[pocketbase#2599] added option to upload a backup file from the Admin UI

CHANGELOG.md

@@ -4,6 +4,8 @@
 
 - Bumped the min TLS version to 1.2 in order to improve the cert score.
 
+- Added option to upload a backup file from the Admin UI ([#2599](https://github.com/pocketbase/pocketbase/issues/2599)).
+
 - Added new `SmtpConfig.LocalName` option to specify a custom domain name (or IP address) for the initial EHLO/HELO exchange ([#3097](https://github.com/pocketbase/pocketbase/discussions/3097)).
   _This is usually required for verification purposes only by some SMTP providers, such as on-premise [Gmail SMTP-relay](https://support.google.com/a/answer/2956491)._
 

apis/backup.go

@@ -11,6 +11,8 @@ import (
 	"github.com/pocketbase/pocketbase/core"
 	"github.com/pocketbase/pocketbase/forms"
 	"github.com/pocketbase/pocketbase/models"
+	"github.com/pocketbase/pocketbase/tools/filesystem"
+	"github.com/pocketbase/pocketbase/tools/rest"
 	"github.com/pocketbase/pocketbase/tools/types"
 	"github.com/spf13/cast"
 )
@@ -24,6 +26,7 @@ func bindBackupApi(app core.App, rg *echo.Group) {
 	subGroup := rg.Group("/backups", ActivityLogger(app))
 	subGroup.GET("", api.list, RequireAdminAuth())
 	subGroup.POST("", api.create, RequireAdminAuth())
+	subGroup.POST("/upload", api.upload, RequireAdminAuth())
 	subGroup.GET("/:key", api.download)
 	subGroup.DELETE("/:key", api.delete, RequireAdminAuth())
 	subGroup.POST("/:key/restore", api.restore, RequireAdminAuth())
@@ -88,6 +91,28 @@ func (api *backupApi) create(c echo.Context) error {
 	})
 }
 
+func (api *backupApi) upload(c echo.Context) error {
+	files, err := rest.FindUploadedFiles(c.Request(), "file")
+	if err != nil {
+		return NewBadRequestError("Missing or invalid uploaded file.", err)
+	}
+
+	form := forms.NewBackupUpload(api.app)
+	form.File = files[0]
+
+	return form.Submit(func(next forms.InterceptorNextFunc[*filesystem.File]) forms.InterceptorNextFunc[*filesystem.File] {
+		return func(file *filesystem.File) error {
+			if err := next(file); err != nil {
+				return NewBadRequestError("Failed to upload backup.", err)
+			}
+
+			// we don't retrieve the generated backup file because it may not be
+			// available yet due to the eventually consistent nature of some S3 providers
+			return c.NoContent(http.StatusNoContent)
+		}
+	})
+}
+
 func (api *backupApi) download(c echo.Context) error {
 	fileToken := c.QueryParam("token")
 

apis/backup_test.go

@@ -1,7 +1,11 @@
 package apis_test
 
 import (
+	"archive/zip"
+	"bytes"
 	"context"
+	"io"
+	"mime/multipart"
 	"net/http"
 	"strings"
 	"testing"
@@ -193,6 +197,138 @@ func TestBackupsCreate(t *testing.T) {
 	}
 }
 
