From 52388e0c03e815398da737d855c429f4a4234d80 Mon Sep 17 00:00:00 2001 From: mdrozdovz Date: Tue, 17 Sep 2024 13:24:16 +0300 Subject: [PATCH 1/5] Added support for password-protected ZIP files --- LICENSE | 4 ++-- README.md | 3 +++ docker/Dockerfile | 2 +- docker/Dockerfile.cicd | 2 +- docker/Dockerfile.dev | 2 +- docker/compose.dev.yaml | 4 ++++ go.mod | 1 + go.sum | 2 ++ internal/config/env.go | 5 +++++ internal/integration/postgres/postgres.go | 22 +++++++++++++++++++--- 10 files changed, 39 insertions(+), 8 deletions(-) diff --git a/LICENSE b/LICENSE index 05520d9..894ee77 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ -MIT License +The MIT License (MIT) -Copyright (c) 2024 Luis Eduardo +Copyright (c) 2016 Andrey Nering Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 3a6b687..3dc2ebd 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ services: - ./backups:/backups # If you only use S3 destinations, you don't need this volume environment: PBW_ENCRYPTION_KEY: "my_secret_key" # Change this to a strong key + PBW_BACKUP_PASSWORD: "zip_password" # Optional password for ZIP files (both local and S3) PBW_POSTGRES_CONN_STRING: "postgresql://postgres:password@postgres:5432/pgbackweb?sslmode=disable" TZ: "America/Guatemala" # Set your timezone, optional depends_on: @@ -97,6 +98,8 @@ You only need to configure the following environment variables: - `PBW_ENCRYPTION_KEY`: Your encryption key. Generate a strong one and store it in a safe place, as PG Back Web uses it to encrypt sensitive data. +- `PBW_BACKUP_PASSWORD`: (Optional) Password to protect ZIP files for both local and remote backups. Once password changes, old backups won't be available for restoration. + - `PBW_POSTGRES_CONN_STRING`: The connection string for the PostgreSQL database that will store PG Back Web data. - `TZ`: Your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List) (optional). Default is `UTC`. This impacts logging, backup filenames and default timezone in the web interface. diff --git a/docker/Dockerfile b/docker/Dockerfile index 04ec841..d1f8e12 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget unzip tzdata git \ + wget p7zip-full tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/Dockerfile.cicd b/docker/Dockerfile.cicd index 55078b7..9ed5a4d 100644 --- a/docker/Dockerfile.cicd +++ b/docker/Dockerfile.cicd @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget unzip tzdata git \ + wget p7zip-full tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev index 03f10a7..8828d5e 100644 --- a/docker/Dockerfile.dev +++ b/docker/Dockerfile.dev @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget unzip tzdata git \ + wget p7zip-full tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/compose.dev.yaml b/docker/compose.dev.yaml index 3b9722f..18262b8 100644 --- a/docker/compose.dev.yaml +++ b/docker/compose.dev.yaml @@ -8,6 +8,10 @@ services: dockerfile: ./docker/Dockerfile.dev ports: - "8085:8085" + environment: + PBW_ENCRYPTION_KEY: "my_secret_key" # Change this to a strong key + PBW_BACKUP_PASSWORD: "testpassword" + PBW_POSTGRES_CONN_STRING: "postgresql://postgres:password@postgres:5432/pgbackweb?sslmode=disable" volumes: - ../:/app - pbw_vol_app_ssh:/root/.ssh diff --git a/go.mod b/go.mod index 86f45f6..876b8fe 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/maragudk/gomponents v0.20.4 github.com/orsinium-labs/enum v1.4.0 github.com/stretchr/testify v1.9.0 + github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0 golang.org/x/crypto v0.25.0 golang.org/x/sync v0.7.0 ) diff --git a/go.sum b/go.sum index 9218e57..99e71ef 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ github.com/adhocore/gronx v1.8.1 h1:F2mLTG5sB11z7vplwD4iydz3YCEjstSfYmCrdSm3t6A= github.com/adhocore/gronx v1.8.1/go.mod