@matthesketh/fleet 1.8.1 → 1.11.0

package/dist/core/backup/browser-ui.js

@@ -0,0 +1,268 @@
+/** server-rendered html for the backup explorer. self-contained — inline
+ *  css + vanilla js, no build step, no external assets. all routes are
+ *  served under the /backups/ prefix by nginx. */
+const SHARED_CSS = `
+  :root { color-scheme: dark; }
+  * { box-sizing: border-box; }
+  body { margin: 0; padding: 2rem; background: #0d1117; color: #c9d1d9;
+    font: 14px/1.5 ui-monospace, SFMono-Regular, Menlo, monospace; }
+  a { color: #58a6ff; text-decoration: none; }
+  h1 { font-size: 1.1rem; margin: 0 0 1rem; color: #e6edf3; }
+  button, select, input {
+    font: inherit; background: #161b22; color: #c9d1d9;
+    border: 1px solid #30363d; border-radius: 6px; padding: 0.35rem 0.6rem; }
+  button { cursor: pointer; }
+  button:hover { border-color: #58a6ff; }
+  .err { background: #3d1418; border: 1px solid #f85149; color: #ffa198;
+    padding: 0.5rem 0.8rem; border-radius: 6px; margin: 0.75rem 0; }
+`;
+export function renderLoginPage() {
+    return `<!doctype html>
+<html lang="en"><head>
+<meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1">
+<title>fleet backups — login</title>
+<style>${SHARED_CSS}
+  .box { max-width: 320px; margin: 12vh auto; }
+  #code { width: 100%; text-align: center; letter-spacing: 0.3em; font-size: 1.4rem; margin: 0.75rem 0; }
+</style></head><body>
+  <div class="box">
+    <h1>fleet backups</h1>
+    <p>enter your authenticator code</p>
+    <input id="code" inputmode="numeric" maxlength="6" autocomplete="one-time-code" autofocus>
+    <button id="go" style="width:100%">unlock</button>
+    <div id="err" class="err" style="display:none"></div>
+  </div>
+<script>
+  const code = document.getElementById('code');
+  const err = document.getElementById('err');
+  async function submit() {
+    err.style.display = 'none';
+    const res = await fetch('/backups/api/login', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'X-Fleet-Backup': '1' },
+      body: JSON.stringify({ code: code.value.trim() }),
+    });
+    if (res.ok) { location.href = '/backups/'; return; }
+    err.textContent = 'invalid code';
+    err.style.display = 'block';
+    code.value = '';
+    code.focus();
+  }
+  document.getElementById('go').onclick = submit;
+  code.addEventListener('keydown', e => { if (e.key === 'Enter') submit(); });
+</script>
+</body></html>`;
+}
+export function renderExplorerPage() {
+    return `<!doctype html>
+<html lang="en"><head>
+<meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1">
+<title>fleet backups — explorer</title>
+<style>${SHARED_CSS}
+  .bar { display: flex; gap: 0.5rem; align-items: center; flex-wrap: wrap; margin-bottom: 1rem; }
+  .crumbs { margin: 0.5rem 0; color: #8b949e; }
+  .crumbs a { margin: 0 0.15rem; }
+  table { border-collapse: collapse; width: 100%; max-width: 960px; }
+  th, td { text-align: left; padding: 0.4rem 0.7rem; border-bottom: 1px solid #21262d; }
+  th { color: #8b949e; font-size: 0.78rem; text-transform: uppercase; }
+  td.num { text-align: right; font-variant-numeric: tabular-nums; }
+  tr.locked td.name { color: #6e7681; }
+  .lock { color: #d29922; }
+  .acts button { padding: 0.15rem 0.45rem; font-size: 0.8rem; }
+  #staging { margin-top: 1.5rem; max-width: 960px; }
+  #staging summary { cursor: pointer; color: #8b949e; }
+  #viewer { margin-top: 1rem; max-width: 960px; }
+  #viewer pre { background: #161b22; border: 1px solid #30363d; padding: 0.8rem;
+    border-radius: 6px; overflow: auto; max-height: 60vh; }
+  .spin { color: #8b949e; }
+</style></head><body>
+  <h1>fleet backups — explorer</h1>
+  <div class="bar">
+    <select id="app"></select>
+    <select id="snap"></select>
+  </div>
+  <div id="crumbs" class="crumbs"></div>
