more fixes

backend/scripts/backup.py

@@ -5,149 +5,70 @@ import subprocess
 import datetime
 import sqlite3
 from pathlib import Path
+
 from huggingface_hub import HfApi, hf_hub_download, CommitOperationAdd
 
-# Get the absolute paths for our script and base directories
-SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-BASE_DIR = os.path.dirname(SCRIPT_DIR)
+# ------------------------------------------------------------------------------
+# 1. Define directories outside of /app to avoid read-only file system issues
+# ------------------------------------------------------------------------------
+BACKUP_DIR = "/tmp/open_webui/db_backup"
+DATA_DIR = "/tmp/open_webui/data"
+
+# Actual files on the local (runtime) filesystem
+TIMESTAMP_FILE_PATH = os.path.join(BACKUP_DIR, "last_backup_time.txt")
+DB_GPG_PATH = os.path.join(BACKUP_DIR, "webui.db.gpg")
+DB_FILE_PATH = os.path.join(DATA_DIR, "webui.db")
 
-# Define all paths as absolute paths relative to our base directory
-TIMESTAMP_FILE_PATH = os.path.join(BASE_DIR, "db_backup/last_backup_time.txt")
-DB_GPG_PATH = os.path.join(BASE_DIR, "db_backup/webui.db.gpg")
-DB_FILE_PATH = os.path.join(BASE_DIR, "data/webui.db")
+# Paths to store in the Hugging Face Space repository
+# (so your commit will look like "db_backup/webui.db.gpg" etc.)
+REPO_TIMESTAMP_FILE = "db_backup/last_backup_time.txt"
+REPO_DB_GPG_FILE = "db_backup/webui.db.gpg"
 
 def ensure_directories():
     """
-    Create and verify all necessary directories for our backup operation.
-    Includes thorough permission checking and write verification.
+    Create and verify all necessary directories for our backup operation
+    in /tmp/open_webui/ rather than /app.
     
     Returns:
-        bool: True if directories were created and verified successfully
+        bool: True if directories exist and are writable
     """
     try:
-        for directory in [os.path.dirname(DB_GPG_PATH), os.path.dirname(DB_FILE_PATH)]:
-            # Create directory with full permissions for the current user
+        for directory in [BACKUP_DIR, DATA_DIR]:
             os.makedirs(directory, mode=0o755, exist_ok=True)
-            
-            # Verify directory exists and get its current permissions
             dir_stat = os.stat(directory)
-            print(f"Directory {directory} created with permissions: {oct(dir_stat.st_mode)[-3:]}")
+            print(f"Directory {directory} created or exists with permissions: {oct(dir_stat.st_mode)[-3:]}")
             
