bambuddy/backend/app/api/routes/github_backup.py

"""API routes for GitHub profile backup."""

import logging

from fastapi import APIRouter, Depends, HTTPException, Query
from sqlalchemy import delete, desc, select
from sqlalchemy.ext.asyncio import AsyncSession

from backend.app.core.auth import RequirePermissionIfAuthEnabled
from backend.app.core.database import get_db
from backend.app.core.permissions import Permission
from backend.app.models.github_backup import GitHubBackupConfig, GitHubBackupLog
from backend.app.models.user import User
from backend.app.schemas.github_backup import (
    GitHubBackupConfigCreate,
    GitHubBackupConfigResponse,
    GitHubBackupConfigUpdate,
    GitHubBackupLogResponse,
    GitHubBackupStatus,
    GitHubBackupTriggerResponse,
    GitHubTestConnectionResponse,
    ProviderType,
)
from backend.app.services.github_backup import github_backup_service

logger = logging.getLogger(__name__)

router = APIRouter(prefix="/github-backup", tags=["github-backup"])


_PUBLIC_REPO_ERROR = (
    "Refusing to save: the target repository is not private. Bambuddy backups "
    "include MQTT credentials, Home Assistant tokens, Prometheus tokens, your "
    "Bambu Cloud email, the printer access codes via K-profiles, and other "
    "settings that must not be exposed publicly. Make the repository private "
    "in your provider's UI and try again."
)
_UNKNOWN_VISIBILITY_ERROR = (
    "Refusing to save: could not confirm the target repository is private. "
    "Bambuddy backups contain credentials and must never go to a public or "
    "internal-visibility repository. Verify the URL, the access token's scope, "
    "and that your provider exposes the 'private' / 'visibility' field on its "
    "repo API."
)


async def _enforce_private_repo(repo_url: str, token: str, provider: str) -> None:
    """Run a test_connection and refuse if the repo is not confirmed private.

    Used by POST and PATCH /config so a backup configuration can never be
    saved against a public repository.
    """
    result = await github_backup_service.test_connection(repo_url, token, provider=provider)
    if not result.get("success"):
        message = result.get("message") or "Connection test failed"
        raise HTTPException(status_code=400, detail=f"Cannot verify repository: {message}")
    is_private = result.get("is_private")
    if is_private is None:
        raise HTTPException(status_code=400, detail=_UNKNOWN_VISIBILITY_ERROR)
    if is_private is False:
        raise HTTPException(status_code=400, detail=_PUBLIC_REPO_ERROR)


def _config_to_response(config: GitHubBackupConfig) -> dict:
    """Convert config model to response dict."""
    return {
        "id": config.id,
        "repository_url": config.repository_url,
        "has_token": bool(config.access_token),
        "branch": config.branch,
        "provider": config.provider,
        "allow_insecure_http": config.allow_insecure_http,
        "schedule_enabled": config.schedule_enabled,
        "schedule_type": config.schedule_type,
        "backup_kprofiles": config.backup_kprofiles,
        "backup_cloud_profiles": config.backup_cloud_profiles,
        "backup_settings": config.backup_settings,
        "backup_spools": config.backup_spools,
        "backup_archives": config.backup_archives,
        "enabled": config.enabled,
        "last_backup_at": config.last_backup_at,
        "last_backup_status": config.last_backup_status,
        "last_backup_message": config.last_backup_message,
        "last_backup_commit_sha": config.last_backup_commit_sha,
        "next_scheduled_run": config.next_scheduled_run,
        "created_at": config.created_at,
        "updated_at": config.updated_at,
    }


@router.get("/config", response_model=GitHubBackupConfigResponse | None)
async def get_config(
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Get the current GitHub backup configuration."""
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if not config:
        return None

    return _config_to_response(config)


@router.post("/config", response_model=GitHubBackupConfigResponse)
async def save_config(
    config_data: GitHubBackupConfigCreate,
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Create or update GitHub backup configuration.

