Build [v1.4.0] - Audit Dashboard & LDAP Restoration
This commit is contained in:
138
backend/db_manager.py
Normal file
138
backend/db_manager.py
Normal file
@@ -0,0 +1,138 @@
|
||||
import os
|
||||
import shutil
|
||||
import datetime
|
||||
import sqlite3
|
||||
import logging
|
||||
from typing import List
|
||||
from sqlalchemy import text
|
||||
from sqlalchemy.orm import Session
|
||||
from .database import DATA_DIR, engine
|
||||
from . import models, schemas
|
||||
|
||||
logger = logging.getLogger("ainventory")
|
||||
|
||||
BACKUP_DIR = os.path.join(DATA_DIR, "backups")
|
||||
os.makedirs(BACKUP_DIR, exist_ok=True)
|
||||
|
||||
class DbManager:
|
||||
@staticmethod
|
||||
def get_backup_list() -> List[schemas.BackupInfo]:
|
||||
"""List all available backup files with metadata."""
|
||||
backups = []
|
||||
if not os.path.exists(BACKUP_DIR):
|
||||
return []
|
||||
|
||||
for filename in os.listdir(BACKUP_DIR):
|
||||
if filename.endswith(".db"):
|
||||
path = os.path.join(BACKUP_DIR, filename)
|
||||
stats = os.stat(path)
|
||||
backups.append(schemas.BackupInfo(
|
||||
filename=filename,
|
||||
size_bytes=stats.st_size,
|
||||
created_at=datetime.datetime.fromtimestamp(stats.st_mtime)
|
||||
))
|
||||
|
||||
# Sort by creation time descending
|
||||
backups.sort(key=lambda x: x.created_at, reverse=True)
|
||||
return backups
|
||||
|
||||
@staticmethod
|
||||
def get_stats() -> schemas.DatabaseStats:
|
||||
"""Calculate storage statistics for backups."""
|
||||
backups = DbManager.get_backup_list()
|
||||
total_size = sum(b.size_bytes for b in backups)
|
||||
return schemas.DatabaseStats(
|
||||
backup_count=len(backups),
|
||||
total_size_bytes=total_size
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def create_backup(db: Session, label: str = "manual", user_id: int = None) -> str:
|
||||
"""
|
||||
Creates a consistent snapshot of the active database using VACUUM INTO.
|
||||
Records the action in AuditLog.
|
||||
"""
|
||||
timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
|
||||
filename = f"inventory_{label}_{timestamp}.db"
|
||||
target_path = os.path.join(BACKUP_DIR, filename)
|
||||
|
||||
try:
|
||||
# Use SQLite's VACUUM INTO for a safe, non-blocking backup
|
||||
# We need a clean string path without potential SQL injection (filenames are generated here)
|
||||
db.execute(text(f"VACUUM INTO '{target_path}'"))
|
||||
logger.info(f"[DB] Backup created successfully: {filename}")
|
||||
|
||||
# Audit Log
|
||||
audit = models.AuditLog(
|
||||
user_id=user_id,
|
||||
action="DB_BACKUP",
|
||||
details=f"Backup type: {label}. Created file: {filename}"
|
||||
)
|
||||
db.add(audit)
|
||||
db.commit()
|
||||
|
||||
# Enforce retention policy
|
||||
DbManager.enforce_retention(db)
|
||||
|
||||
return filename
|
||||
except Exception as e:
|
||||
logger.error(f"[DB] Backup failed: {str(e)}")
|
||||
db.rollback()
|
||||
raise Exception(f"Backup failed: {str(e)}")
|
||||
|
||||
@staticmethod
|
||||
def enforce_retention(db: Session):
|
||||
"""Deletes oldest backups if count exceeds retention limit."""
|
||||
try:
|
||||
# Get retention limit from settings
|
||||
limit_setting = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_retention_count").first()
|
||||
limit = int(limit_setting.value) if limit_setting else 10 # Default to 10
|
||||
|
||||
backups = DbManager.get_backup_list()
|
||||
if len(backups) > limit:
|
||||
to_delete = backups[limit:]
|
||||
for b in to_delete:
|
||||
path = os.path.join(BACKUP_DIR, b.filename)
|
||||
if os.path.exists(path):
|
||||
os.remove(path)
|
||||
logger.info(f"[DB] Retention policy: deleted old backup {b.filename}")
|
||||
except Exception as e:
|
||||
logger.error(f"[DB] Retention enforcement failed: {str(e)}")
|
||||
|
||||
@staticmethod
|
||||
def restore_backup(filename: str, db: Session, user_id: int) -> bool:
|
||||
"""
|
||||
Restores a database from a backup file.
|
||||
IMPORTANT: This replaces the primary inventory.db file.