h1:7oUY1WAU8rEJWmAxXR2DN0JaO4gi9khSgKjiRypqteg= +github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0 h1:BVts5dexXf4i+JX8tXlKT0aKoi38JwTXSe+3WUneX0k= +github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0/go.mod h1:FDIQmoMNJJl5/k7upZEnGvgWVZfFeE6qHeN7iCMbCsA= github.com/aws/aws-sdk-go v1.54.20 h1:FZ2UcXya7bUkvkpf7TaPmiL7EubK0go1nlXGLRwEsoo= github.com/aws/aws-sdk-go v1.54.20/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= diff --git a/internal/config/env.go b/internal/config/env.go index e8a0167..85a77bf 100644 --- a/internal/config/env.go +++ b/internal/config/env.go @@ -7,6 +7,7 @@ import ( type Env struct { PBW_ENCRYPTION_KEY *string + PBW_BACKUP_PASSWORD *string PBW_POSTGRES_CONN_STRING *string } @@ -26,6 +27,10 @@ func GetEnv(disableLogs ...bool) *Env { name: "PBW_ENCRYPTION_KEY", isRequired: true, }), + PBW_BACKUP_PASSWORD: getEnvAsString(getEnvAsStringParams{ + name: "PBW_BACKUP_PASSWORD", + isRequired: false, + }), PBW_POSTGRES_CONN_STRING: getEnvAsString(getEnvAsStringParams{ name: "PBW_POSTGRES_CONN_STRING", isRequired: true, diff --git a/internal/integration/postgres/postgres.go b/internal/integration/postgres/postgres.go index 7672911..2c8641d 100644 --- a/internal/integration/postgres/postgres.go +++ b/internal/integration/postgres/postgres.go @@ -1,13 +1,14 @@ package postgres import ( - "archive/zip" "bytes" "fmt" + "github.com/alexmullins/zip" "io" "os" "os/exec" + "github.com/eduardolat/pgbackweb/internal/config" "github.com/eduardolat/pgbackweb/internal/util/strutil" "github.com/orsinium-labs/enum" ) @@ -176,6 +177,7 @@ func (c *Client) DumpZip( ) io.Reader { dumpReader := c.Dump(version, connString, params...) reader, writer := io.Pipe() + env := config.GetEnv() go func() { defer writer.Close() @@ -183,7 +185,15 @@ func (c *Client) DumpZip( zipWriter := zip.NewWriter(writer) defer zipWriter.Close() - fileWriter, err := zipWriter.Create("dump.sql") + var fileWriter io.Writer + var err error + + if env.PBW_BACKUP_PASSWORD != nil { + fileWriter, err = zipWriter.Encrypt("dump.sql", *env.PBW_BACKUP_PASSWORD) + } else { + fileWriter, err = zipWriter.Create("dump.sql") + } + if err != nil { writer.CloseWithError(fmt.Errorf("error creating zip file: %w", err)) return @@ -210,6 +220,7 @@ func (c *Client) DumpZip( func (Client) RestoreZip( version PGVersion, connString string, isLocal bool, zipURLOrPath string, ) error { + env := config.GetEnv() workDir, err := os.MkdirTemp("", "pbw-restore-*") if err != nil { return fmt.Errorf("error creating temp dir: %w", err) @@ -238,7 +249,12 @@ func (Client) RestoreZip( return fmt.Errorf("zip file not found: %s", zipPath) } - cmd := exec.Command("unzip", "-o", zipPath, "dump.sql", "-d", workDir) + var cmd *exec.Cmd + if env.PBW_BACKUP_PASSWORD != nil { + cmd = exec.Command("7z", "x", "-p"+*env.PBW_BACKUP_PASSWORD, "-o"+workDir, zipPath) + } else { + cmd = exec.Command("7z", "x", "-o"+workDir, zipPath) + } output, err := cmd.CombinedOutput() if err != nil { return fmt.Errorf("error unzipping ZIP file: %s", output) From d32d5349a6ab05b4faa50367eff31bbd33b05237 Mon Sep 17 00:00:00 2001 From: mdrozdovz Date: Tue, 17 Sep 2024 14:06:59 +0300 Subject: [PATCH 2/5] Updated .env files --- .env.dev | 4 ++++ .env.example | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.env.dev b/.env.dev index 37d7ced..52d97dc 100644 --- a/.env.dev +++ b/.env.dev @@ -9,6 +9,10 @@ # in the database such as database credentials, secret keys, etc. PBW_ENCRYPTION_KEY="encryption-key" +# Password for encrypting ZIP files. Applied after getting output of `psql_dump`, +# so works for both local and remote destinations. +PBW_BACKUP_PASSWORD="test-password" + # Database connection string for a PostgreSQL database where the pgbackweb # will store its