    Only one configuration is supported. If one exists, it will be updated.
    The target repository must be private — Bambuddy backups carry MQTT
    credentials, HA/Prometheus tokens, the Bambu Cloud email, and printer
    access codes (via K-profiles), so a public repo is a hard reject.
    """
    await _enforce_private_repo(
        config_data.repository_url,
        config_data.access_token,
        config_data.provider.value,
    )

    # Check for existing config
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if config:
        # Update existing
        config.repository_url = config_data.repository_url
        config.access_token = config_data.access_token
        config.branch = config_data.branch
        config.provider = config_data.provider.value
        config.schedule_enabled = config_data.schedule_enabled
        config.schedule_type = config_data.schedule_type.value
        config.backup_kprofiles = config_data.backup_kprofiles
        config.backup_cloud_profiles = config_data.backup_cloud_profiles
        config.backup_settings = config_data.backup_settings
        config.backup_spools = config_data.backup_spools
        config.backup_archives = config_data.backup_archives
        config.allow_insecure_http = config_data.allow_insecure_http
        config.enabled = config_data.enabled

        # Calculate next scheduled run if enabled
        if config.schedule_enabled:
            config.next_scheduled_run = github_backup_service.calculate_next_run(config.schedule_type)
        else:
            config.next_scheduled_run = None

        logger.info("Updated GitHub backup config: %s", config.repository_url)
    else:
        # Create new
        config = GitHubBackupConfig(
            repository_url=config_data.repository_url,
            access_token=config_data.access_token,
            branch=config_data.branch,
            provider=config_data.provider.value,
            schedule_enabled=config_data.schedule_enabled,
            schedule_type=config_data.schedule_type.value,
            backup_kprofiles=config_data.backup_kprofiles,
            backup_cloud_profiles=config_data.backup_cloud_profiles,
            backup_settings=config_data.backup_settings,
            backup_spools=config_data.backup_spools,
            backup_archives=config_data.backup_archives,
            allow_insecure_http=config_data.allow_insecure_http,
            enabled=config_data.enabled,
        )

        if config.schedule_enabled:
            config.next_scheduled_run = github_backup_service.calculate_next_run(config.schedule_type)

        db.add(config)
        logger.info("Created GitHub backup config: %s", config.repository_url)

    await db.commit()
    await db.refresh(config)

    return _config_to_response(config)


@router.patch("/config", response_model=GitHubBackupConfigResponse)
async def update_config(
    update_data: GitHubBackupConfigUpdate,
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Partially update GitHub backup configuration."""
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if not config:
        raise HTTPException(status_code=404, detail="No configuration found")

    update_dict = update_data.model_dump(exclude_unset=True)

    # Validate HTTP URL restriction when the URL policy is being changed. This avoids blocking unrelated autosaves
    # for legacy configs that already contain an HTTP URL.
    if "repository_url" in update_dict or "allow_insecure_http" in update_dict:
        url_to_check = update_dict.get("repository_url", config.repository_url)
        effective_allow_http = update_dict.get("allow_insecure_http", config.allow_insecure_http)
        if url_to_check and url_to_check.startswith("http://") and not effective_allow_http:
            raise HTTPException(
                status_code=422,
                detail="This URL uses HTTP instead of HTTPS. Enable 'Allow insecure HTTP' if your instance does not use TLS.",
            )

    # Re-verify the repo is private whenever the target changes — new URL,
    # new token, or new provider. We DON'T re-test on every unrelated PATCH
    # (e.g. toggling backup_archives) so flipping schedule settings doesn't
    # round-trip a live API call.
    target_changed = "repository_url" in update_dict or "access_token" in update_dict or "provider" in update_dict
    if target_changed:
        provider_value = update_dict.get("provider", config.provider)
        if hasattr(provider_value, "value"):
            provider_value = provider_value.value
        await _enforce_private_repo(
            update_dict.get("repository_url", config.repository_url),
            update_dict.get("access_token", config.access_token),
            provider_value,
        )

    for key, value in update_dict.items():
        if key in ("schedule_type", "provider") and value is not None:
            setattr(config, key, value.value)
        else:
            setattr(config, key, value)

    # Recalculate next scheduled run if schedule settings changed
    if "schedule_enabled" in update_dict or "schedule_type" in update_dict:
        if config.schedule_enabled:
            config.next_scheduled_run = github_backup_service.calculate_next_run(config.schedule_type)
        else:
            config.next_scheduled_run = None

    await db.commit()
    await db.refresh(config)

    logger.info("Updated GitHub backup config: %s", config.repository_url)

    return _config_to_response(config)


@router.delete("/config")
async def delete_config(
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Delete the GitHub backup configuration and all logs."""
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if not config:
        raise HTTPException(status_code=404, detail="No configuration found")

    await db.delete(config)
    await db.commit()

    logger.info("Deleted GitHub backup config")

    return {"message": "Configuration deleted"}


@router.post("/test", response_model=GitHubTestConnectionResponse)
async def test_connection(
    repo_url: str = Query(..., description="Repository URL"),
    token: str = Query(..., description="Personal Access Token"),
    provider: ProviderType = Query(default=ProviderType.GITHUB, description="Git provider key"),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Test Git provider connection with provided credentials."""
    result = await github_backup_service.test_connection(repo_url, token, provider=provider)
    return GitHubTestConnectionResponse(**result)


