backupmanager_ynh/sources/app.py

import json
import logging
import os
import subprocess
from datetime import datetime

from flask import (
    Flask,
    flash,
    jsonify,
    redirect,
    render_template,
    request,
    url_for,
)
from werkzeug.middleware.proxy_fix import ProxyFix

# --- Configuration -----------------------------------------------------------

_config_path = os.environ.get(
    "BACKUPMANAGER_CONFIG",
    os.path.join(os.path.dirname(os.path.abspath(__file__)), "config.py"),
)

app = Flask(__name__)
app.config.from_pyfile(_config_path)
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///" + app.config["DB_PATH"]
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False

# Proxy headers Nginx → Flask (sous-chemin + HTTPS)
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)

# Filtre Jinja2 pour désérialiser du JSON dans les templates
app.jinja_env.filters["fromjson"] = json.loads

# Logging
os.makedirs(os.path.dirname(app.config["LOG_PATH"]), exist_ok=True)
logging.basicConfig(
    filename=app.config["LOG_PATH"],
    level=logging.INFO,
    format="%(asctime)s %(levelname)s %(message)s",
)

# --- Extensions --------------------------------------------------------------

from db import db, Job, Run

db.init_app(app)

from scheduler import init_scheduler, schedule_job, remove_job

# --- Démarrage ---------------------------------------------------------------

with app.app_context():
    db.create_all()
    init_scheduler(app)
    for _job in Job.query.filter_by(enabled=True).all():
        schedule_job(_job)

# --- Auth API ----------------------------------------------------------------

@app.before_request
def _check_api_auth():
    if not request.path.startswith("/api/"):
        return
    if request.path == "/api/v1/health":
        return
    token = request.headers.get("X-BackupManager-Key", "")
    if token != app.config["API_TOKEN"]:
        return jsonify({"error": "Unauthorized"}), 401

# --- Context processors ------------------------------------------------------

@app.context_processor
def _inject_globals():
    return {
        "instance_name": app.config.get("INSTANCE_NAME", ""),
        "now": datetime.utcnow(),
    }

# --- Helpers -----------------------------------------------------------------

def _read_archive_info(archive_name):
    backup_dir = app.config["YUNOHOST_BACKUP_DIR"]
    archive_path = os.path.join(backup_dir, archive_name + ".tar")
    try:
        import tarfile as _tarfile
        with _tarfile.open(archive_path) as tar:
            member = tar.extractfile("backup_info.json")
            if member:
                return json.loads(member.read())
    except Exception:
        pass
    return {}


def _get_ynh_apps():
    try:
        result = subprocess.run(
            ["sudo", "yunohost", "app", "list", "--output-as", "json"],
            capture_output=True,
            text=True,
            timeout=15,
        )
        if result.returncode == 0:
            return json.loads(result.stdout).get("apps", [])
    except Exception:
        pass
    return []

# --- Routes dashboard --------------------------------------------------------

@app.route("/")
def index():
    jobs = Job.query.order_by(Job.name).all()
    last_runs = {
        j.id: Run.query.filter_by(job_id=j.id).order_by(Run.started_at.desc()).first()
        for j in jobs
    }
    return render_template("dashboard_local.html", jobs=jobs, last_runs=last_runs)


@app.route("/jobs/new", methods=["GET", "POST"])
def job_new():
    if request.method == "POST":
        return _save_job(None)
    return render_template("job_form.html", job=None, ynh_apps=_get_ynh_apps())


@app.route("/jobs/<int:job_id>/edit", methods=["GET", "POST"])
def job_edit(job_id):
    job = db.get_or_404(Job, job_id)
    if request.method == "POST":
        return _save_job(job)
    return render_template("job_form.html", job=job, ynh_apps=_get_ynh_apps())


@app.route("/jobs/<int:job_id>/delete", methods=["POST"])
def job_delete(job_id):
    job = db.get_or_404(Job, job_id)
    remove_job(job.id)
    db.session.delete(job)
    db.session.commit()
    flash(f"Job « {job.name} » supprimé.", "success")
    return redirect(url_for("index"))