data. PBW_POSTGRES_CONN_STRING="postgresql://postgres:password@host.docker.internal:5432/pgbackweb?sslmode=disable" diff --git a/.env.example b/.env.example index 3268943..f23c66b 100644 --- a/.env.example +++ b/.env.example @@ -2,6 +2,10 @@ # in the database such as database credentials, secret keys, etc. PBW_ENCRYPTION_KEY="" +# Password for encrypting ZIP files. Applied after getting output of `psql_dump`, +# so works for both local and remote destinations. +PBW_BACKUP_PASSWORD="" + # Database connection string for a PostgreSQL database where the pgbackweb # will store its data. PBW_POSTGRES_CONN_STRING="" From e2c1fb51e56ae11c7cd0505cb2c0fe18927fb128 Mon Sep 17 00:00:00 2001 From: mdrozdovz Date: Tue, 17 Sep 2024 14:12:31 +0300 Subject: [PATCH 3/5] Revert "Added support for password-protected ZIP files" This reverts commit 52388e0c03e815398da737d855c429f4a4234d80. --- LICENSE | 4 ++-- README.md | 3 --- docker/Dockerfile | 2 +- docker/Dockerfile.cicd | 2 +- docker/Dockerfile.dev | 2 +- docker/compose.dev.yaml | 4 ---- go.mod | 1 - go.sum | 2 -- internal/config/env.go | 5 ----- internal/integration/postgres/postgres.go | 22 +++------------------- 10 files changed, 8 insertions(+), 39 deletions(-) diff --git a/LICENSE b/LICENSE index 894ee77..05520d9 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ -The MIT License (MIT) +MIT License -Copyright (c) 2016 Andrey Nering +Copyright (c) 2024 Luis Eduardo Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 3dc2ebd..3a6b687 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,6 @@ services: - ./backups:/backups # If you only use S3 destinations, you don't need this volume environment: PBW_ENCRYPTION_KEY: "my_secret_key" # Change this to a strong key - PBW_BACKUP_PASSWORD: "zip_password" # Optional password for ZIP files (both local and S3) PBW_POSTGRES_CONN_STRING: "postgresql://postgres:password@postgres:5432/pgbackweb?sslmode=disable" TZ: "America/Guatemala" # Set your timezone, optional depends_on: @@ -98,8 +97,6 @@ You only need to configure the following environment variables: - `PBW_ENCRYPTION_KEY`: Your encryption key. Generate a strong one and store it in a safe place, as PG Back Web uses it to encrypt sensitive data. -- `PBW_BACKUP_PASSWORD`: (Optional) Password to protect ZIP files for both local and remote backups. Once password changes, old backups won't be available for restoration. - - `PBW_POSTGRES_CONN_STRING`: The connection string for the PostgreSQL database that will store PG Back Web data. - `TZ`: Your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List) (optional). Default is `UTC`. This impacts logging, backup filenames and default timezone in the web interface. diff --git a/docker/Dockerfile b/docker/Dockerfile index d1f8e12..04ec841 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget p7zip-full tzdata git \ + wget unzip tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/Dockerfile.cicd b/docker/Dockerfile.cicd index 9ed5a4d..55078b7 100644 --- a/docker/Dockerfile.cicd +++ b/docker/Dockerfile.cicd @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget p7zip-full tzdata git \ + wget unzip tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev index 8828d5e..03f10a7 100644 --- a/docker/Dockerfile.dev +++ b/docker/Dockerfile.dev @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget p7zip-full tzdata git \ + wget unzip tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/compose.dev.yaml b/docker/compose.dev.yaml index 18262b8..3b9722f 100644 --- a/docker/compose.dev.yaml +++ b/docker/compose.dev.yaml @@ -8,10 +8,6 @@ services: dockerfile: ./docker/Dockerfile.dev ports: - "8085:8085" - environment: - PBW_ENCRYPTION_KEY: "my_secret_key" # Change this to a strong key - PBW_BACKUP_PASSWORD: "testpassword" - PBW_POSTGRES_CONN_STRING: "postgresql://postgres:password@postgres:5432/pgbackweb?sslmode=disable" volumes: - ../:/app - pbw_vol_app_ssh:/root/.ssh diff --git a/go.mod b/go.mod index 876b8fe..86f45f6 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,6 @@ require ( github.com/maragudk/gomponents v0.20.4 github.com/orsinium-labs/enum v1.4.0 github.com/stretchr/testify v1.9.0 - github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0 golang.org/x/crypto v0.25.0 golang.org/x/sync v0.7.0 ) diff --git a/go.sum b/go.sum index 99e71ef..9218e57 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,5 @@ github.com/adhocore/gronx v1.8.1 h1:F2mLTG5sB11z7vplwD4iydz3YCEjstSfYmCrdSm3t6A= github.com/adhocore/gronx v1.8.1/go.mod h1:7oUY1WAU8rEJWmAxXR2DN0JaO4gi9khSgKjiRypqteg= -github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0 h1:BVts5dexXf4i+JX8tXlKT0aKoi38JwTXSe+3WUneX0k= -github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0/go.mod h1:FDIQmoMNJJl5/k7upZEnGvgWVZfFeE6qHeN7iCMbCsA= github.com/aws/aws-sdk-go v1.54.20 h1:FZ2UcXya7bUkvkpf7TaPmiL7EubK0go1nlXGLRwEsoo= github.com/aws/aws-sdk-go v1.54.20/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= diff --git a/internal/config/env.go b/internal/config/env.go index 85a77bf..e8a0167 100644 --- a/internal/config/env.go +++ b/internal/config/env.go @@ -7,7 +7,6 @@ import ( type Env struct { PBW_ENCRYPTION_KEY *string - PBW_BACKUP_PASSWORD *string PBW_POSTGRES_CONN_STRING *string } @@ -27,10 +26,6 @@ func GetEnv(disableLogs ...bool) *Env { name: "PBW_ENCRYPTION_KEY", isRequired: true, }), - PBW_BACKUP_PASSWORD: getEnvAsString(getEnvAsStringParams{ - name: "PBW_BACKUP_PASSWORD", - isRequired: false, - }), PBW_POSTGRES_CONN_STRING: getEnvAsString(getEnvAsStringParams{ name: "PBW_POSTGRES_CONN_STRING", isRequired: true, diff --git a/internal/integration/postgres/postgres.go b/internal/integration/postgres/postgres.go index 2c8641d..7672911 100644 --- a/internal/integration/postgres/postgres.go +++ b/internal/integration/postgres/postgres.go @@ -1,14 +1,13 @@ package postgres import ( + "archive/zip" "bytes" "fmt" - "github.com/alexmullins/zip" "io" "os" "os/exec" - "github.com/eduardolat/pgbackweb/internal/config" "github.com/eduardolat/pgbackweb/internal/util/strutil" "github.com/orsinium-labs/enum" ) @@ -177,7 +176,6 @@ func (c *Client) DumpZip( ) io.Reader { dumpReader := c.Dump(version, connString, params...) reader, writer := io.Pipe() - env := config.GetEnv() go func() { defer writer.Close() @@ -185,15 +183,7 @@ func (c *Client) DumpZip( zipWriter := zip.NewWriter(writer) defer zipWriter.Close() - var fileWriter io.Writer - var err error - - if env.PBW_BACKUP_PASSWORD != nil { - fileWriter, err = zipWriter.Encrypt("dump.sql", *env.PBW_BACKUP_PASSWORD) - } else { - fileWriter, err = zipWriter.Create("dump.sql") - } - + fileWriter, err := zipWriter.Create("dump.sql") if err != nil { writer.CloseWithError(fmt.Errorf("error creating zip file: %w", err)) return @@ -220,7 +210,6 @@ func (c *Client) DumpZip( func (Client) RestoreZip( version PGVersion, connString string, isLocal bool, zipURLOrPath string, ) error { - env := config.GetEnv() workDir, err := os.MkdirTemp("", "pbw-restore-*") if err != nil { return fmt.Errorf("error creating temp dir: %w", err) @@ -249,12 +238,7 @@ func (Client) RestoreZip( return fmt.Errorf("zip file not found: %s", zipPath) } - var cmd *exec.Cmd - if env.PBW_BACKUP_PASSWORD != nil { - cmd = exec.Command("7z", "x", "-p"+*env.PBW_BACKUP_PASSWORD, "-o"+workDir, zipPath) - } else { - cmd = exec.Command("7z", "x", "-o"+workDir, zipPath) - } + cmd := exec.Command("unzip", "-o", zipPath, "dump.sql", "-d", workDir) output, err := cmd.CombinedOutput() if err != nil { return fmt.Errorf("error unzipping ZIP file: %s", output) From 26b28160d07cf312b1ad1ab2b036e8ce13e9ffbc Mon Sep 17 00:00:00 2001 