@router.post("/test-stored", response_model=GitHubTestConnectionResponse)
async def test_stored_connection(
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Test GitHub connection using stored configuration."""
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if not config:
        raise HTTPException(status_code=404, detail="No configuration found")

    if not config.access_token:
        raise HTTPException(status_code=400, detail="No access token configured")

    test_result = await github_backup_service.test_connection(
        config.repository_url,
        config.access_token,
        provider=config.provider,
    )
    return GitHubTestConnectionResponse(**test_result)


@router.post("/run", response_model=GitHubBackupTriggerResponse)
async def trigger_backup(
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Manually trigger a backup."""
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if not config:
        raise HTTPException(status_code=404, detail="No configuration found. Configure backup first.")

    if not config.enabled:
        raise HTTPException(status_code=400, detail="Backup is disabled")

    backup_result = await github_backup_service.run_backup(config.id, trigger="manual")

    return GitHubBackupTriggerResponse(**backup_result)


@router.get("/status", response_model=GitHubBackupStatus)
async def get_status(
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Get current backup status."""
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if not config:
        return GitHubBackupStatus(
            configured=False,
            enabled=False,
            is_running=False,
            progress=None,
            last_backup_at=None,
            last_backup_status=None,
            next_scheduled_run=None,
        )

    return GitHubBackupStatus(
        configured=True,
        enabled=config.enabled,
        is_running=github_backup_service.is_running,
        progress=github_backup_service.progress,
        last_backup_at=config.last_backup_at,
        last_backup_status=config.last_backup_status,
        next_scheduled_run=config.next_scheduled_run,
    )


@router.get("/logs", response_model=list[GitHubBackupLogResponse])
async def get_logs(
    limit: int = Query(default=50, ge=1, le=200),
    offset: int = Query(default=0, ge=0),
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Get backup logs."""
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if not config:
        return []

    logs_result = await db.execute(
        select(GitHubBackupLog)
        .where(GitHubBackupLog.config_id == config.id)
        .order_by(desc(GitHubBackupLog.started_at))
        .offset(offset)
        .limit(limit)
    )
    logs = logs_result.scalars().all()

    return [
        GitHubBackupLogResponse(
            id=log.id,
            config_id=log.config_id,
            started_at=log.started_at,
            completed_at=log.completed_at,
            status=log.status,
            trigger=log.trigger,
            commit_sha=log.commit_sha,
            files_changed=log.files_changed,
            error_message=log.error_message,
        )
        for log in logs
    ]


@router.delete("/logs")
async def clear_logs(
    keep_last: int = Query(default=10, ge=0, le=100, description="Number of recent logs to keep"),
    db: AsyncSession = Depends(get_db),
    _: User | None = RequirePermissionIfAuthEnabled(Permission.GITHUB_BACKUP),
):
    """Clear backup logs, optionally keeping the most recent entries."""
    result = await db.execute(select(GitHubBackupConfig).limit(1))
    config = result.scalar_one_or_none()

    if not config:
        return {"deleted": 0, "message": "No configuration found"}

    if keep_last > 0:
        # Get IDs to keep
        keep_result = await db.execute(
            select(GitHubBackupLog.id)
            .where(GitHubBackupLog.config_id == config.id)
            .order_by(desc(GitHubBackupLog.started_at))
            .limit(keep_last)
        )
        keep_ids = [row[0] for row in keep_result.fetchall()]

        if keep_ids:
            delete_result = await db.execute(
                delete(GitHubBackupLog).where(
                    GitHubBackupLog.config_id == config.id, GitHubBackupLog.id.not_in(keep_ids)
                )
            )
        else:
            delete_result = await db.execute(delete(GitHubBackupLog).where(GitHubBackupLog.config_id == config.id))
    else:
        delete_result = await db.execute(delete(GitHubBackupLog).where(GitHubBackupLog.config_id == config.id))

    await db.commit()

    deleted_count = delete_result.rowcount
    logger.info("Deleted %s GitHub backup logs (kept %s)", deleted_count, keep_last)

    return {"deleted": deleted_count, "message": f"Deleted {deleted_count} logs"}