+func TestBackupsUpload(t *testing.T) {
+	// create dummy form data bodies
+	type body struct {
+		buffer      io.Reader
+		contentType string
+	}
+	bodies := make([]body, 10)
+	for i := 0; i < 10; i++ {
+		func() {
+			zb := new(bytes.Buffer)
+			zw := zip.NewWriter(zb)
+			if err := zw.Close(); err != nil {
+				t.Fatal(err)
+			}
+
+			b := new(bytes.Buffer)
+			mw := multipart.NewWriter(b)
+
+			mfw, err := mw.CreateFormFile("file", "test")
+			if err != nil {
+				t.Fatal(err)
+			}
+			if _, err := io.Copy(mfw, zb); err != nil {
+				t.Fatal(err)
+			}
+
+			mw.Close()
+
+			bodies[i] = body{
+				buffer:      b,
+				contentType: mw.FormDataContentType(),
+			}
+		}()
+	}
+	// ---
+
+	scenarios := []tests.ApiScenario{
+		{
+			Name:   "unauthorized",
+			Method: http.MethodPost,
+			Url:    "/api/backups/upload",
+			Body:   bodies[0].buffer,
+			RequestHeaders: map[string]string{
+				"Content-Type": bodies[0].contentType,
+			},
+			AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) {
+				ensureNoBackups(t, app)
+			},
+			ExpectedStatus:  401,
+			ExpectedContent: []string{`"data":{}`},
+		},
+		{
+			Name:   "authorized as auth record",
+			Method: http.MethodPost,
+			Url:    "/api/backups/upload",
+			Body:   bodies[1].buffer,
+			RequestHeaders: map[string]string{
+				"Content-Type":  bodies[1].contentType,
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoUmVjb3JkIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyMjA4OTg1MjYxfQ.UwD8JvkbQtXpymT09d7J6fdA0aP9g4FJ1GPh_ggEkzc",
+			},
+			AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) {
+				ensureNoBackups(t, app)
+			},
+			ExpectedStatus:  401,
+			ExpectedContent: []string{`"data":{}`},
+		},
+		{
+			Name:   "authorized as admin (missing file)",
+			Method: http.MethodPost,
+			Url:    "/api/backups/upload",
+			RequestHeaders: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8",
+			},
+			AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) {
+				ensureNoBackups(t, app)
+			},
+			ExpectedStatus:  400,
+			ExpectedContent: []string{`"data":{`},
+		},
+		{
+			Name:   "authorized as admin (existing backup name)",
+			Method: http.MethodPost,
+			Url:    "/api/backups/upload",
+			Body:   bodies[3].buffer,
+			RequestHeaders: map[string]string{
+				"Content-Type":  bodies[3].contentType,
+				"Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8",
+			},
+			BeforeTestFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
+				fsys, err := app.NewBackupsFilesystem()
+				if err != nil {
+					t.Fatal(err)
+				}
+				defer fsys.Close()
+				// create a dummy backup file to simulate existing backups
+				if err := fsys.Upload([]byte("123"), "test"); err != nil {
+					t.Fatal(err)
+				}
+			},
+			AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) {
+				files, _ := getBackupFiles(app)
+				if total := len(files); total != 1 {
+					t.Fatalf("Expected %d backup file, got %d", 1, total)
+				}
+			},
+			ExpectedStatus:  400,
+			ExpectedContent: []string{`"data":{"file":{`},
+		},
+		{
+			Name:   "authorized as admin (valid file)",
+			Method: http.MethodPost,
+			Url:    "/api/backups/upload",
+			Body:   bodies[4].buffer,
+			RequestHeaders: map[string]string{
+				"Content-Type":  bodies[4].contentType,
+				"Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhZG1pbiIsImV4cCI6MjIwODk4NTI2MX0.M1m--VOqGyv0d23eeUc0r9xE8ZzHaYVmVFw1VZW6gT8",
+			},
+			AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) {
+				files, _ := getBackupFiles(app)
+				if total := len(files); total != 1 {
+					t.Fatalf("Expected %d backup file, got %d", 1, total)
+				}
+			},
+			ExpectedStatus: 204,
+		},
+	}
+
+	for _, scenario := range scenarios {
+		scenario.Test(t)
+	}
+}
+
 func TestBackupsDownload(t *testing.T) {
 	scenarios := []tests.ApiScenario{
 		{

forms/backup_create_test.go

@@ -38,7 +38,7 @@ func TestBackupCreateValidateAndSubmit(t *testing.T) {
 	}
 
 	for _, s := range scenarios {
-		func() {
+		t.Run(s.name, func(t *testing.T) {
 			app, _ := tests.NewTestApp()
 			defer app.Cleanup()
 
@@ -56,47 +56,47 @@ func TestBackupCreateValidateAndSubmit(t *testing.T) {
 			// parse errors
 			errs, ok := result.(validation.Errors)
 			if !ok && result != nil {
-				t.Errorf("[%s] Failed to parse errors %v", s.name, result)
+				t.Fatalf("Failed to parse errors %v", result)
 				return
 			}
 