+  <div id="err" class="err" style="display:none"></div>
+  <div id="tree"><span class="spin">loading…</span></div>
+  <div id="viewer"></div>
+  <details id="staging"><summary>staging restores</summary><div id="stagingBody"></div></details>
+<script>
+  const API = '/backups/api/';
+  const H = { 'X-Fleet-Backup': '1' };
+  const $ = id => document.getElementById(id);
+  const err = msg => { const e = $('err'); e.textContent = msg; e.style.display = 'block'; };
+  const clearErr = () => { $('err').style.display = 'none'; };
+  let state = { app: '', snap: '', path: '/' };
+
+  async function api(path, opts) {
+    const res = await fetch(API + path, { headers: H, ...opts });
+    if (res.status === 401) { location.href = '/backups/login'; throw new Error('auth'); }
+    return res;
+  }
+  const fmtSize = n => n < 1024 ? n + ' B'
+    : n < 1048576 ? (n/1024).toFixed(1) + ' KB'
+    : n < 1073741824 ? (n/1048576).toFixed(1) + ' MB'
+    : (n/1073741824).toFixed(2) + ' GB';
+
+  async function loadApps() {
+    const r = await api('apps');
+    const data = await r.json();
+    const sel = $('app');
+    sel.innerHTML = '';
+    for (const a of data.apps) {
+      const o = document.createElement('option');
+      o.value = a.app; o.textContent = a.app;
+      sel.appendChild(o);
+    }
+    const qp = new URLSearchParams(location.search).get('app');
+    if (qp) sel.value = qp;
+    state.app = sel.value;
+    await loadSnapshots();
+  }
+
+  async function loadSnapshots() {
+    const r = await api('snapshots?app=' + encodeURIComponent(state.app));
+    const data = await r.json();
+    const sel = $('snap');
+    sel.innerHTML = '';
+    for (const s of data.snapshots) {
+      const o = document.createElement('option');
+      o.value = s.shortId;
+      o.textContent = s.shortId + '  ' + (s.time || '').slice(0, 19) + '  ' + (s.tags || []).join(',');
+      sel.appendChild(o);
+    }
+    state.snap = sel.value || '';
+    state.path = '/';
+    await loadTree();
+  }
+
+  function renderCrumbs() {
+    const c = $('crumbs');
+    c.innerHTML = '';
+    const parts = state.path.split('/').filter(Boolean);
+    const root = document.createElement('a');
+    root.textContent = '/'; root.href = '#';
+    root.onclick = e => { e.preventDefault(); state.path = '/'; loadTree(); };
+    c.appendChild(root);
+    let acc = '';
+    for (const p of parts) {
+      acc += '/' + p;
+      const seg = acc;
+      const a = document.createElement('a');
+      a.textContent = p; a.href = '#';
+      a.onclick = e => { e.preventDefault(); state.path = seg; loadTree(); };
+      c.appendChild(document.createTextNode(' / '));
+      c.appendChild(a);
+    }
+  }
+
+  async function loadTree() {
+    clearErr();
+    $('viewer').innerHTML = '';
+    $('tree').innerHTML = '<span class="spin">loading…</span>';
+    renderCrumbs();
+    let data;
+    try {
+      const r = await api('ls?app=' + encodeURIComponent(state.app)
+        + '&snap=' + encodeURIComponent(state.snap)
+        + '&path=' + encodeURIComponent(state.path));
+      if (!r.ok) { err((await r.json()).error || 'ls failed'); $('tree').innerHTML=''; return; }
+      data = await r.json();
+    } catch (e) { return; }
+    const rows = data.entries.map(e => {
+      const lock = e.sensitive ? '<span class="lock" title="locked — restore only">&#128274;</span> ' : '';
+      const nameCell = e.type === 'dir'
+        ? '<a href="#" data-dir="' + encodeURIComponent(e.path) + '">' + lock + e.name + '/</a>'
+        : (e.sensitive ? lock + e.name
+            : '<a href="#" data-file="' + encodeURIComponent(e.path) + '">' + lock + e.name + '</a>');
+      return '<tr class="' + (e.sensitive ? 'locked' : '') + '">'
+        + '<td class="name">' + nameCell + '</td>'
+        + '<td>' + e.type + '</td>'
