"""API routes for GitHub profile backup.""" import logging from fastapi import APIRouter, Depends, HTTPException, Query from sqlalchemy import delete, desc, select from sqlalchemy.ext.asyncio import AsyncSession from backend.app.core.auth import RequirePermissionIfAuthEnabled from backend.app.core.database import get_db from backend.app.core.permissions import Permission from backend.app.models.github_backup import GitHubBackupConfig, GitHubBackupLog from backend.app.models.user import User from backend.app.schemas.github_backup import ( GitHubBackupConfigCreate, GitHubBackupConfigResponse, GitHubBackupConfigUpdate, GitHubBackupLogResponse, GitHubBackupStatus, GitHubBackupTriggerResponse, GitHubTestConnectionResponse, ProviderType, ) from backend.app.services.github_backup import github_backup_service logger = logging.getLogger(__name__) router = APIRouter(prefix="/github-backup", tags=["github-backup"]) def _config_to_response(config: GitHubBackupConfig) -> dict: """Convert config model to response dict.""" return { "id": config.id, "repository_url": config.repository_url, "has_token": bool(config.access_token), "branch": config.branch, "provider": config.provider, "allow_insecure_http": config.allow_insecure_http, "schedule_enabled": config.schedule_enabled, "schedule_type": config.schedule_type, "backup_kprofiles": config.backup_kprofiles, "backup_cloud_profiles": config.backup_cloud_profiles, "backup_settings": config.backup_settings, "backup_spools": config.backup_spools, "backup_archives": config.backup_archives, "enabled": config.enabled, "last_backup_at": config.last_backup_at, "last_backup_status": config.last_backup_status, "last_backup_message": config.last_backup_message, "last_backup_commit_sha": config.last_backup_commit_sha, "next_scheduled_run": config.next_scheduled_run, "created_at": config.created_at, "updated_at": config.updated_at, } @router.get("/config", response_model=GitHubBackupConfigResponse | None) async def get_config( db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Get the current GitHub backup configuration.""" result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if not config: return None return _config_to_response(config) @router.post("/config", response_model=GitHubBackupConfigResponse) async def save_config( config_data: GitHubBackupConfigCreate, db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Create or update GitHub backup configuration. Only one configuration is supported. If one exists, it will be updated. """ # Check for existing config result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if config: # Update existing config.repository_url = config_data.repository_url config.access_token = config_data.access_token config.branch = config_data.branch config.provider = config_data.provider.value config.schedule_enabled = config_data.schedule_enabled config.schedule_type = config_data.schedule_type.value config.backup_kprofiles = config_data.backup_kprofiles config.backup_cloud_profiles = config_data.backup_cloud_profiles config.backup_settings = config_data.backup_settings config.backup_spools = config_data.backup_spools config.backup_archives = config_data.backup_archives config.allow_insecure_http = config_data.allow_insecure_http config.enabled = config_data.enabled # Calculate next scheduled run if enabled if config.schedule_enabled: config.next_scheduled_run = github_backup_service.calculate_next_run(config.schedule_type) else: config.next_scheduled_run = None logger.info("Updated GitHub backup config: %s", config.repository_url) else: # Create new config = GitHubBackupConfig( repository_url=config_data.repository_url, access_token=config_data.access_token, branch=config_data.branch, provider=config_data.provider.value, schedule_enabled=config_data.schedule_enabled, schedule_type=config_data.schedule_type.value, backup_kprofiles=config_data.backup_kprofiles, backup_cloud_profiles=config_data.backup_cloud_profiles, backup_settings=config_data.backup_settings, backup_spools=config_data.backup_spools, backup_archives=config_data.backup_archives, allow_insecure_http=config_data.allow_insecure_http, enabled=config_data.enabled, ) if config.schedule_enabled: config.next_scheduled_run = github_backup_service.calculate_next_run(config.schedule_type) db.add(config) logger.info("Created GitHub backup config: %s", config.repository_url) await db.commit() await db.refresh(config) return _config_to_response(config) @router.patch("/config", response_model=GitHubBackupConfigResponse) async def update_config( update_data: GitHubBackupConfigUpdate, db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Partially update GitHub backup configuration.""" result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if not config: raise HTTPException(status_code=404, detail="No configuration found") update_dict = update_data.model_dump(exclude_unset=True) # Validate HTTP URL restriction when the URL policy is being changed. This avoids blocking unrelated autosaves # for legacy configs that already contain an HTTP URL. if "repository_url" in update_dict or "allow_insecure_http" in update_dict: url_to_check = update_dict.get("repository_url", config.repository_url) effective_allow_http = update_dict.get("allow_insecure_http", config.allow_insecure_http) if url_to_check and url_to_check.startswith("http://") and not effective_allow_http: raise HTTPException( status_code=422, detail="This URL uses HTTP instead of HTTPS. Enable 'Allow insecure HTTP' if your instance does not use TLS.", ) for key, value in update_dict.items(): if key in ("schedule_type", "provider") and