From: mdrozdovz Date: Tue, 17 Sep 2024 14:13:31 +0300 Subject: [PATCH 4/5] Reapply "Added support for password-protected ZIP files" This reverts commit e2c1fb51e56ae11c7cd0505cb2c0fe18927fb128. --- LICENSE | 4 ++-- README.md | 3 +++ docker/Dockerfile | 2 +- docker/Dockerfile.cicd | 2 +- docker/Dockerfile.dev | 2 +- docker/compose.dev.yaml | 4 ++++ go.mod | 1 + go.sum | 2 ++ internal/config/env.go | 5 +++++ internal/integration/postgres/postgres.go | 22 +++++++++++++++++++--- 10 files changed, 39 insertions(+), 8 deletions(-) diff --git a/LICENSE b/LICENSE index 05520d9..894ee77 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ -MIT License +The MIT License (MIT) -Copyright (c) 2024 Luis Eduardo +Copyright (c) 2016 Andrey Nering Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 3a6b687..3dc2ebd 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ services: - ./backups:/backups # If you only use S3 destinations, you don't need this volume environment: PBW_ENCRYPTION_KEY: "my_secret_key" # Change this to a strong key + PBW_BACKUP_PASSWORD: "zip_password" # Optional password for ZIP files (both local and S3) PBW_POSTGRES_CONN_STRING: "postgresql://postgres:password@postgres:5432/pgbackweb?sslmode=disable" TZ: "America/Guatemala" # Set your timezone, optional depends_on: @@ -97,6 +98,8 @@ You only need to configure the following environment variables: - `PBW_ENCRYPTION_KEY`: Your encryption key. Generate a strong one and store it in a safe place, as PG Back Web uses it to encrypt sensitive data. +- `PBW_BACKUP_PASSWORD`: (Optional) Password to protect ZIP files for both local and remote backups. Once password changes, old backups won't be available for restoration. + - `PBW_POSTGRES_CONN_STRING`: The connection string for the PostgreSQL database that will store PG Back Web data. - `TZ`: Your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List) (optional). Default is `UTC`. This impacts logging, backup filenames and default timezone in the web interface. diff --git a/docker/Dockerfile b/docker/Dockerfile index 04ec841..d1f8e12 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget unzip tzdata git \ + wget p7zip-full tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/Dockerfile.cicd b/docker/Dockerfile.cicd index 55078b7..9ed5a4d 100644 --- a/docker/Dockerfile.cicd +++ b/docker/Dockerfile.cicd @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget unzip tzdata git \ + wget p7zip-full tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev index 03f10a7..8828d5e 100644 --- a/docker/Dockerfile.dev +++ b/docker/Dockerfile.dev @@ -22,7 +22,7 @@ COPY --from=golang /usr/local/go /usr/local/go RUN apt update && apt install -y postgresql-common && \ /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ apt update && apt install -y \ - wget unzip tzdata git \ + wget p7zip-full tzdata git \ postgresql-client-13 postgresql-client-14 \ postgresql-client-15 postgresql-client-16 && \ rm -rf /var/lib/apt/lists/* diff --git a/docker/compose.dev.yaml b/docker/compose.dev.yaml index 3b9722f..18262b8 100644 --- a/docker/compose.dev.yaml +++ b/docker/compose.dev.yaml @@ -8,6 +8,10 @@ services: dockerfile: ./docker/Dockerfile.dev ports: - "8085:8085" + environment: + PBW_ENCRYPTION_KEY: "my_secret_key" # Change this to a strong key + PBW_BACKUP_PASSWORD: "testpassword" + PBW_POSTGRES_CONN_STRING: "postgresql://postgres:password@postgres:5432/pgbackweb?sslmode=disable" volumes: - ../:/app - pbw_vol_app_ssh:/root/.ssh diff --git a/go.mod b/go.mod index 86f45f6..876b8fe 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/maragudk/gomponents v0.20.4 github.com/orsinium-labs/enum v1.4.0 github.com/stretchr/testify v1.9.0 + github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0 golang.org/x/crypto v0.25.0 