+        + '<td class="num">' + (e.type === 'file' ? fmtSize(e.size) : '') + '</td>'
+        + '<td>' + (e.mtime || '').slice(0, 19) + '</td>'
+        + '<td class="acts">'
+        + (e.type === 'file' && !e.sensitive
+            ? '<button data-dl="' + encodeURIComponent(e.path) + '">download</button> ' : '')
+        + '<button data-restore="' + encodeURIComponent(e.path) + '">restore</button>'
+        + '</td></tr>';
+    }).join('');
+    $('tree').innerHTML = '<table><thead><tr><th>name</th><th>type</th>'
+      + '<th class="num">size</th><th>modified</th><th>actions</th></tr></thead><tbody>'
+      + rows + '</tbody></table>';
+    bindRows();
+  }
+
+  function bindRows() {
+    document.querySelectorAll('[data-dir]').forEach(a => a.onclick = e => {
+      e.preventDefault();
+      state.path = decodeURIComponent(a.dataset.dir);
+      loadTree();
+    });
+    document.querySelectorAll('[data-file]').forEach(a => a.onclick = e => {
+      e.preventDefault();
+      viewFile(decodeURIComponent(a.dataset.file));
+    });
+    document.querySelectorAll('[data-dl]').forEach(b => b.onclick = () => {
+      const p = decodeURIComponent(b.dataset.dl);
+      location.href = API + 'file?app=' + encodeURIComponent(state.app)
+        + '&snap=' + encodeURIComponent(state.snap)
+        + '&path=' + encodeURIComponent(p) + '&dl=1';
+    });
+    document.querySelectorAll('[data-restore]').forEach(b => b.onclick = () =>
+      doRestore(decodeURIComponent(b.dataset.restore)));
+  }
+
+  async function viewFile(path) {
+    const url = API + 'file?app=' + encodeURIComponent(state.app)
+      + '&snap=' + encodeURIComponent(state.snap)
+      + '&path=' + encodeURIComponent(path);
+    const r = await api(url.replace(API, ''));
+    if (!r.ok) { err((await r.json()).error || 'view failed'); return; }
+    const ct = r.headers.get('Content-Type') || '';
+    const v = $('viewer');
+    if (ct.startsWith('image/')) {
+      v.innerHTML = '<img src="' + url + '" style="max-width:100%">';
+    } else if (ct.startsWith('text/') || ct.startsWith('application/json')) {
+      const txt = await r.text();
+      v.innerHTML = '<pre></pre>';
+      v.querySelector('pre').textContent = txt;
+    } else {
+      v.innerHTML = '<embed src="' + url + '" style="width:100%;height:60vh">';
+    }
+  }
+
+  async function doRestore(path) {
+    if (!confirm('Restore to a staging dir?\\n\\nsnapshot: ' + state.snap + '\\npath: ' + path)) return;
+    clearErr();
+    const r = await api('restore', {
+      method: 'POST',
+      headers: { ...H, 'Content-Type': 'application/json' },
+      body: JSON.stringify({ app: state.app, snap: state.snap, path }),
+    });
+    const data = await r.json();
+    if (!r.ok) { err(data.error || 'restore failed'); return; }
+    alert('restored ' + data.fileCount + ' file(s) to:\\n' + data.target);
+    loadStaging();
+  }
+
+  async function loadStaging() {
+    const r = await api('staging');
+    const data = await r.json();
+    const body = $('stagingBody');
+    const dirs = data.staging || [];
+    body.innerHTML = dirs.length
+      ? dirs.map(d => '<div>' + d.path + ' — ' + fmtSize(d.bytes) + ' — ' + d.age
+          + ' <button data-del="' + encodeURIComponent(d.path) + '">delete</button></div>').join('')
+      : '<div class="spin">none</div>';
+    body.querySelectorAll('[data-del]').forEach(b => b.onclick = async () => {
+      await api('staging?path=' + encodeURIComponent(decodeURIComponent(b.dataset.del)), { method: 'DELETE' });
+      loadStaging();
+    });
+  }
+
+  $('app').onchange = () => { state.app = $('app').value; loadSnapshots(); };
+  $('snap').onchange = () => { state.snap = $('snap').value; state.path = '/'; loadTree(); };
+  loadApps().then(loadStaging).catch(() => {});
+</script>
+</body></html>`;
+}

