lockbot 2.5.4__tar.gz → 2.6.0__tar.gz

{lockbot-2.5.4/python/lockbot.egg-info → lockbot-2.6.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: lockbot
-Version: 2.5.4
+Version: 2.6.0
 Summary: Cluster resource management bot for IM platforms
 Author-email: Jianbang Yang <yangjianbang112@gmail.com>
 License: MIT
@@ -34,6 +34,8 @@ Requires-Dist: bcrypt
 Requires-Dist: python-multipart
 Requires-Dist: httpx
 Requires-Dist: slowapi
+Requires-Dist: pyzipper
+Requires-Dist: bce-python-sdk
 Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: ruff==0.15.10; extra == "dev"

{lockbot-2.5.4 → lockbot-2.6.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "lockbot"
-version = "2.5.4"
+version = "2.6.0"
 description = "Cluster resource management bot for IM platforms"
 readme = "README.md"
 license = {text = "MIT"}
@@ -42,6 +42,8 @@ dependencies = [
     "python-multipart",
     "httpx",
     "slowapi",
+    "pyzipper",
+    "bce-python-sdk",
 ]
 
 [project.optional-dependencies]

lockbot-2.6.0/python/lockbot/backend/app/backup/router.py

@@ -0,0 +1,96 @@
+"""
+Backup API — configuration + trigger endpoints.
+"""
+
+from fastapi import APIRouter, Depends, Request
+from pydantic import BaseModel
+from sqlalchemy.orm import Session
+
+from lockbot.backend.app.audit.service import write_audit_log
+from lockbot.backend.app.auth.dependencies import require_super_admin
+from lockbot.backend.app.auth.models import User
+from lockbot.backend.app.bots.encryption import mask
+from lockbot.backend.app.database import get_db
+
+from .scheduler import backup_scheduler
+from .service import (
+    ENCRYPTED_KEYS,
+    get_backup_config,
+    run_backup,
+    save_backup_config,
+    test_bos_connection,
+)
+
+router = APIRouter(prefix="/api/admin/backup", tags=["backup"])
+
+
+class BackupSettingsIn(BaseModel):
+    settings: dict[str, str]
+
+
+@router.get("/settings")
+def get_settings(
+    _admin: User = Depends(require_super_admin),
+    db: Session = Depends(get_db),
+):
+    """Return backup config with sensitive fields masked."""
+    config = get_backup_config(db)
+    # Mask secrets for display
+    for key in ENCRYPTED_KEYS:
+        if config.get(key):
+            config[key] = mask(config[key])
+    return config
+
+
+@router.put("/settings")
+def update_settings(
+    body: BackupSettingsIn,
+    _admin: User = Depends(require_super_admin),
+    db: Session = Depends(get_db),
+):
+    """Save backup configuration."""
+    save_backup_config(db, body.settings)
+    backup_scheduler.reload()
+    return {"ok": True}
+
+
+@router.get("/scheduler/status")
+def scheduler_status(
+    _admin: User = Depends(require_super_admin),
+):
+    """Return backup scheduler liveness status."""
+    return backup_scheduler.status()
+
+
+@router.post("/run")
+def trigger_backup(
+    request: Request,
+    _admin: User = Depends(require_super_admin),
+    db: Session = Depends(get_db),
+):
+    """Trigger an immediate backup to BOS."""
+    result = run_backup(db)
+    write_audit_log(
+        db,
+        _admin,
+        "admin.bos_backup",
+        detail={"object_key": result.get("object_key"), "size": result.get("size")},
+        ip=request.client.host if request.client else None,
+        result="success" if result["success"] else "failure",
+    )
+    db.commit()
+    return result
+
+
+@router.post("/test-connection")
+def test_connection(
+    _admin: User = Depends(require_super_admin),
+    db: Session = Depends(get_db),
+):
+    """Test BOS connectivity."""
+    config = get_backup_config(db)
+    try:
+        test_bos_connection(config)
+        return {"ok": True}
+    except Exception as e:
+        return {"ok": False, "error": str(e)}