@app.route("/jobs/<int:job_id>/run", methods=["POST"])
def job_run_now(job_id):
    job = db.get_or_404(Job, job_id)
    from scheduler import _execute_job
    import threading
    t = threading.Thread(target=_execute_job, args=(job.id,), daemon=True)
    t.start()
    flash(f"Job « {job.name} » lancé manuellement.", "success")
    return redirect(url_for("index"))


@app.route("/jobs/<int:job_id>/history")
def job_history(job_id):
    job = db.get_or_404(Job, job_id)
    runs = Run.query.filter_by(job_id=job_id).order_by(Run.started_at.desc()).limit(100).all()
    return render_template("job_history.html", job=job, runs=runs)


@app.route("/archives/<path:archive_name>/restore", methods=["GET", "POST"])
def archive_restore(archive_name):
    info = _read_archive_info(archive_name)
    archive_type = info.get("type", "")

    if request.method == "GET":
        return render_template("restore_confirm.html", archive_name=archive_name, info=info)

    def _do_restore():
        with app.app_context():
            try:
                backup_dir = app.config["YUNOHOST_BACKUP_DIR"]
                if archive_type == "custom_dir":
                    from jobs.custom_dir import restore_custom_dir
                    restore_custom_dir(archive_name, backup_dir)
                elif archive_type in ("mysql", "postgresql"):
                    from jobs.db_dump import restore_db_dump
                    restore_db_dump(archive_name, backup_dir)
                else:
                    raise NotImplementedError(
                        f"Restauration non supportée pour le type '{archive_type}'."
                    )
            except Exception as exc:
                app.logger.error(f"Restauration {archive_name} échouée : {exc}")

    import threading
    threading.Thread(target=_do_restore, daemon=True).start()
    flash(f"Restauration de « {archive_name} » démarrée en arrière-plan.", "success")
    return redirect(url_for("index"))


@app.route("/jobs/<int:job_id>/toggle", methods=["POST"])
def job_toggle(job_id):
    job = db.get_or_404(Job, job_id)
    job.enabled = not job.enabled
    job.updated_at = datetime.utcnow()
    db.session.commit()
    if job.enabled:
        schedule_job(job)
        flash(f"Job « {job.name} » activé.", "success")
    else:
        remove_job(job.id)
        flash(f"Job « {job.name} » désactivé.", "info")
    return redirect(url_for("index"))


def _save_job(job):
    f = request.form
    job_type = f.get("type", "")
    name = f.get("name", "").strip()

    if not name:
        flash("Le nom est requis.", "error")
        return render_template("job_form.html", job=job, ynh_apps=_get_ynh_apps())

    cfg = {}
    if job_type == "ynh_app":
        cfg = {"app_id": f.get("app_id", ""), "core_only": f.get("core_only") == "1"}
    elif job_type == "ynh_system":
        cfg = {}
    elif job_type in ("mysql", "postgresql"):
        dbname = f.get("db_database", "").strip()
        if not dbname:
            flash("Le nom de la base de données est requis.", "error")
            return render_template("job_form.html", job=job, ynh_apps=_get_ynh_apps())
        cfg = {"database": dbname}
    elif job_type == "custom_dir":
        source_path = f.get("source_path", "").strip().rstrip("/")
        if not source_path or not source_path.startswith("/"):
            flash("Le chemin source doit être un chemin absolu (ex: /opt/monapp).", "error")
            return render_template("job_form.html", job=job, ynh_apps=_get_ynh_apps())
        excludes = [e.strip() for e in f.get("excludes", "").splitlines() if e.strip()]
        restore_cfg = {}
        user_name = f.get("restore_user_name", "").strip()
        if user_name:
            restore_cfg["system_user"] = {
                "name": user_name,
                "home": f.get("restore_user_home", source_path).strip() or source_path,
                "shell": f.get("restore_user_shell", "/bin/false").strip() or "/bin/false",
            }
        service_name = f.get("restore_service_name", "").strip()
        if service_name:
            restore_cfg["systemd_service"] = {
                "name": service_name,
                "service_file": f.get("restore_service_file", "").strip(),
            }
        owner = f.get("restore_perm_owner", "").strip()
        mode = f.get("restore_perm_mode", "").strip()
        if owner or mode:
            restore_cfg["permissions"] = {}
            if owner:
                restore_cfg["permissions"]["owner"] = owner
            if mode:
                restore_cfg["permissions"]["mode"] = mode
        post_cmds = [c.strip() for c in f.get("restore_post_cmds", "").splitlines() if c.strip()]
        if post_cmds:
            restore_cfg["post_restore_commands"] = post_cmds
        cfg = {"source_path": source_path, "excludes": excludes, "restore": restore_cfg}