package/dist/core/backup/cloudflare.d.ts

@@ -0,0 +1,7 @@
+import { FleetError } from '../errors.js';
+export declare class CloudflareError extends FleetError {
+}
+/** export every zone's DNS records + page rules. returns a json blob suitable
+ * for restic stdin. used by the `system` backup so we can rebuild dns from
+ * a single file even if cloudflare account access is lost. */
+export declare function exportAllZones(): string;

package/dist/core/backup/cloudflare.js

@@ -0,0 +1,82 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { requireEnv } from '../env.js';
+import { FleetError } from '../errors.js';
+import { execSafe } from '../exec.js';
+/** path to the cloudflare credentials ini. */
+function cfCredIni() { return requireEnv('FLEET_CF_CRED'); }
+export class CloudflareError extends FleetError {
+}
+function loadCreds() {
+    const credPath = cfCredIni();
+    if (!existsSync(credPath))
+        return {};
+    const lines = readFileSync(credPath, 'utf-8').split('\n');
+    const out = {};
+    for (const line of lines) {
+        const t = line.trim();
+        if (!t || t.startsWith('#') || t.startsWith('['))
+            continue;
+        const eq = t.indexOf('=');
+        if (eq < 1)
+            continue;
+        const k = t.slice(0, eq).trim().toLowerCase().replace(/[_-]/g, '');
+        const v = t.slice(eq + 1).trim();
+        if (k === 'dnscloudflareapitoken' || k === 'cfapitoken' || k === 'apitoken') {
+            out.apiToken = v;
+        }
+        else if (k === 'dnscloudflareemail' || k === 'email') {
+            out.email = v;
+        }
+        else if (k === 'dnscloudflareapikey' || k === 'apikey') {
+            out.apiKey = v;
+        }
+    }
+    return out;
+}
+function cfCurl(path, creds) {
+    const headers = [];
+    if (creds.apiToken) {
+        headers.push('-H', `Authorization: Bearer ${creds.apiToken}`);
+    }
+    else if (creds.email && creds.apiKey) {
+        headers.push('-H', `X-Auth-Email: ${creds.email}`);
+        headers.push('-H', `X-Auth-Key: ${creds.apiKey}`);
+    }
+    else {
+        return { ok: false, stdout: '', stderr: 'no cloudflare credentials found' };
+    }
+    const r = execSafe('curl', [
+        '-sS', '-m', '30',
+        ...headers,
+        `https://api.cloudflare.com/client/v4${path}`,
+    ], { timeout: 35_000 });
+    return r;
+}
+/** export every zone's DNS records + page rules. returns a json blob suitable
+ * for restic stdin. used by the `system` backup so we can rebuild dns from
+ * a single file even if cloudflare account access is lost. */
+export function exportAllZones() {
+    const creds = loadCreds();
+    if (!creds.apiToken && !(creds.email && creds.apiKey)) {
+        throw new CloudflareError(`no cloudflare credentials at ${cfCredIni()}`);
+    }
+    const zonesResp = cfCurl('/zones?per_page=200', creds);
+    if (!zonesResp.ok)
+        throw new CloudflareError(`zone list failed: ${zonesResp.stderr}`);
+    const zones = JSON.parse(zonesResp.stdout).result;
+    const out = { exportedAt: new Date().toISOString(), zones: [] };
+    const zonesOut = out.zones;
+    for (const z of zones) {
+        const dns = cfCurl(`/zones/${z.id}/dns_records?per_page=1000`, creds);
+        const pageRules = cfCurl(`/zones/${z.id}/pagerules?per_page=200`, creds);
+        const settings = cfCurl(`/zones/${z.id}/settings`, creds);
+        zonesOut.push({
+            id: z.id,
+            name: z.name,
+            dnsRecords: dns.ok ? JSON.parse(dns.stdout).result : { error: dns.stderr },
+            pageRules: pageRules.ok ? JSON.parse(pageRules.stdout).result : { error: pageRules.stderr },
+            settings: settings.ok ? JSON.parse(settings.stdout).result : { error: settings.stderr },
+        });
+    }
+    return JSON.stringify(out, null, 2);
+}

package/dist/core/backup/config.d.ts

@@ -0,0 +1,9 @@
+import { AppBackupConfig, Retention } from './types.js';
+export declare function backupConfigDir(): string;
+export declare function backupVaultDir(): string;
+export declare const DEFAULT_RETENTION: Retention;
+export declare const DEFAULT_EXCLUDES: string[];
+export declare function loadConfig(app: string): AppBackupConfig | null;
+export declare function saveConfig(cfg: AppBackupConfig): void;
+export declare function listConfiguredApps(): string[];
+export declare function validateAppName(app: string): void;

package/dist/core/backup/config.js

@@ -0,0 +1,80 @@
+import { readFileSync, writeFileSync, existsSync, mkdirSync, readdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { requireEnv } from '../env.js';
+import { FleetError } from '../errors.js';
+import { isPseudoApp } from './types.js';
+// read at call time so test env overrides land. consumers that want the
+// resolved path should call backupConfigDir() / backupVaultDir().
+export function backupConfigDir() {
+    return process.env.FLEET_BACKUP_CONFIG_DIR ?? '/etc/fleet/backups';
+}
+// the vault holds the age-encrypted restic passwords — no safe default,
+// so an unset FLEET_BACKUP_VAULT_DIR is a hard error rather than a guess.
+export function backupVaultDir() {
+    return requireEnv('FLEET_BACKUP_VAULT_DIR');
+}
+export const DEFAULT_RETENTION = {
+    hourly: 24,
+    daily: 14,
+    weekly: 8,
+    monthly: 12,
+};
+export const DEFAULT_EXCLUDES = [
+    'node_modules',
+    '.next',
+    'dist',
+    'build',
+    'target',
+    '__pycache__',
+    '.cache',
+    '.venv',
+    'venv',
+    '.npm',
+    '.yarn',
+    'coverage',
+    '.pytest_cache',
+    '*.log',
+    '*.pid',
+    '*.lock',
+    '.DS_Store',
+    'tmp',
+];
+function configPath(app) {
+    return join(backupConfigDir(), `${app}.json`);
+}
+export function loadConfig(app) {
+    const path = configPath(app);
+    if (!existsSync(path))
+        return null;
+    const raw = JSON.parse(readFileSync(path, 'utf-8'));
+    // basic shape check
+    if (!raw.app || !Array.isArray(raw.paths) || !raw.retention) {
+        throw new FleetError(`malformed backup config at ${path}`);
+    }
+    return raw;
+}
+export function saveConfig(cfg) {
+    const dir = backupConfigDir();
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    writeFileSync(configPath(cfg.app), JSON.stringify(cfg, null, 2) + '\n', { mode: 0o600 });
+}
+export function listConfiguredApps() {
+    const dir = backupConfigDir();
+    if (!existsSync(dir))
+        return [];
+    return readdirSync(dir)
+        .filter(f => f.endsWith('.json'))
+        .map(f => f.slice(0, -5))
+        .sort();
+}
+export function validateAppName(app) {
+    if (!app)
+        throw new FleetError('app name required');
+    if (isPseudoApp(app))
+        return;
+    if (!/^[a-z0-9_][a-z0-9._-]{0,62}$/.test(app)) {
+        throw new FleetError(`invalid app name: ${app}`);
+    }
+}

package/dist/core/backup/detect.d.ts

@@ -0,0 +1,11 @@
+import { AppBackupConfig, DumpHook, Schedule } from './types.js';
+/** detect the db dump hook (if any) for a registered fleet app. matches by
+ * container image keyword: postgres/mysql/mongo/redis. */
+export declare function detectDumpHook(appName: string): DumpHook | undefined;
+/** detect named docker volumes attached to the app's containers. anonymous
+ * volumes (uuid names) are skipped — they're transient. */
+export declare function detectVolumes(appName: string): string[];
+/** decide a sensible default schedule based on whether the app has a db. */
+export declare function defaultScheduleFor(hasDump: boolean): Schedule;
+/** build a baseline config for a registered fleet app. */
+export declare function detectAppConfig(appName: string): AppBackupConfig | null;

