""" Backup & Restore API — talks directly to HuggingFace Dataset API. Flow: 1. Space asks Worker for HF credentials (token, repo, user path prefix) 2. Space uploads/downloads/lists archives directly via HuggingFace API """ import os import shutil import tarfile import tempfile from datetime import datetime from pathlib import Path import httpx from fastapi import APIRouter, BackgroundTasks, Depends, HTTPException, Query, Request from auth import AuthUser, get_current_user from config import ADMIN_API_URL, BACKUP_DIR, DATA_DIR from routers.terminal import kill_terminal from storage import check_zone_owner, load_meta, save_meta, validate_zone_name router = APIRouter(prefix="/api/backup", tags=["backup"]) HF_API = "https://huggingface.co/api" _backup_status: dict = {"running": False, "last": None, "error": None, "progress": ""} def _utc_stamp() -> str: return datetime.utcnow().strftime("%Y%m%dT%H%M%SZ") def _archive_file_name(zone_name: str) -> str: return f"{zone_name}__{_utc_stamp()}.tar.gz" def _zone_from_backup_name(name: str) -> str: base = Path(name).name if not base.endswith(".tar.gz"): return base stem = base[:-7] return stem.split("__", 1)[0] def _backup_sort_key(item: dict) -> tuple[str, str]: return (item.get("last_modified") or "", item.get("backup_name") or "") def _get_token(request: Request) -> str: auth = request.headers.get("Authorization", "") if auth.startswith("Bearer "): return auth[7:] return "" def _get_credentials(token: str) -> dict: with httpx.Client(timeout=15) as client: resp = client.get( f"{ADMIN_API_URL}/backup/credentials", headers={"Authorization": f"Bearer {token}"}, ) if resp.status_code != 200: data = resp.json() if "application/json" in resp.headers.get("content-type", "") else {"error": resp.text} raise ValueError(data.get("error", f"Worker error: {resp.status_code}")) return resp.json() def _log_action(token: str, zone_name: str, action: str, status: str, file_path: str = ""): try: with httpx.Client(timeout=10) as client: client.post( f"{ADMIN_API_URL}/backup/log", headers={"Authorization": f"Bearer {token}"}, json={"zone_name": zone_name, "action": action, "status": status, "file_path": file_path}, ) except Exception: pass def _create_zone_archive(zone_name: str) -> tuple[Path, str]: zone_path = DATA_DIR / zone_name if not zone_path.is_dir(): raise ValueError(f"Zone '{zone_name}' khong ton tai") fd, temp_path = tempfile.mkstemp(prefix=f"{zone_name}-", suffix=".tar.gz", dir=str(BACKUP_DIR)) os.close(fd) archive_path = Path(temp_path) with tarfile.open(archive_path, "w:gz") as tar: tar.add(str(zone_path), arcname=zone_name) return archive_path, _archive_file_name(zone_name) def _assert_restore_allowed(zone_name: str, user: AuthUser): meta = load_meta() if zone_name in meta: check_zone_owner(zone_name, user.sub, user.role) def _extract_archive(archive_path: Path, zone_name: str): zone_path = DATA_DIR / zone_name if zone_path.exists(): shutil.rmtree(zone_path) zone_path.mkdir(parents=True, exist_ok=True) with tarfile.open(archive_path, "r:gz") as tar: for member in tar.getmembers(): member_path = os.path.normpath(member.name) if member_path.startswith("..") or os.path.isabs(member_path): raise ValueError(f"Archive chua path khong an toan: {member.name}") if member_path != zone_name and not member_path.startswith(f"{zone_name}/"): raise ValueError(f"Archive chua path ngoai zone: {member.name}") tar.extractall(path=str(DATA_DIR), filter="data") def _ensure_restored_meta(zone_name: str, user: AuthUser): meta = load_meta() if zone_name not in meta: meta[zone_name] = { "description": "Restored from backup", "created": datetime.now().isoformat(), "owner_id": user.sub, "owner_name": user.username, } save_meta(meta) def _download_from_hf(creds: dict, backup_name: str) -> bytes: file_path = f"{creds['path_prefix']}/{backup_name}" with httpx.Client(timeout=300, follow_redirects=True) as client: resp = client.get( f"https://huggingface.co/datasets/{creds['repo']}/resolve/main/{file_path}", headers={"Authorization": f"Bearer {creds['hf_token']}"}, ) if resp.status_code == 404: raise FileNotFoundError(f"Backup '{backup_name}' khong ton tai") if resp.status_code != 200: raise ValueError(f"HF download error: {resp.status_code}") return resp.content def _list_backups_from_hf(creds: dict) -> list[dict]: with httpx.Client(timeout=30) as client: resp = client.get( f"{HF_API}/datasets/{creds['repo']}/tree/main/{creds['path_prefix']}", headers={"Authorization": f"Bearer {creds['hf_token']}"}, ) if resp.status_code == 404: return [] if resp.status_code != 200: raise ValueError(f"HF API error: {resp.status_code} {resp.text}") meta = load_meta() items: list[dict] = [] for entry in resp.json(): path = entry.get("path", "") if entry.get("type") != "file" or not path.endswith(".tar.gz"): continue backup_name = path.split("/")[-1] zone_name = _zone_from_backup_name(backup_name) items.append( { "zone_name": zone_name, "backup_name": backup_name, "file": path, "size": (entry.get("lfs") or {}).get("size") or entry.get("size", 0), "last_modified": (entry.get("lastCommit") or {}).get("date", ""), "local_exists": zone_name in meta, } ) return sorted(items, key=_backup_sort_key, reverse=True) def _delete_backup_from_hf(creds: dict, backup_name: str): from huggingface_hub import HfApi api = HfApi(token=creds["hf_token"]) api.delete_file( path_in_repo=f"{creds['path_prefix']}/{backup_name}", repo_id=creds["repo"], repo_type="dataset", commit_message=f"Delete backup: {backup_name}", ) def _upload_to_hf(creds: dict, backup_name: str, archive_path: Path): from huggingface_hub import HfApi api = HfApi(token=creds["hf_token"]) api.upload_file( path_or_fileobj=str(archive_path), path_in_repo=f"{creds['path_prefix']}/{backup_name}", repo_id=creds["repo"], repo_type="dataset", commit_message=f"Backup: {backup_name}", ) @router.get("/status") def backup_status(): return { "configured": bool(ADMIN_API_URL), "admin_url": ADMIN_API_URL or None, "running": _backup_status["running"], "last": _backup_status["last"], "error": _backup_status["error"], "progress": _backup_status["progress"], } @router.get("/list") async def list_backups(request: Request, user: AuthUser = Depends(get_current_user)): if not ADMIN_API_URL: raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh") token = _get_token(request) if not token: raise HTTPException(401, "Chua dang nhap") try: creds = _get_credentials(token) backups = _list_backups_from_hf(creds) if user.role == "admin": return backups meta = load_meta() allowed = {name for name, info in meta.items() if info.get("owner_id") == user.sub} return [item for item in backups if item["zone_name"] in allowed or not item["local_exists"]] except ValueError as e: raise HTTPException(502, str(e)) except httpx.HTTPError as e: raise HTTPException(502, f"Khong the ket noi: {e}") @router.delete("/file") async def delete_backup_file( request: Request, backup_name: str = Query(...), user: AuthUser = Depends(get_current_user), ): if not ADMIN_API_URL: raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh") zone_name = _zone_from_backup_name(backup_name) try: _assert_restore_allowed(zone_name, user) creds = _get_credentials(_get_token(request)) _delete_backup_from_hf(creds, backup_name) _log_action(_get_token(request), zone_name, "delete_backup", "success", backup_name) return {"ok": True} except ValueError as e: raise HTTPException(400, str(e)) except Exception as e: raise HTTPException(502, str(e)) @router.post("/zone/{zone_name}") async def backup_zone( zone_name: str, request: Request, background_tasks: BackgroundTasks, user: AuthUser = Depends(get_current_user), ): if not ADMIN_API_URL: raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh") token = _get_token(request) if not token: raise HTTPException(401, "Chua dang nhap") try: validate_zone_name(zone_name) check_zone_owner(zone_name, user.sub, user.role) if not (DATA_DIR / zone_name).is_dir(): raise ValueError(f"Zone '{zone_name}' khong ton tai") except ValueError as e: raise HTTPException(400, str(e)) if _backup_status["running"]: raise HTTPException(409, "Dang co backup khac dang chay") try: creds = _get_credentials(token) except ValueError as e: raise HTTPException(502, str(e)) def _run(): _backup_status["running"] = True _backup_status["error"] = None _backup_status["progress"] = f"Dang backup zone: {zone_name}..." archive_path: Path | None = None backup_name = "" try: archive_path, backup_name = _create_zone_archive(zone_name) _upload_to_hf(creds, backup_name, archive_path) _log_action(token, zone_name, "backup", "success", f"{creds['path_prefix']}/{backup_name}") _backup_status["last"] = datetime.now().isoformat() _backup_status["progress"] = f"Backup zone {zone_name} thanh cong" except Exception as e: _backup_status["error"] = str(e) _backup_status["progress"] = f"Loi backup: {e}" _log_action(token, zone_name, "backup", "error", backup_name) finally: if archive_path: archive_path.unlink(missing_ok=True) _backup_status["running"] = False background_tasks.add_task(_run) return {"ok": True, "message": f"Dang backup zone {zone_name} trong nen..."} @router.post("/all") async def backup_all( request: Request, background_tasks: BackgroundTasks, user: AuthUser = Depends(get_current_user), ): if not ADMIN_API_URL: raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh") token = _get_token(request) if not token: raise HTTPException(401, "Chua dang nhap") if _backup_status["running"]: raise HTTPException(409, "Dang co backup khac dang chay") try: creds = _get_credentials(token) except ValueError as e: raise HTTPException(502, str(e)) meta = load_meta() zone_names = [ name for name, info in meta.items() if (DATA_DIR / name).is_dir() and (user.role == "admin" or info.get("owner_id") == user.sub) ] def _run(): _backup_status["running"] = True _backup_status["error"] = None _backup_status["progress"] = "Dang backup tat ca zones..." try: total = len(zone_names) for idx, zone_name in enumerate(zone_names, start=1): _backup_status["progress"] = f"Dang backup zone {zone_name} ({idx}/{total})..." archive_path, backup_name = _create_zone_archive(zone_name) try: _upload_to_hf(creds, backup_name, archive_path) finally: archive_path.unlink(missing_ok=True) _log_action(token, zone_name, "backup", "success", f"{creds['path_prefix']}/{backup_name}") _backup_status["last"] = datetime.now().isoformat() _backup_status["progress"] = "Backup tat ca zones thanh cong" except Exception as e: _backup_status["error"] = str(e) _backup_status["progress"] = f"Loi backup: {e}" finally: _backup_status["running"] = False background_tasks.add_task(_run) return {"ok": True, "message": "Dang backup tat ca zones trong nen..."} @router.post("/restore/{zone_name}") async def restore_zone( zone_name: str, request: Request, background_tasks: BackgroundTasks, backup_name: str | None = Query(None), user: AuthUser = Depends(get_current_user), ): if not ADMIN_API_URL: raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh") token = _get_token(request) if not token: raise HTTPException(401, "Chua dang nhap") try: validate_zone_name(zone_name) _assert_restore_allowed(zone_name, user) except ValueError as e: raise HTTPException(400, str(e)) if _backup_status["running"]: raise HTTPException(409, "Dang co backup/restore khac dang chay") try: creds = _get_credentials(token) target_backup_name = backup_name if not target_backup_name: backups = [item for item in _list_backups_from_hf(creds) if item["zone_name"] == zone_name] if not backups: raise ValueError(f"Khong tim thay backup cho zone '{zone_name}'") target_backup_name = backups[0]["backup_name"] except ValueError as e: raise HTTPException(502, str(e)) def _run(): _backup_status["running"] = True _backup_status["error"] = None _backup_status["progress"] = f"Dang restore zone: {zone_name}..." archive_path: Path | None = None try: data = _download_from_hf(creds, target_backup_name) fd, temp_path = tempfile.mkstemp(prefix=f"restore-{zone_name}-", suffix=".tar.gz", dir=str(BACKUP_DIR)) os.close(fd) archive_path = Path(temp_path) archive_path.write_bytes(data) kill_terminal(zone_name) _extract_archive(archive_path, zone_name) _ensure_restored_meta(zone_name, user) _log_action(token, zone_name, "restore", "success", f"{creds['path_prefix']}/{target_backup_name}") _backup_status["last"] = datetime.now().isoformat() _backup_status["progress"] = f"Restore zone {zone_name} thanh cong" except Exception as e: _backup_status["error"] = str(e) _backup_status["progress"] = f"Loi restore: {e}" _log_action(token, zone_name, "restore", "error", target_backup_name or "") finally: if archive_path: archive_path.unlink(missing_ok=True) _backup_status["running"] = False background_tasks.add_task(_run) return {"ok": True, "message": f"Dang restore zone {zone_name} trong nen..."} @router.post("/restore-all") async def restore_all( request: Request, background_tasks: BackgroundTasks, user: AuthUser = Depends(get_current_user), ): if not ADMIN_API_URL: raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh") token = _get_token(request) if not token: raise HTTPException(401, "Chua dang nhap") if _backup_status["running"]: raise HTTPException(409, "Dang co backup/restore khac dang chay") try: creds = _get_credentials(token) except ValueError as e: raise HTTPException(502, str(e)) try: backups = _list_backups_from_hf(creds) except ValueError as e: raise HTTPException(502, str(e)) latest_by_zone: dict[str, dict] = {} for item in backups: zone_name = item["zone_name"] try: _assert_restore_allowed(zone_name, user) except ValueError: continue latest_by_zone.setdefault(zone_name, item) def _run(): _backup_status["running"] = True _backup_status["error"] = None _backup_status["progress"] = "Dang restore tat ca zones..." try: items = list(latest_by_zone.values()) total = len(items) done = 0 for idx, item in enumerate(items, start=1): zone_name = item["zone_name"] backup_name = item["backup_name"] _backup_status["progress"] = f"Dang restore zone {zone_name} ({idx}/{total})..." archive_path: Path | None = None try: data = _download_from_hf(creds, backup_name) fd, temp_path = tempfile.mkstemp(prefix=f"restore-{zone_name}-", suffix=".tar.gz", dir=str(BACKUP_DIR)) os.close(fd) archive_path = Path(temp_path) archive_path.write_bytes(data) kill_terminal(zone_name) _extract_archive(archive_path, zone_name) _ensure_restored_meta(zone_name, user) done += 1 finally: if archive_path: archive_path.unlink(missing_ok=True) _backup_status["last"] = datetime.now().isoformat() _backup_status["progress"] = f"Restore {done}/{total} zones thanh cong" except Exception as e: _backup_status["error"] = str(e) _backup_status["progress"] = f"Loi restore: {e}" finally: _backup_status["running"] = False background_tasks.add_task(_run) return {"ok": True, "message": "Dang restore tat ca zones trong nen..."}