golang.org/x/sync v0.7.0 ) diff --git a/go.sum b/go.sum index 9218e57..99e71ef 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ github.com/adhocore/gronx v1.8.1 h1:F2mLTG5sB11z7vplwD4iydz3YCEjstSfYmCrdSm3t6A= github.com/adhocore/gronx v1.8.1/go.mod h1:7oUY1WAU8rEJWmAxXR2DN0JaO4gi9khSgKjiRypqteg= +github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0 h1:BVts5dexXf4i+JX8tXlKT0aKoi38JwTXSe+3WUneX0k= +github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0/go.mod h1:FDIQmoMNJJl5/k7upZEnGvgWVZfFeE6qHeN7iCMbCsA= github.com/aws/aws-sdk-go v1.54.20 h1:FZ2UcXya7bUkvkpf7TaPmiL7EubK0go1nlXGLRwEsoo= github.com/aws/aws-sdk-go v1.54.20/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= diff --git a/internal/config/env.go b/internal/config/env.go index e8a0167..85a77bf 100644 --- a/internal/config/env.go +++ b/internal/config/env.go @@ -7,6 +7,7 @@ import ( type Env struct { PBW_ENCRYPTION_KEY *string + PBW_BACKUP_PASSWORD *string PBW_POSTGRES_CONN_STRING *string } @@ -26,6 +27,10 @@ func GetEnv(disableLogs ...bool) *Env { name: "PBW_ENCRYPTION_KEY", isRequired: true, }), + PBW_BACKUP_PASSWORD: getEnvAsString(getEnvAsStringParams{ + name: "PBW_BACKUP_PASSWORD", + isRequired: false, + }), PBW_POSTGRES_CONN_STRING: getEnvAsString(getEnvAsStringParams{ name: "PBW_POSTGRES_CONN_STRING", isRequired: true, diff --git a/internal/integration/postgres/postgres.go b/internal/integration/postgres/postgres.go index 7672911..2c8641d 100644 --- a/internal/integration/postgres/postgres.go +++ b/internal/integration/postgres/postgres.go @@ -1,13 +1,14 @@ package postgres import ( - "archive/zip" "bytes" "fmt" + "github.com/alexmullins/zip" "io" "os" "os/exec" + "github.com/eduardolat/pgbackweb/internal/config" "github.com/eduardolat/pgbackweb/internal/util/strutil" "github.com/orsinium-labs/enum" ) @@ -176,6 +177,7 @@ func (c *Client) DumpZip( ) io.Reader { dumpReader := c.Dump(version, connString, params...) reader, writer := io.Pipe() + env := config.GetEnv() go func() { defer writer.Close() @@ -183,7 +185,15 @@ func (c *Client) DumpZip( zipWriter := zip.NewWriter(writer) defer zipWriter.Close() - fileWriter, err := zipWriter.Create("dump.sql") + var fileWriter io.Writer + var err error + + if env.PBW_BACKUP_PASSWORD != nil { + fileWriter, err = zipWriter.Encrypt("dump.sql", *env.PBW_BACKUP_PASSWORD) + } else { + fileWriter, err = zipWriter.Create("dump.sql") + } + if err != nil { writer.CloseWithError(fmt.Errorf("error creating zip file: %w", err)) return @@ -210,6 +220,7 @@ func (c *Client) DumpZip( func (Client) RestoreZip( version PGVersion, connString string, isLocal bool, zipURLOrPath string, ) error { + env := config.GetEnv() workDir, err := os.MkdirTemp("", "pbw-restore-*") if err != nil { return fmt.Errorf("error creating temp dir: %w", err) @@ -238,7 +249,12 @@ func (Client) RestoreZip( return fmt.Errorf("zip file not found: %s", zipPath) } - cmd := exec.Command("unzip", "-o", zipPath, "dump.sql", "-d", workDir) + var cmd *exec.Cmd + if env.PBW_BACKUP_PASSWORD != nil { + cmd = exec.Command("7z", "x", "-p"+*env.PBW_BACKUP_PASSWORD, "-o"+workDir, zipPath) + } else { + cmd = exec.Command("7z", "x", "-o"+workDir, zipPath) + } output, err := cmd.CombinedOutput() if err != nil { return fmt.Errorf("error unzipping ZIP file: %s", output) From 4200bcb3936d91545b1a558f6bb63a50caa5204b Mon Sep 17 00:00:00 2001 From: mdrozdovz Date: Tue, 17 Sep 2024 14:15:17 +0300 Subject: [PATCH 5/5] Reverted accidental LICENSE changes --- LICENSE | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/LICENSE b/LICENSE index 894ee77..05520d9 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ -The MIT License (MIT) +MIT License -Copyright (c) 2016 Andrey Nering +Copyright (c) 2024 Luis Eduardo Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal