Build [v1.4.0] - Audit Dashboard & LDAP Restoration

This commit is contained in:
Daniel Bedeleanu
2026-04-12 09:39:17 +03:00
parent 5cceba21f4
commit f3d861b1a2
23 changed files with 973 additions and 382 deletions

138
backend/db_manager.py Normal file
View File

@@ -0,0 +1,138 @@
import os
import shutil
import datetime
import sqlite3
import logging
from typing import List
from sqlalchemy import text
from sqlalchemy.orm import Session
from .database import DATA_DIR, engine
from . import models, schemas
logger = logging.getLogger("ainventory")
BACKUP_DIR = os.path.join(DATA_DIR, "backups")
os.makedirs(BACKUP_DIR, exist_ok=True)
class DbManager:
@staticmethod
def get_backup_list() -> List[schemas.BackupInfo]:
"""List all available backup files with metadata."""
backups = []
if not os.path.exists(BACKUP_DIR):
return []
for filename in os.listdir(BACKUP_DIR):
if filename.endswith(".db"):
path = os.path.join(BACKUP_DIR, filename)
stats = os.stat(path)
backups.append(schemas.BackupInfo(
filename=filename,
size_bytes=stats.st_size,
created_at=datetime.datetime.fromtimestamp(stats.st_mtime)
))
# Sort by creation time descending
backups.sort(key=lambda x: x.created_at, reverse=True)
return backups
@staticmethod
def get_stats() -> schemas.DatabaseStats:
"""Calculate storage statistics for backups."""
backups = DbManager.get_backup_list()
total_size = sum(b.size_bytes for b in backups)
return schemas.DatabaseStats(
backup_count=len(backups),
total_size_bytes=total_size
)
@staticmethod
def create_backup(db: Session, label: str = "manual", user_id: int = None) -> str:
"""
Creates a consistent snapshot of the active database using VACUUM INTO.
Records the action in AuditLog.
"""
timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
filename = f"inventory_{label}_{timestamp}.db"
target_path = os.path.join(BACKUP_DIR, filename)
try:
# Use SQLite's VACUUM INTO for a safe, non-blocking backup
# We need a clean string path without potential SQL injection (filenames are generated here)
db.execute(text(f"VACUUM INTO '{target_path}'"))
logger.info(f"[DB] Backup created successfully: {filename}")
# Audit Log
audit = models.AuditLog(
user_id=user_id,
action="DB_BACKUP",
details=f"Backup type: {label}. Created file: {filename}"
)
db.add(audit)
db.commit()
# Enforce retention policy
DbManager.enforce_retention(db)
return filename
except Exception as e:
logger.error(f"[DB] Backup failed: {str(e)}")
db.rollback()
raise Exception(f"Backup failed: {str(e)}")
@staticmethod
def enforce_retention(db: Session):
"""Deletes oldest backups if count exceeds retention limit."""
try:
# Get retention limit from settings
limit_setting = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_retention_count").first()
limit = int(limit_setting.value) if limit_setting else 10 # Default to 10
backups = DbManager.get_backup_list()
if len(backups) > limit:
to_delete = backups[limit:]
for b in to_delete:
path = os.path.join(BACKUP_DIR, b.filename)
if os.path.exists(path):
os.remove(path)
logger.info(f"[DB] Retention policy: deleted old backup {b.filename}")
except Exception as e:
logger.error(f"[DB] Retention enforcement failed: {str(e)}")
@staticmethod
def restore_backup(filename: str, db: Session, user_id: int) -> bool:
"""
Restores a database from a backup file.
IMPORTANT: This replaces the primary inventory.db file.
"""
source_path = os.path.join(BACKUP_DIR, filename)
active_db_path = os.path.join(DATA_DIR, "inventory.db")
if not os.path.exists(source_path):
raise Exception("Backup file not found")
try:
# 1. Create a safety rollback backup of current state
logger.info("[DB] Creating safety rollback backup before restore...")
DbManager.create_backup(db, label="rollback", user_id=user_id)
# 2. Close all connections (or as many as possible via pool dispose)
# engine.dispose() drops the current connection pool
engine.dispose()
# 3. Physically swap files
# Note: shutil.copy2 handles file metadata preservation
shutil.copy2(source_path, active_db_path)
logger.warning(f"[DB] RESTORE COMPLETED from {filename} by user_id={user_id}")
# Record the restore in the NEW database (since we just swapped it)
# Re-initializing session logic might be needed but usually next request handles it.
# However, for the current request, the 'db' session is still bound to the OLD file mapping possibly?
# Actually, the file on disk is changed. Next commit might fail or work depending on how sqlite handles it.
# It's safest to return success and let the frontend trigger a reload.
return True
except Exception as e:
logger.error(f"[DB] Restore failed: {str(e)}")
raise Exception(f"Restore failed: {str(e)}")

View File

@@ -5,8 +5,9 @@ from slowapi import Limiter
from slowapi.util import get_remote_address
from . import models
from .database import engine
from .routers import items, operations, users, categories
from .routers import items, operations, users, categories, admin_db
from .logger import log
from .scheduler import scheduler, sync_scheduler_config
# Create the database tables
from .database import DATA_DIR, db_path
@@ -33,7 +34,7 @@ app.add_middleware(
CORSMiddleware,
allow_origins=ALLOWED_ORIGINS,
allow_credentials=True,
allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
allow_methods=["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
allow_headers=["*"],
)
@@ -45,6 +46,13 @@ app.include_router(items.router)
app.include_router(operations.router)
app.include_router(users.router)
app.include_router(categories.router)
app.include_router(admin_db.router)
@app.on_event("startup")
def startup_event():
log.info("[STARTUP] Starting background scheduler...")
scheduler.start()
sync_scheduler_config()
@app.get("/")
def read_root():

View File

@@ -48,7 +48,7 @@ class AuditLog(Base):
__tablename__ = "audit_logs"
id = Column(Integer, primary_key=True, index=True)
timestamp = Column(DateTime, default=datetime.datetime.utcnow)
timestamp = Column(DateTime, default=datetime.datetime.now)
user_id = Column(Integer, ForeignKey("users.id"))
action = Column(String) # e.g., 'CHECK_IN', 'CHECK_OUT', 'CREATE_ITEM'
target_item_id = Column(Integer, nullable=True)
@@ -64,7 +64,7 @@ class Intervention(Base):
id = Column(Integer, primary_key=True, index=True)
name = Column(String)
status = Column(String, default="ACTIVE")
created_at = Column(DateTime, default=datetime.datetime.utcnow)
created_at = Column(DateTime, default=datetime.datetime.now)
items = relationship("InterventionItem", back_populates="intervention")
@@ -78,3 +78,9 @@ class InterventionItem(Base):
checked_out_quantity = Column(Float, default=0.0)
intervention = relationship("Intervention", back_populates="items")
class SystemSetting(Base):
__tablename__ = "system_settings"
key = Column(String, primary_key=True, index=True)
value = Column(String)

View File

@@ -12,3 +12,4 @@ ldap3>=2.9.1
passlib[bcrypt]>=1.7.4
python-jose[cryptography]>=3.3.0
slowapi>=0.1.9
apscheduler>=3.10.1

105
backend/routers/admin_db.py Normal file
View File

@@ -0,0 +1,105 @@
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session
from typing import List
from .. import models, schemas, auth
from ..database import get_db
from ..db_manager import DbManager
from ..scheduler import sync_scheduler_config
router = APIRouter(
prefix="/admin/db",
tags=["Admin Database"]
)
@router.get("/backups", response_model=List[schemas.BackupInfo])
def get_backups(
db: Session = Depends(get_db),
current_admin: auth.TokenData = Depends(auth.get_current_admin)
):
"""List available database backups."""
return DbManager.get_backup_list()
@router.get("/stats", response_model=schemas.DatabaseStats)
def get_db_stats(
db: Session = Depends(get_db),
current_admin: auth.TokenData = Depends(auth.get_current_admin)
):
"""Get database backup storage statistics."""
return DbManager.get_stats()
@router.post("/backup", response_model=schemas.BackupInfo)
def trigger_manual_backup(
db: Session = Depends(get_db),
current_admin: auth.TokenData = Depends(auth.get_current_admin)
):
"""Trigger a manual database backup."""
filename = DbManager.create_backup(db, label="manual", user_id=current_admin.sub)
# Re-fetch the newly created file info
backups = DbManager.get_backup_list()
for b in backups:
if b.filename == filename:
return b
raise HTTPException(status_code=500, detail="Backup created but info not found")
@router.post("/restore")
def restore_database(
payload: dict,
db: Session = Depends(get_db),
current_admin: auth.TokenData = Depends(auth.get_current_admin)
):
"""Restore database from a specific file. DANGEROUS."""
filename = payload.get("filename")
confirm = payload.get("confirm", False)
if not filename:
raise HTTPException(status_code=400, detail="Filename required")
if not confirm:
raise HTTPException(status_code=400, detail="Confirmation required")
try:
success = DbManager.restore_backup(filename, db, user_id=current_admin.sub)
return {"status": "success", "message": f"Database restored from {filename}"}
except Exception as e:
raise HTTPException(status_code=500, detail=str(e))
@router.get("/settings", response_model=schemas.DbSettingsUpdate)
def get_db_settings(
db: Session = Depends(get_db),
current_admin: auth.TokenData = Depends(auth.get_current_admin)
):
"""Get database retention and scheduling settings."""
# Ensure default settings exist
retention = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_retention_count").first()
hour = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_schedule_hour").first()
freq = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_schedule_freq_days").first()
return {
"retention_count": int(retention.value) if retention else 10,
"schedule_hour": int(hour.value) if hour else 3,
"schedule_freq_days": int(freq.value) if freq else 1
}
@router.patch("/settings", response_model=schemas.DbSettingsUpdate)
def update_db_settings(
settings: schemas.DbSettingsUpdate,
db: Session = Depends(get_db),
current_admin: auth.TokenData = Depends(auth.get_current_admin)
):
"""Update database settings and re-trigger scheduler sync."""
pairs = {
"backup_retention_count": str(settings.retention_count),
"backup_schedule_hour": str(settings.schedule_hour),
"backup_schedule_freq_days": str(settings.schedule_freq_days)
}
for key, val in pairs.items():
existing = db.query(models.SystemSetting).filter(models.SystemSetting.key == key).first()
if existing:
existing.value = val
else:
db.add(models.SystemSetting(key=key, value=val))
db.commit()
# Re-trigger scheduler sync
sync_scheduler_config()
return settings