|
||||
"""
|
||||
source_path = os.path.join(BACKUP_DIR, filename)
|
||||
active_db_path = os.path.join(DATA_DIR, "inventory.db")
|
||||
|
||||
if not os.path.exists(source_path):
|
||||
raise Exception("Backup file not found")
|
||||
|
||||
try:
|
||||
# 1. Create a safety rollback backup of current state
|
||||
logger.info("[DB] Creating safety rollback backup before restore...")
|
||||
DbManager.create_backup(db, label="rollback", user_id=user_id)
|
||||
|
||||
# 2. Close all connections (or as many as possible via pool dispose)
|
||||
# engine.dispose() drops the current connection pool
|
||||
engine.dispose()
|
||||
|
||||
# 3. Physically swap files
|
||||
# Note: shutil.copy2 handles file metadata preservation
|
||||
shutil.copy2(source_path, active_db_path)
|
||||
|
||||
logger.warning(f"[DB] RESTORE COMPLETED from {filename} by user_id={user_id}")
|
||||
|
||||
# Record the restore in the NEW database (since we just swapped it)
|
||||
# Re-initializing session logic might be needed but usually next request handles it.
|
||||
# However, for the current request, the 'db' session is still bound to the OLD file mapping possibly?
|
||||
# Actually, the file on disk is changed. Next commit might fail or work depending on how sqlite handles it.
|
||||
# It's safest to return success and let the frontend trigger a reload.
|
||||
|
||||
return True
|
||||
except Exception as e:
|
||||
logger.error(f"[DB] Restore failed: {str(e)}")
|
||||
raise Exception(f"Restore failed: {str(e)}")
|
||||
@@ -5,8 +5,9 @@ from slowapi import Limiter
|
||||
from slowapi.util import get_remote_address
|
||||
from . import models
|
||||
from .database import engine
|
||||
from .routers import items, operations, users, categories
|
||||
from .routers import items, operations, users, categories, admin_db
|
||||
from .logger import log
|
||||
from .scheduler import scheduler, sync_scheduler_config
|
||||
|
||||
# Create the database tables
|
||||
from .database import DATA_DIR, db_path
|
||||
@@ -33,7 +34,7 @@ app.add_middleware(
|
||||
CORSMiddleware,
|
||||
allow_origins=ALLOWED_ORIGINS,
|
||||
allow_credentials=True,
|
||||
allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
|
||||
allow_methods=["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
|
||||
allow_headers=["*"],
|
||||
)
|
||||
|
||||
@@ -45,6 +46,13 @@ app.include_router(items.router)
|
||||
app.include_router(operations.router)
|
||||
app.include_router(users.router)
|
||||
app.include_router(categories.router)
|
||||
app.include_router(admin_db.router)
|
||||
|
||||
@app.on_event("startup")
|
||||
def startup_event():
|
||||
log.info("[STARTUP] Starting background scheduler...")
|
||||
scheduler.start()
|
||||
sync_scheduler_config()
|
||||
|
||||
@app.get("/")
|
||||
def read_root():
|
||||
|
||||
@@ -48,7 +48,7 @@ class AuditLog(Base):
|
||||
__tablename__ = "audit_logs"
|
||||
|
||||
id = Column(Integer, primary_key=True, index=True)
|
||||
timestamp = Column(DateTime, default=datetime.datetime.utcnow)
|
||||
timestamp = Column(DateTime, default=datetime.datetime.now)
|
||||
user_id = Column(Integer, ForeignKey("users.id"))
|
||||
action = Column(String) # e.g., 'CHECK_IN', 'CHECK_OUT', 'CREATE_ITEM'
|
||||
target_item_id = Column(Integer, nullable=True)
|
||||
@@ -64,7 +64,7 @@ class Intervention(Base):
|
||||
id = Column(Integer, primary_key=True, index=True)
|
||||
name = Column(String)
|
||||
status = Column(String, default="ACTIVE")
|
||||
created_at = Column(DateTime, default=datetime.datetime.utcnow)
|
||||
created_at = Column(DateTime, default=datetime.datetime.now)
|
||||
|
||||
items = relationship("InterventionItem", back_populates="intervention")
|
||||
|
||||
@@ -78,3 +78,9 @@ class InterventionItem(Base):
|
||||
checked_out_quantity = Column(Float, default=0.0)
|
||||
|
||||
intervention = relationship("Intervention", back_populates="items")
|
||||
|
||||
class SystemSetting(Base):
|
||||
__tablename__ = "system_settings"
|
||||
|
||||
key = Column(String, primary_key=True, index=True)
|
||||
value = Column(String)
|
||||
|
||||
@@ -12,3 +12,4 @@ ldap3>=2.9.1
|
||||
passlib[bcrypt]>=1.7.4
|
||||
python-jose[cryptography]>=3.3.0
|
||||
slowapi>=0.1.9
|
||||
apscheduler>=3.10.1
|
||||
|
||||
105
backend/routers/admin_db.py
Normal file
105
backend/routers/admin_db.py
Normal file
@@ -0,0 +1,105 @@
|
||||
from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from sqlalchemy.orm import Session
|
||||
from typing import List
|
||||
from .. import models, schemas, auth
|
||||
from ..database import get_db
|
||||
from ..db_manager import DbManager
|
||||
from ..scheduler import sync_scheduler_config
|
||||
|
||||
router = APIRouter(
|
||||
prefix="/admin/db",
|
||||
tags=["Admin Database"]
|
||||
)
|
||||
|
||||
@router.get("/backups", response_model=List[schemas.BackupInfo])
|
||||
def get_backups(
|
||||
db: Session = Depends(get_db),
|
||||
current_admin: auth.TokenData = Depends(auth.get_current_admin)
|
||||
):
|
||||
"""List available database backups."""