package/dist/core/backup/detect.js

@@ -0,0 +1,71 @@
+import { existsSync } from 'node:fs';
+import { listContainers } from '../docker.js';
+import { execSafe } from '../exec.js';
+import { load as loadRegistry } from '../registry.js';
+import { DEFAULT_RETENTION, DEFAULT_EXCLUDES } from './config.js';
+/** detect the db dump hook (if any) for a registered fleet app. matches by
+ * container image keyword: postgres/mysql/mongo/redis. */
+export function detectDumpHook(appName) {
+    const all = listContainers();
+    const candidates = all.filter(c => c.name.startsWith(appName) ||
+        c.name.endsWith(`-${appName}`) ||
+        c.name === appName);
+    for (const c of candidates) {
+        const img = c.image.toLowerCase();
+        if (img.includes('postgres') || img.includes('postgis')) {
+            return { type: 'postgres', container: c.name };
+        }
+        if (img.startsWith('mysql') || img.includes('mariadb')) {
+            return { type: 'mysql', container: c.name };
+        }
+        if (img.includes('mongo')) {
+            return { type: 'mongo', container: c.name };
+        }
+        if (img.startsWith('redis')) {
+            return { type: 'redis', container: c.name };
+        }
+    }
+    return undefined;
+}
+/** detect named docker volumes attached to the app's containers. anonymous
+ * volumes (uuid names) are skipped — they're transient. */
+export function detectVolumes(appName) {
+    const r = execSafe('docker', ['ps', '-q', '--filter', `name=${appName}`], { timeout: 5_000 });
+    if (!r.ok)
+        return [];
+    const vols = new Set();
+    for (const cid of r.stdout.split('\n').filter(Boolean)) {
+        const v = execSafe('docker', ['inspect', cid, '--format', '{{range .Mounts}}{{if eq .Type "volume"}}{{.Name}}|{{end}}{{end}}'], { timeout: 5_000 });
+        for (const name of v.stdout.split('|').filter(Boolean)) {
+            // skip anonymous (uuid-looking)
+            if (!/^[0-9a-f]{60,}$/i.test(name)) {
+                vols.add(name);
+            }
+        }
+    }
+    return [...vols].sort();
+}
+/** decide a sensible default schedule based on whether the app has a db. */
+export function defaultScheduleFor(hasDump) {
+    return hasDump ? 'hourly' : 'daily';
+}
+/** build a baseline config for a registered fleet app. */
+export function detectAppConfig(appName) {
+    const reg = loadRegistry();
+    const app = reg.apps.find(a => a.name === appName);
+    if (!app)
+        return null;
+    const composeDir = app.composePath;
+    const paths = existsSync(composeDir) ? [composeDir] : [];
+    const dump = detectDumpHook(appName);
+    const volumes = detectVolumes(appName);
+    return {
+        app: appName,
+        schedule: defaultScheduleFor(!!dump),
+        paths,
+        exclude: DEFAULT_EXCLUDES,
+        volumes: volumes.length > 0 ? volumes : undefined,
+        preDump: dump,
+        retention: DEFAULT_RETENTION,
+    };
+}

package/dist/core/backup/dump.d.ts

@@ -0,0 +1,11 @@
+import { FleetError } from '../errors.js';
+import { DumpHook } from './types.js';
+export declare class DumpError extends FleetError {
+}
+/** returns the shell command that streams a database dump to stdout.
+ * caller pipes the output into `restic backup --stdin` via sh -c so the
+ * dump bytes flow kernel-to-kernel and never enter node's spawnSync
+ * buffer (which has a 1mb ceiling and dies on multi-gb dumps). */
+export declare function dumpStreamCommand(hook: DumpHook): string;
+/** filename used inside the restic snapshot for the dump stream. */
+export declare function dumpFilename(hook: DumpHook): string;