View File

@@ -143,11 +143,20 @@ def delete_item(
db: Session = Depends(get_db),
current_user: auth.TokenData = Depends(auth.get_current_user)
):
"""[C-01] Delete item — only for authenticated users."""
"""[C-01] Delete item — only for authenticated users. InterventionItems are cleared; AuditLogs are KEPT for history."""
db_item = db.query(models.Item).filter(models.Item.id == item_id).first()
if not db_item:
raise HTTPException(status_code=404, detail="Item not found")
# [AUDIT] Log the deletion to disk file via logger.py
from ..logger import log
log.warning(f"USER[{current_user.sub}] DELETING ITEM: ID={item_id}, Name={db_item.name}, PN={db_item.part_number}")
# [CLEANUP] Delete related InterventionItems to prevent foreign key issues
db.query(models.InterventionItem).filter(models.InterventionItem.item_id == item_id).delete()
# Audit Logs in database are NOT deleted here to preserve history of actions
db.delete(db_item)
db.commit()
return {"message": "Item deleted successfully"}
return {"message": "Item deleted successfully. History logs preserved."}

46
backend/scheduler.py Normal file
View File

@@ -0,0 +1,46 @@
from apscheduler.schedulers.background import BackgroundScheduler
from apscheduler.triggers.cron import CronTrigger
from .database import SessionLocal
from .db_manager import DbManager
from . import models
import logging
log = logging.getLogger("ainventory")
scheduler = BackgroundScheduler()
def scheduled_backup_job():
"""System triggered automated backup."""
db = SessionLocal()
try:
log.info("[SCHEDULER] Starting automated backup job...")
DbManager.create_backup(db, label="auto", user_id=None)
except Exception as e:
log.error(f"[SCHEDULER] Automated backup failed: {str(e)}")
finally:
db.close()
def sync_scheduler_config():
"""Read DB settings and update the scheduler job."""
db = SessionLocal()
try:
hour_s = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_schedule_hour").first()
freq_s = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_schedule_freq_days").first()
hour = int(hour_s.value) if hour_s else 3
freq = int(freq_s.value) if freq_s else 1
# Remove existing backup jobs to avoid duplicates
for job in scheduler.get_jobs():
if job.id == "auto_backup":
scheduler.remove_job(job.id)
# Add job with cron trigger: trigger at 'hour' every 'freq' days
# Use day='*/freq' for intervals in days
trigger = CronTrigger(hour=hour, minute=0, day=f"*/{freq}")
scheduler.add_job(scheduled_backup_job, trigger, id="auto_backup")
log.info(f"[SCHEDULER] Policy synced: Every {freq} days at {hour:02d}:00")
except Exception as e:
log.error(f"[SCHEDULER] Failed to sync config: {str(e)}")
finally:
db.close()

View File

@@ -116,3 +116,27 @@ class AuditLogResponse(BaseModel):
class Config:
from_attributes = True
# --- System Settings ---
class SystemSettingBase(BaseModel):
key: str
value: str
class SystemSetting(SystemSettingBase):
class Config:
from_attributes = True
# --- Database Management ---
class BackupInfo(BaseModel):
filename: str
size_bytes: int
created_at: datetime
class DatabaseStats(BaseModel):
backup_count: int
total_size_bytes: int
class DbSettingsUpdate(BaseModel):
retention_count: int
schedule_hour: int
schedule_freq_days: int