admin
93d9b474f1
CRITICAL: 10 data race and security fixes — backup.go mutex coverage (C1-C4), IsSystemDisk 12-bit major/minor (C5), /dev/ path validation (C6), extractName traversal (C7), TargetPath/DestinationPath against registered paths (C8-C9), ParseComposeHDDMounts Clean-before-prefix (C10). HIGH: 17 logic/resource fixes — ValidateDump bufio.Scanner (H1), single appDirSize() with 30s timeout (H2/H3), snapshot ID regex (H4), cross-drive restic prune (H5), temp file order (H6), dirSizeBytes errors (H7), atomic fstab (H8), IsDeviceMounted suffix check (H9), eMMC partition mapping (H10), bytesCopied mutex (H11), separator-aware migrate prefix (H13), DeleteStack error on compose-down (H14), docker 60s timeout (H16), NotificationPrefs deep-copy (H17), wipefs warning (H18), fstab rollback on mount fail (H19). MEDIUM: 7 code quality fixes — formatBytes dedup (M1), .tmp filter order (M2), sizeBytes string type (M3), elapsed in message (M6), LoadLocation fallback (M7), pathCovers separator (M10), cancelEditLabel textContent (M11). Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
73 lines
2.3 KiB
Go
73 lines
2.3 KiB
Go
package backup
|
|
|
|
import (
|
|
"fmt"
|
|
"regexp"
|
|
)
|
|
|
|
// snapshotIDRe validates restic snapshot IDs: 8-64 lowercase hex characters.
|
|
var snapshotIDRe = regexp.MustCompile(`^[0-9a-f]{8,64}$`)
|
|
|
|
// RestoreApp restores an app's HDD data from a restic snapshot.
|
|
func (m *Manager) RestoreApp(stackName, snapshotID string) error {
|
|
// Validate app has backup enabled
|
|
if !m.settings.IsAppBackupEnabled(stackName) {
|
|
return fmt.Errorf("backup not enabled for %s", stackName)
|
|
}
|
|
|
|
// Resolve HDD paths for this app
|
|
if m.stackProvider == nil {
|
|
return fmt.Errorf("stack provider not configured")
|
|
}
|
|
hddMounts := m.stackProvider.GetStackHDDMounts(stackName)
|
|
if len(hddMounts) == 0 {
|
|
return fmt.Errorf("no HDD data paths found for %s", stackName)
|
|
}
|
|
|
|
// H4: Validate snapshot ID format by regex instead of listing all snapshots (list caps at 100).
|
|
// restic restore will return a clear error if the snapshot ID doesn't exist.
|
|
if !snapshotIDRe.MatchString(snapshotID) {
|
|
return fmt.Errorf("invalid snapshot ID: must be 8-64 lowercase hex characters")
|
|
}
|
|
|
|
// Use the running flag to prevent concurrent backup/restore
|
|
m.mu.Lock()
|
|
if m.running {
|
|
m.mu.Unlock()
|
|
return fmt.Errorf("backup or restore already in progress")
|
|
}
|
|
m.running = true
|
|
m.mu.Unlock()
|
|
|
|
defer func() {
|
|
m.mu.Lock()
|
|
m.running = false
|
|
m.mu.Unlock()
|
|
}()
|
|
|
|
m.logger.Printf("[WARN] RESTORE starting: stack=%s, snapshot=%s, paths=%v", stackName, snapshotID, hddMounts)
|
|
|
|
// Stop the app before restore to avoid data corruption
|
|
if err := m.stackProvider.StopStack(stackName); err != nil {
|
|
m.logger.Printf("[WARN] RESTORE could not stop %s before restore: %v (proceeding anyway)", stackName, err)
|
|
}
|
|
|
|
// Execute restore
|
|
if err := m.restic.RestoreAppData(snapshotID, hddMounts); err != nil {
|
|
m.logger.Printf("[ERROR] RESTORE failed for %s: %v", stackName, err)
|
|
// Try to restart the app even on failure
|
|
if startErr := m.stackProvider.StartStack(stackName); startErr != nil {
|
|
m.logger.Printf("[WARN] RESTORE could not restart %s after failed restore: %v", stackName, startErr)
|
|
}
|
|
return err
|
|
}
|
|
|
|
// Restart the app after successful restore
|
|
if err := m.stackProvider.StartStack(stackName); err != nil {
|
|
m.logger.Printf("[WARN] RESTORE could not restart %s after restore: %v", stackName, err)
|
|
}
|
|
|
|
m.logger.Printf("[INFO] RESTORE completed: stack=%s, snapshot=%s", stackName, snapshotID)
|
|
return nil
|
|
}
|