|
||||
return DbManager.get_backup_list()
|
||||
|
||||
@router.get("/stats", response_model=schemas.DatabaseStats)
|
||||
def get_db_stats(
|
||||
db: Session = Depends(get_db),
|
||||
current_admin: auth.TokenData = Depends(auth.get_current_admin)
|
||||
):
|
||||
"""Get database backup storage statistics."""
|
||||
return DbManager.get_stats()
|
||||
|
||||
@router.post("/backup", response_model=schemas.BackupInfo)
|
||||
def trigger_manual_backup(
|
||||
db: Session = Depends(get_db),
|
||||
current_admin: auth.TokenData = Depends(auth.get_current_admin)
|
||||
):
|
||||
"""Trigger a manual database backup."""
|
||||
filename = DbManager.create_backup(db, label="manual", user_id=current_admin.sub)
|
||||
# Re-fetch the newly created file info
|
||||
backups = DbManager.get_backup_list()
|
||||
for b in backups:
|
||||
if b.filename == filename:
|
||||
return b
|
||||
raise HTTPException(status_code=500, detail="Backup created but info not found")
|
||||
|
||||
@router.post("/restore")
|
||||
def restore_database(
|
||||
payload: dict,
|
||||
db: Session = Depends(get_db),
|
||||
current_admin: auth.TokenData = Depends(auth.get_current_admin)
|
||||
):
|
||||
"""Restore database from a specific file. DANGEROUS."""
|
||||
filename = payload.get("filename")
|
||||
confirm = payload.get("confirm", False)
|
||||
|
||||
if not filename:
|
||||
raise HTTPException(status_code=400, detail="Filename required")
|
||||
if not confirm:
|
||||
raise HTTPException(status_code=400, detail="Confirmation required")
|
||||
|
||||
try:
|
||||
success = DbManager.restore_backup(filename, db, user_id=current_admin.sub)
|
||||
return {"status": "success", "message": f"Database restored from {filename}"}
|
||||
except Exception as e:
|
||||
raise HTTPException(status_code=500, detail=str(e))
|
||||
|
||||
@router.get("/settings", response_model=schemas.DbSettingsUpdate)
|
||||
def get_db_settings(
|
||||
db: Session = Depends(get_db),
|
||||
current_admin: auth.TokenData = Depends(auth.get_current_admin)
|
||||
):
|
||||
"""Get database retention and scheduling settings."""
|
||||
# Ensure default settings exist
|
||||
retention = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_retention_count").first()
|
||||
hour = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_schedule_hour").first()
|
||||
freq = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_schedule_freq_days").first()
|
||||
|
||||
return {
|
||||
"retention_count": int(retention.value) if retention else 10,
|
||||
"schedule_hour": int(hour.value) if hour else 3,
|
||||
"schedule_freq_days": int(freq.value) if freq else 1
|
||||
}
|
||||
|
||||
@router.patch("/settings", response_model=schemas.DbSettingsUpdate)
|
||||
def update_db_settings(
|
||||
settings: schemas.DbSettingsUpdate,
|
||||
db: Session = Depends(get_db),
|
||||
current_admin: auth.TokenData = Depends(auth.get_current_admin)
|
||||
):
|
||||
"""Update database settings and re-trigger scheduler sync."""
|
||||
pairs = {
|
||||
"backup_retention_count": str(settings.retention_count),
|
||||
"backup_schedule_hour": str(settings.schedule_hour),
|
||||
"backup_schedule_freq_days": str(settings.schedule_freq_days)
|
||||
}
|
||||
|
||||
for key, val in pairs.items():
|
||||
existing = db.query(models.SystemSetting).filter(models.SystemSetting.key == key).first()
|
||||
if existing:
|
||||
existing.value = val
|
||||
else:
|
||||
db.add(models.SystemSetting(key=key, value=val))
|
||||
|
||||
db.commit()
|
||||
# Re-trigger scheduler sync
|
||||
sync_scheduler_config()
|
||||
return settings
|
||||
@@ -143,11 +143,20 @@ def delete_item(
|
||||
db: Session = Depends(get_db),
|
||||
current_user: auth.TokenData = Depends(auth.get_current_user)
|
||||
):
|
||||
"""[C-01] Delete item — only for authenticated users."""