lockbot-2.6.0/python/lockbot/backend/app/backup/scheduler.py

@@ -0,0 +1,139 @@
+"""
+Backup scheduler — daemon thread for periodic BOS backups.
+"""
+
+import logging
+import threading
+from datetime import datetime, timedelta, timezone
+
+logger = logging.getLogger(__name__)
+
+
+class BackupScheduler:
+    """Simple daemon-thread scheduler for periodic backups."""
+
+    def __init__(self):
+        self._thread: threading.Thread | None = None
+        self._stop_event = threading.Event()
+        self._reload_event = threading.Event()
+        self._started_at: datetime | None = None
+        self._last_heartbeat: datetime | None = None
+        self._last_error: str = ""
+        self._next_run_at: datetime | None = None
+
+    def start(self):
+        if self._thread and self._thread.is_alive():
+            return
+        self._stop_event.clear()
+        self._started_at = datetime.now(timezone.utc)
+        self._last_error = ""
+        self._thread = threading.Thread(target=self._run, daemon=True, name="backup-scheduler")
+        self._thread.start()
+        logger.info("Backup scheduler started")
+
+    def stop(self):
+        self._stop_event.set()
+        self._reload_event.set()  # Wake up sleeping thread
+        if self._thread:
+            self._thread.join(timeout=5)
+        logger.info("Backup scheduler stopped")
+
+    def reload(self):
+        """Signal the scheduler to re-read config and recalculate next run."""
+        self._reload_event.set()
+
+    def status(self) -> dict:
+        """Return scheduler liveness information for admin monitoring."""
+        thread_alive = bool(self._thread and self._thread.is_alive())
+        return {
+            "running": thread_alive and not self._stop_event.is_set(),
+            "thread_alive": thread_alive,
+            "started_at": self._started_at.isoformat() if self._started_at else "",
+            "last_heartbeat": self._last_heartbeat.isoformat() if self._last_heartbeat else "",
+            "next_run_at": self._next_run_at.isoformat() if self._next_run_at else "",
+            "last_error": self._last_error,
+        }
+
+    def _run(self):
+        while not self._stop_event.is_set():
+            self._last_heartbeat = datetime.now(timezone.utc)
+            try:
+                seconds = self._seconds_until_next()
+                if seconds is not None:
+                    self._next_run_at = datetime.now(timezone.utc) + timedelta(seconds=seconds)
+                else:
+                    self._next_run_at = None
+                if seconds is None:
+                    # Auto-backup disabled, sleep and wait for reload
+                    self._reload_event.wait(timeout=300)
+                    self._reload_event.clear()
+                    continue
+
+                # Sleep until next fire time (interruptible by reload/stop)
+                logger.info("Next backup in %d seconds", seconds)
+                triggered = self._reload_event.wait(timeout=seconds)
+                self._reload_event.clear()
+                if triggered or self._stop_event.is_set():
+                    continue  # Config changed or shutting down, recalculate
+
+                # Time to backup
+                self._do_backup()
+            except Exception as exc:
+                self._last_error = str(exc)
+                logger.exception("Backup scheduler error")
+                # Sleep a bit before retry
+                self._stop_event.wait(timeout=60)
+
+    def _seconds_until_next(self) -> int | None:
+        """Calculate seconds until next backup. Returns None if disabled."""
+        from lockbot.backend.app.backup.service import get_backup_config
+        from lockbot.backend.app.database import SessionLocal
+
+        db = SessionLocal()
+        try:
+            config = get_backup_config(db)
+        finally:
+            db.close()
+
+        if config["backup_auto_enabled"] != "true":
+            return None
+        if config["backup_method"] != "bos":
+            return None
+
+        freq = config["backup_frequency"]  # e.g. "daily:03:00"
+        if not freq.startswith("daily:"):
+            return None
+
+        time_str = freq[6:]  # "HH:MM"
+        try:
+            hour, minute = int(time_str[:2]), int(time_str[3:5])
+        except (ValueError, IndexError):
+            return None
+
+        now = datetime.now(timezone.utc)
+        target = now.replace(hour=hour, minute=minute, second=0, microsecond=0)
+        if target <= now:
+            # Next day
+            from datetime import timedelta
+
+            target += timedelta(days=1)
+
+        return int((target - now).total_seconds())
+
+    def _do_backup(self):
+        """Execute backup using a fresh DB session."""
+        from lockbot.backend.app.backup.service import run_backup
+        from lockbot.backend.app.database import SessionLocal
+
+        db = SessionLocal()
+        try:
+            result = run_backup(db)
+            if result["success"]:
+                logger.info("Scheduled backup completed: %s", result["object_key"])
+            else:
+                logger.error("Scheduled backup failed: %s", result.get("error"))
+        finally:
+            db.close()
+
+
+backup_scheduler = BackupScheduler()

lockbot-2.6.0/python/lockbot/backend/app/backup/service.py

@@ -0,0 +1,191 @@
+"""
+BOS backup service — create archive and upload to Baidu Object Storage.
+"""
+
+import logging
+import sqlite3
+import tempfile
+from datetime import datetime, timezone
+from pathlib import Path
+
+import pyzipper
+from baidubce.auth.bce_credentials import BceCredentials
+from baidubce.bce_client_configuration import BceClientConfiguration
+from baidubce.services.bos.bos_client import BosClient
+from sqlalchemy.orm import Session
+
+from lockbot.backend.app.bots.encryption import decrypt, encrypt
+from lockbot.backend.app.config import DATA_DIR, DATABASE_URL
+from lockbot.backend.app.settings.models import SiteSetting
+
+logger = logging.getLogger(__name__)
+
+# Setting keys
+_KEYS = [
+    "backup_method",
+    "backup_bos_ak",
+    "backup_bos_sk",
+    "backup_bos_endpoint",
+    "backup_bos_bucket",
+    "backup_bos_prefix",
+    "backup_zip_password",
+    "backup_frequency",
+    "backup_auto_enabled",
+    "backup_last_time",
+    "backup_last_status",
+    "backup_total_count",
+]
+
+ENCRYPTED_KEYS = {"backup_bos_sk"}
+
+
+def get_backup_config(db: Session) -> dict:
+    """Read all backup_* settings, decrypting sensitive fields."""
+    rows = db.query(SiteSetting).filter(SiteSetting.key.in_(_KEYS)).all()
+    config = {k: "" for k in _KEYS}
+    for row in rows:
+        val = row.value or ""
+        if row.key in ENCRYPTED_KEYS and val:
+            try:
+                val = decrypt(val)
+            except Exception:
+                val = ""
+        config[row.key] = val
+    return config
+
+
+def save_backup_config(db: Session, data: dict) -> None:
+    """Save backup settings, encrypting sensitive fields. Skips masked values."""
+    for key, value in data.items():
+        if key not in _KEYS:
+            continue
+        # Skip masked placeholder (frontend sends *** for unchanged secrets)
+        if key in ENCRYPTED_KEYS and value and value.startswith("***"):
+            continue
+        store_val = value
+        if key in ENCRYPTED_KEYS and value:
+            store_val = encrypt(value)
+        row = db.get(SiteSetting, key)
+        if row is None:
+            row = SiteSetting(key=key, value=store_val, updated_at=datetime.now(timezone.utc))
+            db.add(row)
+        else:
+            row.value = store_val
+            row.updated_at = datetime.now(timezone.utc)
+    db.commit()
+
+
+def _update_backup_stats(db: Session, success: bool) -> None:
+    """Update last backup time, status, and increment count."""
+    now = datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M:%S")
+    updates = {
+        "backup_last_time": now,
+        "backup_last_status": "success" if success else "failed",
+    }
+    if success:
+        row = db.get(SiteSetting, "backup_total_count")
+        count = int(row.value) if row and row.value else 0
+        updates["backup_total_count"] = str(count + 1)
+
+    for key, val in updates.items():
+        row = db.get(SiteSetting, key)
+        if row is None:
+            row = SiteSetting(key=key, value=val, updated_at=datetime.now(timezone.utc))
+            db.add(row)
+        else:
+            row.value = val
+            row.updated_at = datetime.now(timezone.utc)
+    db.commit()
+
+
+def create_backup_archive(password: str | None = None) -> Path:
+    """Create a zip archive of DB + bot state files. Returns path to temp zip."""
+    if not DATABASE_URL.startswith("sqlite:///"):
+        raise RuntimeError("Backup only supported for SQLite")
+
+    db_path = DATABASE_URL[len("sqlite:///") :]
+    tmp_dir = tempfile.mkdtemp(prefix="lockbot_backup_")
+    ts = datetime.now(timezone.utc).strftime("%Y%m%d_%H%M%S")
+    zip_path = Path(tmp_dir) / f"lockbot_backup_{ts}.zip"
+
+    # Safe SQLite copy
+    backup_db = Path(tmp_dir) / "lockbot.db"
+    src = sqlite3.connect(db_path)
+    dst = sqlite3.connect(str(backup_db))
+    src.backup(dst)
+    src.close()
+    dst.close()
+
+    # Collect bot state files
+    bots_dir = Path(DATA_DIR) / "bots"
+    state_files: list[tuple[Path, str]] = []
+    if bots_dir.exists():
+        for state_file in bots_dir.rglob("bot_state.json"):
+            arcname = str(state_file.relative_to(Path(DATA_DIR)))
+            state_files.append((state_file, arcname))
+
+    # Create zip (AES encrypted if password set)
+    if password:
+        with pyzipper.AESZipFile(
+            str(zip_path), "w", compression=pyzipper.ZIP_DEFLATED, encryption=pyzipper.WZ_AES
+        ) as zf:
+            zf.setpassword(password.encode())
+            zf.write(str(backup_db), "lockbot.db")
+            for fpath, arcname in state_files:
+                zf.write(str(fpath), arcname)
+    else:
+        with pyzipper.ZipFile(str(zip_path), "w", compression=pyzipper.ZIP_DEFLATED) as zf:
+            zf.write(str(backup_db), "lockbot.db")
+            for fpath, arcname in state_files:
+                zf.write(str(fpath), arcname)
+
+    # Cleanup temp db
+    backup_db.unlink(missing_ok=True)
+    return zip_path
+
+
+def _build_bos_client(config: dict) -> BosClient:
+    """Create BOS client from config dict."""
+    return BosClient(
+        BceClientConfiguration(
+            credentials=BceCredentials(config["backup_bos_ak"], config["backup_bos_sk"]),
+            endpoint=config["backup_bos_endpoint"],
+        )
+    )
+
+
+def upload_to_bos(filepath: Path, config: dict) -> str:
+    """Upload file to BOS. Returns the object key."""
+    client = _build_bos_client(config)
+    prefix = config["backup_bos_prefix"].strip("/")
+    object_key = f"{prefix}/{filepath.name}" if prefix else filepath.name
+    client.put_object_from_file(config["backup_bos_bucket"], object_key, str(filepath))
+    return object_key
+
+
+def test_bos_connection(config: dict) -> bool:
+    """Test BOS connectivity by checking bucket existence."""
+    client = _build_bos_client(config)
+    client.list_objects(config["backup_bos_bucket"], max_keys=1)
+    return True
+
+
+def run_backup(db: Session) -> dict:
+    """Execute full backup flow: archive → upload → update stats."""
+    config = get_backup_config(db)
+    zip_path = None
+    try:
+        password = config["backup_zip_password"] or None
+        zip_path = create_backup_archive(password)
+        object_key = upload_to_bos(zip_path, config)
+        size = zip_path.stat().st_size
+        _update_backup_stats(db, success=True)
+        return {"success": True, "object_key": object_key, "size": size}
+    except Exception as e:
+        logger.exception("Backup failed")
+        _update_backup_stats(db, success=False)
+        return {"success": False, "error": str(e)}
+    finally:
+        if zip_path and zip_path.exists():
+            zip_path.unlink(missing_ok=True)
+            zip_path.parent.rmdir()

{lockbot-2.5.4 → lockbot-2.6.0}/python/lockbot/backend/app/bots/models.py

@@ -34,6 +34,7 @@ class Bot(Base):
     consecutive_failures: Mapped[int] = mapped_column(Integer, default=0)
     last_request_at: Mapped[datetime | None] = mapped_column(DateTime, nullable=True)
     config_overrides: Mapped[str] = mapped_column(Text, default="{}")  # JSON
+    api_key: Mapped[str | None] = mapped_column(String(128), nullable=True)
 
     # Soft delete
     is_deleted: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False)