-            # Verify we can write to the directory with a test file
+            # Verify we can write to the directory
             test_file = os.path.join(directory, '.write_test')
-            try:
-                with open(test_file, 'w') as f:
-                    f.write('test')
-                os.remove(test_file)
-                print(f"Successfully verified write access to {directory}")
-            except Exception as e:
-                print(f"Directory {directory} is not writable: {e}")
-                print(f"Current process user ID: {os.getuid()}")
-                print(f"Directory owner ID: {dir_stat.st_uid}")
-                return False
-                
-        return True
-    except Exception as e:
-        print(f"Error in directory creation/verification: {e}")
-        print(f"Current process user ID: {os.getuid()}")
-        print(f"Current process group ID: {os.getgid()}")
-        print(f"Current working directory: {os.getcwd()}")
-        return False
-
-def get_last_backup_time(repo_id, hf_token):
-    """
-    Retrieve the timestamp of the last backup from HuggingFace Space.
-    
-    Args:
-        repo_id (str): The HuggingFace Space ID
-        hf_token (str): The HuggingFace API token
-    
-    Returns:
-        datetime or None: The timestamp of the last backup, or None if not found
-    """
-    api = HfApi()
-    try:
-        # Check if the timestamp file exists in the repository
-        files = api.list_repo_files(
-            repo_id=repo_id,
-            repo_type="space",
-            token=hf_token
-        )
-        
-        relative_timestamp_path = os.path.relpath(TIMESTAMP_FILE_PATH, BASE_DIR)
-        if relative_timestamp_path not in files:
-            print(f"No timestamp file found in repository")
-            return None
-
-        # Download and parse the timestamp file
-        temp_file = hf_hub_download(
-            repo_id=repo_id,
-            repo_type="space",
-            filename=relative_timestamp_path,
-            token=hf_token
-        )
-        
-        with open(temp_file, "r", encoding="utf-8") as f:
-            timestamp_str = f.read().strip()
-        return datetime.datetime.fromisoformat(timestamp_str)
-        
-    except Exception as e:
-        print(f"Error getting last backup time: {e}")
-        return None
-
-def save_timestamp_locally():
-    """
-    Save the current UTC time as our backup timestamp.
-    Includes error handling and directory creation.
-    
-    Returns:
-        bool: True if timestamp was saved successfully
-    """
-    try:
-        # Use UTC time with timezone information
-        now = datetime.datetime.now(datetime.timezone.utc)
-        
-        # Ensure the directory exists
-        os.makedirs(os.path.dirname(TIMESTAMP_FILE_PATH), mode=0o755, exist_ok=True)
-        
-        # Write the timestamp atomically using a temporary file
-        temp_path = f"{TIMESTAMP_FILE_PATH}.tmp"
-        with open(temp_path, "w", encoding="utf-8") as f:
-            f.write(now.isoformat())
-        os.replace(temp_path, TIMESTAMP_FILE_PATH)
-        
+            with open(test_file, 'w') as f:
+                f.write('test')
+            os.remove(test_file)
+            print(f"Successfully verified write access to {directory}")
+            
         return True
     except Exception as e:
-        print(f"Error saving timestamp: {e}")
+        print(f"Error creating/verifying directories: {e}")
         return False
 
 def verify_database():
     """
-    Comprehensive verification of the database's existence and integrity.
-    Uses SQLite's built-in integrity check and schema validation.
-    
-    Returns:
-        bool: True if database is valid and healthy
+    Verify the database exists and passes a basic SQLite integrity check.
     """
     if not os.path.exists(DB_FILE_PATH):
         print(f"Database file not found at: {DB_FILE_PATH}")
         return False
         
     try:
-        # Get file information for debugging
+        # Print file info for debugging
         file_stat = os.stat(DB_FILE_PATH)
         print(f"Database file size: {file_stat.st_size:,} bytes")
         print(f"Database file permissions: {oct(file_stat.st_mode)[-3:]}")
         
-        # Verify database integrity
+        # Run SQLite integrity check
         with sqlite3.connect(DB_FILE_PATH) as conn:
             cursor = conn.cursor()
-            
-            # Run comprehensive integrity check
             cursor.execute("PRAGMA integrity_check;")
             result = cursor.fetchone()[0]
-            
-            # Verify schema structure
             cursor.execute("SELECT name FROM sqlite_master WHERE type='table';")
             tables = cursor.fetchall()
             
@@ -162,55 +83,29 @@ def verify_database():
                 if len(tables) == 0:
                     print("No tables found in database")
                 return False
-                
     except sqlite3.Error as e:
         print(f"SQLite error during verification: {e}")
         return False
     except Exception as e:
         print(f"Unexpected error during verification: {e}")
-        print(f"Error type: {type(e).__name__}")
         return False
 
 def encrypt_database(passphrase):
     """
-    Encrypt the database file using GPG with robust directory handling.
+    Encrypt the database file using GPG (AES256), writing the .gpg file
+    to /tmp/open_webui/db_backup.
+    
+    Returns:
+        bool: True if successful, False otherwise
     """
     try:
         print("\nPreparing for database encryption...")
         
