Props) => {

Unique identifier for the repository.

- + field.onChange(v)}> +