package/dist/core/backup/dump.js

@@ -0,0 +1,82 @@
+import { FleetError } from '../errors.js';
+export class DumpError extends FleetError {
+}
+/** sh single-quote escape — wraps s in '...' with embedded quotes escaped
+ * as '\''. safe even if s contains $, `, \, *, spaces, or single quotes. */
+function shq(s) {
+    return `'${s.replace(/'/g, "'\\''")}'`;
+}
+/** returns the shell command that streams a database dump to stdout.
+ * caller pipes the output into `restic backup --stdin` via sh -c so the
+ * dump bytes flow kernel-to-kernel and never enter node's spawnSync
+ * buffer (which has a 1mb ceiling and dies on multi-gb dumps). */
+export function dumpStreamCommand(hook) {
+    switch (hook.type) {
+        case 'postgres': {
+            // postgres_user is set as env in shared-postgres compose; password
+            // auth not needed because pg_dumpall runs as the postgres unix user
+            // and gets peer auth on the unix socket inside the container.
+            const user = hook.user ? shq(hook.user) : `"$${hook.userEnv ?? 'POSTGRES_USER'}"`;
+            const inner = hook.db
+                ? `pg_dump -U ${user} -d ${shq(hook.db)} --no-owner --no-acl --clean --if-exists`
+                : `pg_dumpall -U ${user} --no-role-passwords`;
+            return `docker exec ${hook.container} sh -c ${shq(inner)}`;
+        }
+        case 'mysql': {
+            const user = hook.user ?? (hook.userEnv ? `\${${hook.userEnv}}` : 'root');
+            const dbFlag = hook.db ? shq(hook.db) : '--all-databases';
+            const passwordExpr = hook.passwordFile
+                ? `"$(cat ${shq(hook.passwordFile)})"`
+                : hook.passwordEnv
+                    ? `"\${${hook.passwordEnv}}"`
+                    : '"${MYSQL_ROOT_PASSWORD}"';
+            const inner = `mysqldump -u${user} -p${passwordExpr} --single-transaction --routines --triggers ${dbFlag}`;
+            return `docker exec ${hook.container} sh -c ${shq(inner)}`;
+        }
+        case 'mongo': {
+            const user = hook.user ?? (hook.userEnv ? `\${${hook.userEnv}}` : 'root');
+            const dbFlag = hook.db ? `--db=${shq(hook.db)}` : '';
+            const passwordExpr = hook.passwordFile
+                ? `"$(cat ${shq(hook.passwordFile)})"`
+                : hook.passwordEnv
+                    ? `"\${${hook.passwordEnv}}"`
+                    : '"${MONGO_INITDB_ROOT_PASSWORD}"';
+            const inner = `mongodump --archive --quiet --username ${user} --password ${passwordExpr} --authenticationDatabase admin ${dbFlag}`.trim();
+            return `docker exec ${hook.container} sh -c ${shq(inner)}`;
+        }
+        case 'redis': {
+            const portFlag = hook.port ? `-p ${hook.port}` : '';
+            // redis-cli --rdb writes to a tempfile, then we cat it. >/dev/null on
+            // the rdb step keeps redis-cli's progress chatter out of the stream.
+            // when a host command supplies the password, inject it via docker exec
+            // -e so it never lives on the redis-cli cmdline (which would show in
+            // ps inside the container).
+            if (hook.passwordHostCommand) {
+                const inner = `redis-cli --no-auth-warning ${portFlag} -a "$REDIS_PASSWORD" --rdb /tmp/dump.rdb >/dev/null && cat /tmp/dump.rdb`;
+                return `docker exec -e REDIS_PASSWORD="$(${hook.passwordHostCommand})" ${hook.container} sh -c ${shq(inner)}`;
+            }
+            const passwordExpr = hook.passwordFile
+                ? `"$(cat ${shq(hook.passwordFile)})"`
+                : hook.passwordEnv
+                    ? `"\${${hook.passwordEnv}}"`
+                    : '"${REDIS_PASSWORD:-}"';
+            const inner = `redis-cli --no-auth-warning ${portFlag} -a ${passwordExpr} --rdb /tmp/dump.rdb >/dev/null && cat /tmp/dump.rdb`;
+            return `docker exec ${hook.container} sh -c ${shq(inner)}`;
+        }
+        default:
+            throw new DumpError(`unsupported dump type: ${hook.type}`);
+    }
+}
+/** filename used inside the restic snapshot for the dump stream. */
+export function dumpFilename(hook) {
+    switch (hook.type) {
+        case 'postgres':
+            return `${hook.db ?? 'all'}.pg.sql`;
+        case 'mysql':
+            return `${hook.db ?? 'all'}.mysql.sql`;
+        case 'mongo':
+            return `${hook.db ?? 'all'}.mongo.archive`;
+        case 'redis':
+            return `dump.rdb`;
+    }
+}

package/dist/core/backup/index.d.ts

@@ -0,0 +1,9 @@
+export * from './types.js';
+export * from './config.js';
+export * from './unlock.js';
+export * from './repo.js';
+export * from './dump.js';
+export * from './system.js';
+export * from './cloudflare.js';
+export * from './schedule.js';
+export * from './detect.js';

package/dist/core/backup/index.js

@@ -0,0 +1,9 @@
+export * from './types.js';
+export * from './config.js';
+export * from './unlock.js';
+export * from './repo.js';
+export * from './dump.js';
+export * from './system.js';
+export * from './cloudflare.js';
+export * from './schedule.js';
+export * from './detect.js';