|
||||
"""[C-01] Delete item — only for authenticated users. InterventionItems are cleared; AuditLogs are KEPT for history."""
|
||||
db_item = db.query(models.Item).filter(models.Item.id == item_id).first()
|
||||
if not db_item:
|
||||
raise HTTPException(status_code=404, detail="Item not found")
|
||||
|
||||
# [AUDIT] Log the deletion to disk file via logger.py
|
||||
from ..logger import log
|
||||
log.warning(f"USER[{current_user.sub}] DELETING ITEM: ID={item_id}, Name={db_item.name}, PN={db_item.part_number}")
|
||||
|
||||
# [CLEANUP] Delete related InterventionItems to prevent foreign key issues
|
||||
db.query(models.InterventionItem).filter(models.InterventionItem.item_id == item_id).delete()
|
||||
|
||||
# Audit Logs in database are NOT deleted here to preserve history of actions
|
||||
|
||||
db.delete(db_item)
|
||||
db.commit()
|
||||
return {"message": "Item deleted successfully"}
|
||||
return {"message": "Item deleted successfully. History logs preserved."}
|
||||
|
||||
46
backend/scheduler.py
Normal file
46
backend/scheduler.py
Normal file
@@ -0,0 +1,46 @@
|
||||
from apscheduler.schedulers.background import BackgroundScheduler
|
||||
from apscheduler.triggers.cron import CronTrigger
|
||||
from .database import SessionLocal
|
||||
from .db_manager import DbManager
|
||||
from . import models
|
||||
import logging
|
||||
|
||||
log = logging.getLogger("ainventory")
|
||||
scheduler = BackgroundScheduler()
|
||||
|
||||
def scheduled_backup_job():
|
||||
"""System triggered automated backup."""
|
||||
db = SessionLocal()
|
||||
try:
|
||||
log.info("[SCHEDULER] Starting automated backup job...")
|
||||
DbManager.create_backup(db, label="auto", user_id=None)
|
||||
except Exception as e:
|
||||
log.error(f"[SCHEDULER] Automated backup failed: {str(e)}")
|
||||
finally:
|
||||
db.close()
|
||||
|
||||
def sync_scheduler_config():
|
||||
"""Read DB settings and update the scheduler job."""
|
||||
db = SessionLocal()
|
||||
try:
|
||||
hour_s = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_schedule_hour").first()
|
||||
freq_s = db.query(models.SystemSetting).filter(models.SystemSetting.key == "backup_schedule_freq_days").first()
|
||||
|
||||
hour = int(hour_s.value) if hour_s else 3
|
||||
freq = int(freq_s.value) if freq_s else 1
|
||||
|
||||
# Remove existing backup jobs to avoid duplicates
|
||||
for job in scheduler.get_jobs():
|
||||
if job.id == "auto_backup":
|
||||
scheduler.remove_job(job.id)
|
||||
|
||||
# Add job with cron trigger: trigger at 'hour' every 'freq' days
|
||||
# Use day='*/freq' for intervals in days
|
||||
trigger = CronTrigger(hour=hour, minute=0, day=f"*/{freq}")
|
||||
scheduler.add_job(scheduled_backup_job, trigger, id="auto_backup")
|
||||
|
||||
log.info(f"[SCHEDULER] Policy synced: Every {freq} days at {hour:02d}:00")
|
||||
except Exception as e:
|
||||
log.error(f"[SCHEDULER] Failed to sync config: {str(e)}")
|
||||
finally:
|
||||
db.close()
|
||||
@@ -116,3 +116,27 @@ class AuditLogResponse(BaseModel):
|
||||
|
||||
class Config:
|
||||
from_attributes = True
|
||||
|
||||
# --- System Settings ---
|
||||
class SystemSettingBase(BaseModel):
|
||||
key: str
|
||||
value: str
|
||||
|
||||
class SystemSetting(SystemSettingBase):
|
||||
class Config:
|
||||
from_attributes = True
|
||||
|
||||
# --- Database Management ---
|
||||
class BackupInfo(BaseModel):
|
||||
filename: str
|
||||
size_bytes: int
|
||||
created_at: datetime
|
||||
|
||||
class DatabaseStats(BaseModel):
|
||||
backup_count: int
|
||||
total_size_bytes: int
|
||||
|
||||
class DbSettingsUpdate(BaseModel):
|
||||
retention_count: int
|
||||
schedule_hour: int
|
||||
schedule_freq_days: int
|
||||
|
||||
Reference in New Issue
Block a user