-        # Get absolute paths
-        target_dir = os.path.dirname(DB_GPG_PATH)
-        
-        # Create directory with explicit permissions right before encryption
-        print(f"Ensuring target directory exists: {target_dir}")
-        os.makedirs(target_dir, mode=0o755, exist_ok=True)
-        
-        # Verify directory was created
-        if not os.path.isdir(target_dir):
-            print(f"Failed to create directory: {target_dir}")
-            return False
-            
-        # Get and display directory permissions
-        dir_stat = os.stat(target_dir)
-        print(f"Directory permissions: {oct(dir_stat.st_mode)[-3:]}")
-        print(f"Directory owner: {dir_stat.st_uid}")
-        
-        # Try to create a test file to verify write access
-        test_file = os.path.join(target_dir, '.gpg_test')
-        try:
-            with open(test_file, 'w') as f:
-                f.write('test')
-            os.remove(test_file)
-            print("Write test successful")
-        except Exception as e:
-            print(f"Write test failed: {e}")
-            return False
-
-        # Create .gnupg directory with explicit permissions
+        # Ensure GPG home directory is created with correct perms
         gnupg_dir = '/root/.gnupg'
         os.makedirs(gnupg_dir, mode=0o700, exist_ok=True)
         
-        # Prepare GPG command
+        print("\nRunning GPG encryption...")
         encrypt_cmd = [
             "gpg",
             "--batch",
@@ -222,106 +117,146 @@ def encrypt_database(passphrase):
             DB_FILE_PATH
         ]
         
-        print("\nRunning GPG encryption...")
         result = subprocess.run(
             encrypt_cmd,
             capture_output=True,
-            text=True,
-            check=False
+            text=True
         )
         
         if result.returncode != 0:
             print(f"GPG encryption failed with code {result.returncode}")
-            print(f"Error output: {result.stderr}")
+            print(f"GPG stderr: {result.stderr}")
             return False
         
-        # Verify the encrypted file was created
         if os.path.exists(DB_GPG_PATH):
             encrypted_size = os.path.getsize(DB_GPG_PATH)
             print(f"Encryption successful. Encrypted file size: {encrypted_size:,} bytes")
             return True
         else:
-            print("GPG reported success but file not found")
+            print("GPG reported success but the .gpg file was not found.")
             return False
-            
     except Exception as e:
         print(f"Encryption failed with exception: {e}")
         return False
 
-def backup_db():
+def get_last_backup_time(repo_id, hf_token):
     """
-    Main function to handle the complete database backup process.
-    Includes environment validation, threshold checking, encryption, and upload.
+    Fetch last backup timestamp from the Hugging Face Space.
     
     Returns:
-        bool: True if backup completed successfully
+        datetime or None
+    """
+    try:
+        api = HfApi()
+        files = api.list_repo_files(repo_id=repo_id, repo_type="space", token=hf_token)
+        
+        if REPO_TIMESTAMP_FILE not in files:
+            print("No timestamp file found in repository")
+            return None
+        
+        # Download the timestamp file
+        temp_file = hf_hub_download(
+            repo_id=repo_id,
+            repo_type="space",
+            filename=REPO_TIMESTAMP_FILE,
+            token=hf_token
+        )
+        with open(temp_file, "r", encoding="utf-8") as f:
+            timestamp_str = f.read().strip()
+        
+        return datetime.datetime.fromisoformat(timestamp_str)
+    except Exception as e:
+        print(f"Error getting last backup time: {e}")
+        return None
+
+def save_timestamp_locally():
+    """
+    Save the current UTC time as our local timestamp.
+    """
+    try:
+        now = datetime.datetime.now(datetime.timezone.utc)
+        os.makedirs(os.path.dirname(TIMESTAMP_FILE_PATH), exist_ok=True)
+        
+        temp_path = f"{TIMESTAMP_FILE_PATH}.tmp"
+        with open(temp_path, "w", encoding="utf-8") as f:
+            f.write(now.isoformat())
+        os.replace(temp_path, TIMESTAMP_FILE_PATH)
+        
+        return True
+    except Exception as e:
+        print(f"Error saving timestamp: {e}")
+        return False
+
+def backup_db():
+    """
+    Main entry point for performing a backup:
+    1. Ensure directories are writable
+    2. Check if backup is needed (threshold)
+    3. Verify DB
+    4. Encrypt DB
+    5. Save new timestamp
+    6. Upload to HF Space
     """
-    # Validate environment variables
     passphrase = os.environ.get("BACKUP_PASSPHRASE")
     hf_token = os.environ.get("HF_TOKEN")
     space_id = os.environ.get("SPACE_ID")
     
     if not all([passphrase, hf_token, space_id]):
-        print("Error: Missing required environment variables")
+        print("Error: Missing one of BACKUP_PASSPHRASE, HF_TOKEN, SPACE_ID")
         return False
-
-    # Ensure directory structure exists
+    
     if not ensure_directories():
         print("Failed to create or verify directories")
         return False
     
-    # Get backup threshold setting
     threshold_minutes = int(os.environ.get("BACKUP_THRESHOLD_MINUTES", 120))
-    
-    # Check if backup is needed based on threshold
     if threshold_minutes > 0:
         last_backup_dt = get_last_backup_time(space_id, hf_token)
         if last_backup_dt is not None:
             now = datetime.datetime.now(datetime.timezone.utc)
+            # ensure last_backup_dt has a tz
             if not last_backup_dt.tzinfo:
                 last_backup_dt = last_backup_dt.replace(tzinfo=datetime.timezone.utc)
             elapsed = now - last_backup_dt
             if elapsed.total_seconds() < threshold_minutes * 60:
                 print(f"Last backup was only {elapsed.total_seconds()/3600:.2f} hours ago")
                 print(f"Threshold is {threshold_minutes} minutes")
-                print("Skipping backup to avoid rebuild loop")
+                print("Skipping backup to avoid rebuilding too often")
                 return True
     else:
         print("Backup threshold check disabled for testing")
-
-    # Verify database integrity
+    
+    # Verify the local database
     if not verify_database():
         print("Database verification failed, aborting backup")
         return False
-
+    
     # Encrypt the database
     if not encrypt_database(passphrase):
         print("Database encryption failed, aborting backup")
         return False
-
-    # Save the backup timestamp
+    
+    # Save timestamp to local file
     if not save_timestamp_locally():
-        print("Failed to save timestamp")
-        return False
-
-    # Upload to HuggingFace Spaces
-    print("\nUploading to Hugging Face Spaces...")
-    api = HfApi()
+        print("Failed to save timestamp locally, but continuing to upload anyway...")
     
+    # Upload to Hugging Face
+    print("\nUploading to Hugging Face Spaces...")
     try:
-        # Prepare file operations
+        api = HfApi()
         operations = [
+            # Add the .gpg file
             CommitOperationAdd(
-                path_in_repo=os.path.relpath(DB_GPG_PATH, BASE_DIR),
+                path_in_repo=REPO_DB_GPG_FILE,
                 path_or_fileobj=DB_GPG_PATH
             ),
+            # Add the timestamp file
             CommitOperationAdd(
-                path_in_repo=os.path.relpath(TIMESTAMP_FILE_PATH, BASE_DIR),
+                path_in_repo=REPO_TIMESTAMP_FILE,
                 path_or_fileobj=TIMESTAMP_FILE_PATH
             )
         ]
-
-        # Create commit with both files
+        
         api.create_commit(
             repo_id=space_id,
             repo_type="space",
@@ -331,9 +266,8 @@ def backup_db():
         )
         print("Backup files uploaded successfully!")
         return True
-        
     except Exception as e:
-        print(f"Error uploading to HuggingFace: {e}")
+        print(f"Error uploading to Hugging Face: {e}")
         return False
 
 if __name__ == "__main__":

backend/scripts/restore.py

@@ -5,29 +5,29 @@ import subprocess
 import datetime
 import sqlite3
 from pathlib import Path
+
 from huggingface_hub import HfApi, hf_hub_download
 
-# Just like in backup.py, we establish absolute paths based on the script's location
-# This ensures consistent path handling regardless of where the script is called from
-SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-BASE_DIR = os.path.dirname(SCRIPT_DIR)
+# ------------------------------------------------------------------------------
+# 1. Define directories outside of /app to avoid read-only file system issues
+# ------------------------------------------------------------------------------
+RESTORE_BACKUP_DIR = "/tmp/open_webui/db_backup"
+RESTORE_DATA_DIR = "/tmp/open_webui/data"
+
+# Actual paths on the local (runtime) filesystem
+TIMESTAMP_FILE_PATH = os.path.join(RESTORE_BACKUP_DIR, "last_backup_time.txt")
+DB_GPG_PATH = os.path.join(RESTORE_BACKUP_DIR, "webui.db.gpg")
+DB_FILE_PATH = os.path.join(RESTORE_DATA_DIR, "webui.db")
 
-# Define all paths as absolute paths relative to our base directory
-# This maintains consistency with backup.py and prevents path-related issues
-TIMESTAMP_FILE_PATH = os.path.join(BASE_DIR, "db_backup/last_backup_time.txt")
-DB_GPG_PATH = os.path.join(BASE_DIR, "db_backup/webui.db.gpg")
-DB_FILE_PATH = os.path.join(BASE_DIR, "data/webui.db")
+# Paths used in the Hugging Face Space repository
+REPO_TIMESTAMP_FILE = "db_backup/last_backup_time.txt"
+REPO_DB_GPG_FILE = "db_backup/webui.db.gpg"
 
 def check_requirements():
     """
     Verify that GPG is installed and available in the system.
-    GPG is essential for decrypting the database backup.
-    
-    Returns:
-        bool: True if GPG is available, False otherwise
     """
     try:
-        # Test GPG availability by checking its version
         subprocess.run(["gpg", "--version"], check=True, capture_output=True)
         return True
     except (subprocess.CalledProcessError, FileNotFoundError):
@@ -36,11 +36,7 @@ def check_requirements():
 
 def validate_secrets():
     """
-    Ensure all required environment variables are set.
-    These variables are essential for accessing and decrypting the backup.
-    
-    Returns:
-        bool: True if all required variables are set, False otherwise
+    Ensure all required environment variables are set: BACKUP_PASSPHRASE, HF_TOKEN, SPACE_ID.
     """
     required_vars = ["BACKUP_PASSPHRASE", "HF_TOKEN", "SPACE_ID"]
     missing = [var for var in required_vars if not os.environ.get(var)]
@@ -52,15 +48,10 @@ def validate_secrets():
 
 def ensure_directories():
     """
-    Create necessary directories for database and backup files.
-    This ensures we have the proper directory structure before any operations.
-    
-    Returns:
-        bool: True if directories are created successfully, False otherwise
+    Create necessary directories for database and backup files (in /tmp).
     """
     try:
-        # Create both backup and database directories with appropriate permissions
-        for directory in [os.path.dirname(DB_FILE_PATH), os.path.dirname(DB_GPG_PATH)]:
+        for directory in [RESTORE_DATA_DIR, RESTORE_BACKUP_DIR]:
             os.makedirs(directory, mode=0o755, exist_ok=True)
         return True
     except Exception as e:
@@ -69,108 +60,78 @@ def ensure_directories():
 
 def get_latest_backup_info(repo_id, hf_token):
     """
-    Check for and retrieve information about the latest backup from HuggingFace.
-    
-    Args:
-        repo_id (str): The HuggingFace Space ID
-        hf_token (str): The HuggingFace API token
-    
-    Returns:
-        tuple: (backup_exists: bool, timestamp: datetime or None)
+    Check if a backup exists in the HF Space. If so, return True and a timestamp (or None).
     """
     api = HfApi()
     try:
-        # Check if backup file exists in the repository
-        files = api.list_repo_files(
-            repo_id=repo_id,
-            repo_type="space",
-            token=hf_token
-        )
-        
-        # Look for backup file using relative path
-        relative_backup_path = os.path.relpath(DB_GPG_PATH, BASE_DIR)
-        backup_exists = relative_backup_path in files
+        files = api.list_repo_files(repo_id=repo_id, repo_type="space", token=hf_token)
         
+        # Check if the encrypted DB is present
+        backup_exists = (REPO_DB_GPG_FILE in files)
         if not backup_exists:
             print("No backup file found in the repository")
             return False, None
-            
-        # If backup exists, try to get its timestamp
+        
+        # Attempt to fetch the timestamp file
         try:
-            relative_timestamp_path = os.path.relpath(TIMESTAMP_FILE_PATH, BASE_DIR)
-            timestamp_file = hf_hub_download(
-                repo_id=repo_id,
-                repo_type="space",
-                filename=relative_timestamp_path,
-                token=hf_token
-            )
-            
-            with open(timestamp_file, "r", encoding="utf-8") as f:
-                timestamp = datetime.datetime.fromisoformat(f.read().strip())
+            if REPO_TIMESTAMP_FILE in files:
+                timestamp_file = hf_hub_download(
+                    repo_id=repo_id,
+                    repo_type="space",
+                    filename=REPO_TIMESTAMP_FILE,
+                    token=hf_token
+                )
+                with open(timestamp_file, "r", encoding="utf-8") as f:
+                    timestamp = datetime.datetime.fromisoformat(f.read().strip())
                 print(f"Found backup from: {timestamp} UTC")
                 return True, timestamp
-                
+            else:
+                print("No timestamp file found, but backup file exists")
+                return True, None
         except Exception as e:
-            print(f"Note: Could not read timestamp (this is okay for first run): {e}")
+            print(f"Could not read timestamp (possibly first run): {e}")
             return True, None
-            
     except Exception as e:
         print(f"Error checking repository: {e}")
-        print("For debugging - trying to list repository contents:")
-        try:
-            files = api.list_repo_files(repo_id=repo_id, repo_type="space", token=hf_token)
-            print(f"Files in repository: {files}")
-        except Exception as debug_e:
-            print(f"Debug listing failed: {debug_e}")
         return False, None
 
 def download_backup(repo_id, hf_token):
     """
-    Download the encrypted database backup from HuggingFace.
-    
-    Args:
-        repo_id (str): The HuggingFace Space ID
-        hf_token (str): The HuggingFace API token
-    
-    Returns:
-        bool: True if download is successful, False otherwise
+    Download the encrypted database backup from Hugging Face into /tmp/open_webui/db_backup.
     """
     try:
         print("Downloading encrypted database backup...")
-        relative_backup_path = os.path.relpath(DB_GPG_PATH, BASE_DIR)
         temp_file = hf_hub_download(
             repo_id=repo_id,
             repo_type="space",
-            filename=relative_backup_path,
+            filename=REPO_DB_GPG_FILE,
             token=hf_token
         )
         
-        # Move the downloaded file to the correct location
+        # Move the downloaded file to DB_GPG_PATH
         os.makedirs(os.path.dirname(DB_GPG_PATH), exist_ok=True)
         os.replace(temp_file, DB_GPG_PATH)
         print("Backup downloaded successfully")
         return True
-        
     except Exception as e:
         print(f"Error downloading backup: {e}")
         return False
 
 def decrypt_database(passphrase):
     """
-    Decrypt the downloaded database file using GPG.
-    
-    Args:
-        passphrase (str): The passphrase for decrypting the database
-    
-    Returns:
-        bool: True if decryption is successful or no backup exists, False on error
+    Decrypt the database file using GPG, writing the decrypted DB into /tmp/open_webui/data.
     """
     if not os.path.exists(DB_GPG_PATH):
-        print("No encrypted backup found locally")
-        return True  # Not an error, might be first run
-        
+        print("No encrypted backup found locally. Proceeding with fresh DB.")
+        return True  # Not necessarily an error
+    
     try:
         print("Decrypting database with GPG...")
+        
+        # Ensure /root/.gnupg is set up
+        gnupg_dir = "/root/.gnupg"
+        os.makedirs(gnupg_dir, mode=0o700, exist_ok=True)
+        
         decrypt_cmd = [
             "gpg",
             "--batch",
@@ -180,37 +141,29 @@ def decrypt_database(passphrase):
             "-o", DB_FILE_PATH,
             DB_GPG_PATH
         ]
-        
         subprocess.run(decrypt_cmd, check=True, stderr=subprocess.PIPE)
         print(f"Database decrypted successfully to {DB_FILE_PATH}")
         return True
-        
     except subprocess.CalledProcessError as e:
         print(f"Failed to decrypt database: {e}")
-        print(f"GPG error output: {e.stderr.decode()}")
+        if e.stderr:
+            print(f"GPG error output: {e.stderr.decode(errors='ignore')}")
         return False
 
 def verify_database():
     """
-    Verify the integrity of the restored database using SQLite's built-in checks.
-    This function uses Python's sqlite3 module instead of the command-line tool.
-    
-    Returns:
-        bool: True if database is valid or doesn't exist, False if corrupted
+    Verify the integrity of the restored database using SQLite's built-in integrity check.
     """
     if not os.path.exists(DB_FILE_PATH):
-        return True  # Not an error, might be first run
-        
+        # If there's no DB yet, that's okay (fresh start)
+        return True
+    
     try:
         print("Verifying database integrity...")
         with sqlite3.connect(DB_FILE_PATH) as conn:
             cursor = conn.cursor()
-            
-            # Run integrity check
             cursor.execute("PRAGMA integrity_check;")
             result = cursor.fetchone()[0]
-            
-            # Verify basic schema structure
             cursor.execute("SELECT name FROM sqlite_master WHERE type='table';")
             tables = cursor.fetchall()
             
@@ -225,7 +178,6 @@ def verify_database():
                 if len(tables) == 0:
                     print("No tables found in database")
                 return False
-            
     except sqlite3.Error as e:
         print(f"Database verification failed: {e}")
         return False
@@ -235,33 +187,23 @@ def verify_database():
 
 def restore_db():
     """
-    Main function to handle the database restoration process.
-    This function orchestrates the complete restore operation, including:
-    1. Environment validation
-    2. Directory creation
-    3. Backup download
-    4. Decryption
-    5. Database verification
-    
-    Returns:
-        bool: True if restore is successful or no backup needed, False on error
+    Main restore function:
+    1. Check GPG installation & environment variables
+    2. Create directories
+    3. Check if remote backup exists, download & decrypt
+    4. Verify DB
     """
-    # Check requirements and environment
     if not check_requirements() or not validate_secrets():
         return False
     
-    # Ensure required directories exist
     if not ensure_directories():
         return False
     
-    # Get environment variables
     passphrase = os.environ["BACKUP_PASSPHRASE"]
     hf_token = os.environ["HF_TOKEN"]
     space_id = os.environ["SPACE_ID"]
     
-    # Check if there's a backup in the repository
     backup_exists, timestamp = get_latest_backup_info(space_id, hf_token)
-    
     if backup_exists:
         if not download_backup(space_id, hf_token):
             print("Failed to download backup")
@@ -270,15 +212,15 @@ def restore_db():
         if not decrypt_database(passphrase):
             print("Failed to decrypt database")
             return False
-            
+        
         if not verify_database():
-            print("Failed to verify database integrity")
-            # Remove potentially corrupted database
+            print("Database integrity verification failed")
+            # Remove the corrupted DB so we don't keep a broken file
             if os.path.exists(DB_FILE_PATH):
                 os.unlink(DB_FILE_PATH)
             return False
     else:
-        print("No backup found - starting with fresh database")
+        print("No backup found - starting with an empty/fresh database")
     
     print("Database restore completed successfully!")
     return True

backend/start.sh

@@ -9,7 +9,7 @@ log_message() {
 }
 
 validate_environment() {
-    # Check if we're in the expected container directory structure
+    # Check if we're in the expected directory structure
     if [[ "$(pwd)" != *"/app/backend" ]]; then
         log_message "Warning: Unexpected working directory: $(pwd)"
         log_message "Expected path to contain: /app/backend"
@@ -30,10 +30,13 @@ validate_environment || {
 
 log_message "Working from directory: $(pwd)"
 
+# ---------------------------------------------------------------------------
+# IMPORTANT: We no longer rely on /app/backend/data or /app/backend/db_backup.
+# We define external paths (matching our updated backup/restore scripts):
+# ---------------------------------------------------------------------------
 SCRIPTS_DIR="$SCRIPT_DIR/scripts"
-DATA_DIR="$SCRIPT_DIR/data"
-BACKUP_DIR="$SCRIPT_DIR/db_backup"
-
+DATA_DIR="/tmp/open_webui/data"
+BACKUP_DIR="/tmp/open_webui/db_backup"
 
 # Validate required environment variables for backup/restore operations
 for var in "BACKUP_PASSPHRASE" "HF_TOKEN" "SPACE_ID"; do
@@ -43,7 +46,7 @@ for var in "BACKUP_PASSPHRASE" "HF_TOKEN" "SPACE_ID"; do
     fi
 done
 
-# Restore database from backup using absolute path
+# Restore database from backup using absolute path to restore.py
 log_message "Restoring database from backup..."
 python "$SCRIPTS_DIR/restore.py"
 restore_status=$?
@@ -72,9 +75,9 @@ if test "$WEBUI_SECRET_KEY $WEBUI_JWT_SECRET_KEY" = " "; then
     }
 fi
 
-# Handle Ollama configuration if enabled
+# Optional: Start Ollama if USE_OLLAMA_DOCKER is true
 if [[ "${USE_OLLAMA_DOCKER,,}" == "true" ]]; then
-    log_message "USE_OLLAMA is set to true, starting ollama serve."
+    log_message "USE_OLLAMA_DOCKER is set to true, starting ollama serve."
     ollama serve &
 fi
 
@@ -84,7 +87,7 @@ if [[ "${USE_CUDA_DOCKER,,}" == "true" ]]; then
     export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/local/lib/python3.11/site-packages/torch/lib:/usr/local/lib/python3.11/site-packages/nvidia/cudnn/lib"
 fi
 
-# Handle HuggingFace Space deployment configuration
+# Handle HuggingFace Space deployment
 if [ -n "$SPACE_ID" ]; then
     echo "Configuring for HuggingFace Space deployment"
     if [ -n "$ADMIN_USER_EMAIL" ] && [ -n "$ADMIN_USER_PASSWORD" ]; then
@@ -113,9 +116,9 @@ WEBUI_SECRET_KEY="$WEBUI_SECRET_KEY" uvicorn open_webui.main:app \
     --host "$HOST" --port "$PORT" --forwarded-allow-ips '*' &
 WEBUI_PID=$!
 
-# Configure backup schedule with environment variable defaults
-BACKUP_INITIAL_WAIT="${BACKUP_INITIAL_WAIT:-500}"  # Default to 500 seconds
-BACKUP_INTERVAL="${BACKUP_INTERVAL:-21600}"        # Default to 6 hours
+# Configure backup schedule (set defaults if not provided)
+BACKUP_INITIAL_WAIT="${BACKUP_INITIAL_WAIT:-500}"  # 500 seconds
+BACKUP_INTERVAL="${BACKUP_INTERVAL:-21600}"        # 6 hours
 
 # Start the background backup job
 (
@@ -143,5 +146,5 @@ BACKUP_INTERVAL="${BACKUP_INTERVAL:-21600}"        # Default to 6 hours
     done
 ) &
 
-# Wait for the main web server process to keep container alive
+# Keep the container alive by waiting on the main web server
 wait $WEBUI_PID