    if job is None:
        job = Job()
        db.session.add(job)

    job.name = name
    job.type = job_type
    job.config_json = json.dumps(cfg)
    job.cron_expr = f.get("cron_expr", "0 3 * * *").strip()
    job.retention_mode = f.get("retention_mode", "count")
    job.retention_value = int(f.get("retention_value", 7))
    job.enabled = f.get("enabled") == "1"
    job.core_only = cfg.get("core_only", False)
    job.updated_at = datetime.utcnow()

    db.session.commit()

    if job.enabled:
        schedule_job(job)
    else:
        remove_job(job.id)

    flash(f"Job « {job.name} » enregistré.", "success")
    return redirect(url_for("index"))

# --- API v1 ------------------------------------------------------------------

@app.route("/api/v1/health")
def api_health():
    return jsonify({"status": "ok", "instance": app.config.get("INSTANCE_NAME")})


@app.route("/api/v1/jobs")
def api_jobs():
    jobs = Job.query.all()
    return jsonify([
        {
            "id": j.id,
            "name": j.name,
            "type": j.type,
            "cron_expr": j.cron_expr,
            "enabled": j.enabled,
            "retention_mode": j.retention_mode,
            "retention_value": j.retention_value,
        }
        for j in jobs
    ])


@app.route("/api/v1/jobs/<int:job_id>/runs")
def api_job_runs(job_id):
    runs = Run.query.filter_by(job_id=job_id).order_by(Run.started_at.desc()).limit(50).all()
    return jsonify([
        {
            "id": r.id,
            "started_at": r.started_at.isoformat() if r.started_at else None,
            "finished_at": r.finished_at.isoformat() if r.finished_at else None,
            "status": r.status,
            "archive_name": r.archive_name,
            "size_bytes": r.size_bytes,
        }
        for r in runs
    ])


@app.route("/api/v1/jobs/<int:job_id>/run", methods=["POST"])
def api_job_run(job_id):
    job = db.get_or_404(Job, job_id)
    from scheduler import _execute_job
    import threading
    threading.Thread(target=_execute_job, args=(job.id,), daemon=True).start()
    return jsonify({"status": "triggered", "job_id": job_id})


@app.route("/api/v1/archives")
def api_archives():
    backup_dir = app.config["YUNOHOST_BACKUP_DIR"]
    archives = []
    try:
        for fname in sorted(os.listdir(backup_dir)):
            if fname.endswith(".tar"):
                path = os.path.join(backup_dir, fname)
                archives.append({
                    "name": fname[:-4],
                    "size_bytes": os.path.getsize(path),
                    "modified_at": datetime.utcfromtimestamp(os.path.getmtime(path)).isoformat(),
                })
    except OSError:
        pass
    return jsonify(archives)


@app.route("/api/v1/archives/<name>", methods=["DELETE"])
def api_archive_delete(name):
    backup_dir = app.config["YUNOHOST_BACKUP_DIR"]
    for ext in (".tar", ".info.json"):
        path = os.path.join(backup_dir, name + ext)
        if os.path.exists(path):
            os.remove(path)
    return jsonify({"status": "deleted", "name": name})