value is not None: setattr(config, key, value.value) else: setattr(config, key, value) # Recalculate next scheduled run if schedule settings changed if "schedule_enabled" in update_dict or "schedule_type" in update_dict: if config.schedule_enabled: config.next_scheduled_run = github_backup_service.calculate_next_run(config.schedule_type) else: config.next_scheduled_run = None await db.commit() await db.refresh(config) logger.info("Updated GitHub backup config: %s", config.repository_url) return _config_to_response(config) @router.delete("/config") async def delete_config( db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Delete the GitHub backup configuration and all logs.""" result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if not config: raise HTTPException(status_code=404, detail="No configuration found") await db.delete(config) await db.commit() logger.info("Deleted GitHub backup config") return {"message": "Configuration deleted"} @router.post("/test", response_model=GitHubTestConnectionResponse) async def test_connection( repo_url: str = Query(..., description="Repository URL"), token: str = Query(..., description="Personal Access Token"), provider: ProviderType = Query(default=ProviderType.GITHUB, description="Git provider key"), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Test Git provider connection with provided credentials.""" result = await github_backup_service.test_connection(repo_url, token, provider=provider) return GitHubTestConnectionResponse(**result) @router.post("/test-stored", response_model=GitHubTestConnectionResponse) async def test_stored_connection( db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Test GitHub connection using stored configuration.""" result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if not config: raise HTTPException(status_code=404, detail="No configuration found") if not config.access_token: raise HTTPException(status_code=400, detail="No access token configured") test_result = await github_backup_service.test_connection( config.repository_url, config.access_token, provider=config.provider, ) return GitHubTestConnectionResponse(**test_result) @router.post("/run", response_model=GitHubBackupTriggerResponse) async def trigger_backup( db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Manually trigger a backup.""" result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if not config: raise HTTPException(status_code=404, detail="No configuration found. Configure backup first.") if not config.enabled: raise HTTPException(status_code=400, detail="Backup is disabled") backup_result = await github_backup_service.run_backup(config.id, trigger="manual") return GitHubBackupTriggerResponse(**backup_result) @router.get("/status", response_model=GitHubBackupStatus) async def get_status( db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Get current backup status.""" result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if not config: return GitHubBackupStatus( configured=False, enabled=False, is_running=False, progress=None, last_backup_at=None, last_backup_status=None, next_scheduled_run=None, ) return GitHubBackupStatus( configured=True, enabled=config.enabled, is_running=github_backup_service.is_running, progress=github_backup_service.progress, last_backup_at=config.last_backup_at, last_backup_status=config.last_backup_status, next_scheduled_run=config.next_scheduled_run, ) @router.get("/logs", response_model=list[GitHubBackupLogResponse]) async def get_logs( limit: int = Query(default=50, ge=1, le=200), offset: int = Query(default=0, ge=0), db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Get backup logs.""" result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if not config: return [] logs_result = await db.execute( select(GitHubBackupLog) .where(GitHubBackupLog.config_id == config.id) .order_by(desc(GitHubBackupLog.started_at)) .offset(offset) .limit(limit) ) logs = logs_result.scalars().all() return [ GitHubBackupLogResponse( id=log.id, config_id=log.config_id, started_at=log.started_at, completed_at=log.completed_at, status=log.status, trigger=log.trigger, commit_sha=log.commit_sha, files_changed=log.files_changed, error_message=log.error_message, ) for log in logs ] @router.delete("/logs") async def clear_logs( keep_last: int = Query(default=10, ge=0, le=100, description="Number of recent logs to keep"), db: AsyncSession = Depends(get_db), _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP), ): """Clear backup logs, optionally keeping the most recent entries.""" result = await db.execute(select(GitHubBackupConfig).limit(1)) config = result.scalar_one_or_none() if not config: return {"deleted": 0, "message": "No configuration found"} if keep_last > 0: # Get IDs to keep keep_result = await db.execute( select(GitHubBackupLog.id) .where(GitHubBackupLog.config_id == config.id) .order_by(desc(GitHubBackupLog.started_at)) .limit(keep_last) ) keep_ids = [row[0] for row in keep_result.fetchall()] if keep_ids: delete_result = await db.execute( delete(GitHubBackupLog).where( GitHubBackupLog.config_id == config.id, GitHubBackupLog.id.not_in(keep_ids) ) ) else: delete_result = await db.execute(delete(GitHubBackupLog).where(GitHubBackupLog.config_id == config.id)) else: delete_result = await db.execute(delete(GitHubBackupLog).where(GitHubBackupLog.config_id == config.id)) await db.commit() deleted_count = delete_result.rowcount logger.info("Deleted %s GitHub backup logs (kept %s)", deleted_count, keep_last) return {"deleted": deleted_count, "message": f"Deleted {deleted_count} logs"}