 			// check errors
 			if len(errs) > len(s.expectedErrors) {
-				t.Errorf("[%s] Expected error keys %v, got %v", s.name, s.expectedErrors, errs)
+				t.Fatalf("Expected error keys %v, got %v", s.expectedErrors, errs)
 			}
 			for _, k := range s.expectedErrors {
 				if _, ok := errs[k]; !ok {
-					t.Errorf("[%s] Missing expected error key %q in %v", s.name, k, errs)
+					t.Fatalf("Missing expected error key %q in %v", k, errs)
 				}
 			}
 
 			// retrieve all created backup files
 			files, err := fsys.List("")
 			if err != nil {
-				t.Errorf("[%s] Failed to retrieve backup files", s.name)
+				t.Fatal("Failed to retrieve backup files")
 				return
 			}
 
 			if result != nil {
 				if total := len(files); total != 0 {
-					t.Errorf("[%s] Didn't expected backup files, found %d", s.name, total)
+					t.Fatalf("Didn't expected backup files, found %d", total)
 				}
 				return
 			}
 
 			if total := len(files); total != 1 {
-				t.Errorf("[%s] Expected 1 backup file, got %d", s.name, total)
+				t.Fatalf("Expected 1 backup file, got %d", total)
 				return
 			}
 
 			if s.backupName == "" {
 				prefix := "pb_backup_"
 				if !strings.HasPrefix(files[0].Key, prefix) {
-					t.Errorf("[%s] Expected the backup file, to have prefix %q: %q", s.name, prefix, files[0].Key)
+					t.Fatalf("Expected the backup file, to have prefix %q: %q", prefix, files[0].Key)
 				}
 			} else if s.backupName != files[0].Key {
-				t.Errorf("[%s] Expected backup file %q, got %q", s.name, s.backupName, files[0].Key)
+				t.Fatalf("Expected backup file %q, got %q", s.backupName, files[0].Key)
 			}
-		}()
+		})
 	}
 }

forms/backup_upload.go

@@ -0,0 +1,85 @@
+package forms
+
+import (
+	"context"
+
+	validation "github.com/go-ozzo/ozzo-validation/v4"
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/forms/validators"
+	"github.com/pocketbase/pocketbase/tools/filesystem"
+)
+
+// BackupUpload is a request form for uploading a new app backup.
+type BackupUpload struct {
+	app core.App
+	ctx context.Context
+
+	File *filesystem.File `json:"file"`
+}
+
+// NewBackupUpload creates new BackupUpload request form.
+func NewBackupUpload(app core.App) *BackupUpload {
+	return &BackupUpload{
+		app: app,
+		ctx: context.Background(),
+	}
+}
+
+// SetContext replaces the default form upload context with the provided one.
+func (form *BackupUpload) SetContext(ctx context.Context) {
+	form.ctx = ctx
+}
+
+// Validate makes the form validatable by implementing [validation.Validatable] interface.
+func (form *BackupUpload) Validate() error {
+	return validation.ValidateStruct(form,
+		validation.Field(
+			&form.File,
+			validation.Required,
+			validation.By(validators.UploadedFileMimeType([]string{"application/zip"})),
+			validation.By(form.checkUniqueName),
+		),
+	)
+}
+
+func (form *BackupUpload) checkUniqueName(value any) error {
+	v, _ := value.(*filesystem.File)
+	if v == nil {
+		return nil // nothing to check
+	}
+
+	fsys, err := form.app.NewBackupsFilesystem()
+	if err != nil {
+		return err
+	}
+	defer fsys.Close()
+
+	fsys.SetContext(form.ctx)
+
+	if exists, err := fsys.Exists(v.OriginalName); err != nil || exists {
+		return validation.NewError("validation_backup_name_exists", "Backup file with the specified name already exists.")
+	}
+
+	return nil
+}
+
+// Submit validates the form and upload the backup file.
+//
+// You can optionally provide a list of InterceptorFunc to further
+// modify the form behavior before uploading the backup.
+func (form *BackupUpload) Submit(interceptors ...InterceptorFunc[*filesystem.File]) error {
+	if err := form.Validate(); err != nil {
+		return err
+	}
+
+	return runInterceptors(form.File, func(file *filesystem.File) error {
+		fsys, err := form.app.NewBackupsFilesystem()
+		if err != nil {
+			return err
+		}
+
+		fsys.SetContext(form.ctx)
+
+		return fsys.UploadFile(file, file.OriginalName)
+	}, interceptors...)
+}