projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c79bfe84ec41d4843236a572be69af281442213b
edgeguard-native/internal/services/backup/remote/remote.go
Debian 27ac7b53fc feat(backup): Off-Site-Upload nach S3 + SFTP 
Schutz gegen Box-Total-Loss — lokale Backups in /var/backups/edgeguard
helfen nicht, wenn die Disk stirbt oder die Box brennt. Nach jedem
erfolgreichen lokalen Backup wird die tar.gz an alle aktiven
Off-Site-Ziele hochgeladen.

Migration 0022: backup_remotes (kind=s3|sftp, target_url, settings
JSONB, active, last_upload_at, last_error) + backups.remote_uploads
JSONB (per-Target-Result).

internal/services/backup/remote/:
  - UploadAll() — pro aktivem Target ein Upload, Failures non-fatal
  - S3 via minio-go/v7 — funktioniert mit AWS, MinIO, Backblaze B2,
    Cloudflare R2, Hetzner Object Storage (alle S3-API-kompatibel)
  - SFTP via golang.org/x/crypto/ssh + pkg/sftp. Password + Private-
    Key (OpenSSH, base64-encoded) als Auth. Optional host_key_
    fingerprint-Pinning (SHA256:...); leer = TOFU (unsicher vs MitM,
    OK für initial setup).
  - Test() lädt eine 1KB-Probe + löscht sie wieder — Operator-UI hat
    einen „Verbindung testen"-Button.

backup.Service.RemoteUploader-Interface: nach erfolgreichem
recordSuccess() läuft UploadAll, Results landen in backups.remote_
uploads JSONB. last_upload_at/last_error in backup_remotes pro Target
gepflegt. API + Scheduler injizieren beide den Adapter.

internal/handlers/backup_remotes.go: CRUD + POST /:id/test. Sensitive
Felder (secret_key, password, private_key) werden in GET-Responses
durch ***SET*** maskiert; UpdateChannel merged das zurück damit der
Operator bei Edit ohne Re-Eingabe speichern kann.

UI: Backups-Page jetzt mit Tabs "Sicherungen" + "Off-Site-Ziele".
Tab 2 hat CRUD-Tabelle mit kind-konditionalem Form (S3-Felder oder
SFTP-Felder), Test-Button pro Row, last_upload-Status mit FAIL-Tag
bei Errors.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 18:49:02 +02:00

343 lines
10 KiB
Go
Raw Blame History

// Package remote uploads Backup-Tarballs in Off-Site-Targets (S3 +
// SFTP). Wird vom backup.Service nach erfolgreichem Local-Backup
// aufgerufen, einmal pro aktivem backup_remotes-Eintrag.
package remote
import (
"context"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"io"
"net"
"os"
"path/filepath"
"strings"
"time"
"github.com/jackc/pgx/v5/pgxpool"
"github.com/minio/minio-go/v7"
miniocred "github.com/minio/minio-go/v7/pkg/credentials"
"github.com/pkg/sftp"
"golang.org/x/crypto/ssh"
)
type Kind string
const (
KindS3 Kind = "s3"
KindSFTP Kind = "sftp"
)
// Target ist eine Row aus backup_remotes.
type Target struct {
ID int64 `json:"id"`
Name string `json:"name"`
Kind Kind `json:"kind"`
TargetURL string `json:"target_url"`
Settings json.RawMessage `json:"settings"`
Active bool `json:"active"`
LastUpload *time.Time `json:"last_upload_at,omitempty"`
LastError *string `json:"last_error,omitempty"`
}
// S3Settings: alle minio-go-Config-Felder. Funktioniert mit AWS S3,
// MinIO, Backblaze B2, Cloudflare R2, Hetzner Object Storage.
type S3Settings struct {
Endpoint string `json:"endpoint"` // s3.amazonaws.com / minio.example.com:9000
Region string `json:"region"` // "eu-central-1" / "auto" (R2)
Bucket string `json:"bucket"`
AccessKey string `json:"access_key"`
SecretKey string `json:"secret_key"`
PathPrefix string `json:"path_prefix"` // "edgeguard/utm-1/" — vor jedem Filename
UseSSL bool `json:"use_ssl"`
}
// SFTPSettings — klassisches SSH/SFTP.
type SFTPSettings struct {
Host string `json:"host"`
Port int `json:"port"`
Username string `json:"username"`
Password string `json:"password,omitempty"`
PrivateKeyB64 string `json:"private_key,omitempty"` // OpenSSH-Privkey, base64
RemoteDir string `json:"remote_dir"` // /var/backups/edgeguard
HostKeyFingerprint string `json:"host_key_fingerprint,omitempty"` // "SHA256:..." optional
}
// UploadResult landet pro Target in backups.remote_uploads.
type UploadResult struct {
RemoteID int64 `json:"remote_id"`
RemoteName string `json:"remote_name"`
OK bool `json:"ok"`
SizeBytes int64 `json:"size,omitempty"`
DurationMs int64 `json:"duration_ms"`
Error string `json:"error,omitempty"`
}
type Service struct {
Pool *pgxpool.Pool
}
func New(pool *pgxpool.Pool) *Service { return &Service{Pool: pool} }
// ListActive holt alle aktiven Targets.
func (s *Service) ListActive(ctx context.Context) ([]Target, error) {
rows, err := s.Pool.Query(ctx, `
SELECT id, name, kind, target_url, settings, active, last_upload_at, last_error
FROM backup_remotes WHERE active = TRUE ORDER BY id ASC`)
if err != nil {
return nil, err
}
defer rows.Close()
out := []Target{}
for rows.Next() {
var t Target
if err := rows.Scan(&t.ID, &t.Name, &t.Kind, &t.TargetURL,
&t.Settings, &t.Active, &t.LastUpload, &t.LastError); err != nil {
return nil, err
}
out = append(out, t)
}
return out, rows.Err()
}
// UploadAll lädt das File in alle aktiven Targets. Eine Upload-Failure
// blockiert nicht die anderen. Returns Result-Liste pro Target.
func (s *Service) UploadAll(ctx context.Context, localPath string) ([]UploadResult, error) {
targets, err := s.ListActive(ctx)
if err != nil {
return nil, err
}
out := make([]UploadResult, 0, len(targets))
for _, t := range targets {
r := s.uploadOne(ctx, t, localPath)
out = append(out, r)
// last_upload_at / last_error in backup_remotes pflegen.
s.markResult(ctx, t.ID, r)
}
return out, nil
}
func (s *Service) markResult(ctx context.Context, id int64, r UploadResult) {
if r.OK {
_, _ = s.Pool.Exec(ctx, `
UPDATE backup_remotes SET last_upload_at = NOW(), last_error = NULL, updated_at = NOW()
WHERE id = $1`, id)
} else {
_, _ = s.Pool.Exec(ctx, `
UPDATE backup_remotes SET last_error = $1, updated_at = NOW() WHERE id = $2`,
r.Error, id)
}
}
func (s *Service) uploadOne(ctx context.Context, t Target, localPath string) UploadResult {
start := time.Now()
r := UploadResult{RemoteID: t.ID, RemoteName: t.Name}
var err error
switch t.Kind {
case KindS3:
var settings S3Settings
if e := json.Unmarshal(t.Settings, &settings); e != nil {
err = fmt.Errorf("parse s3 settings: %w", e)
break
}
r.SizeBytes, err = uploadS3(ctx, settings, localPath)
case KindSFTP:
var settings SFTPSettings
if e := json.Unmarshal(t.Settings, &settings); e != nil {
err = fmt.Errorf("parse sftp settings: %w", e)
break
}
r.SizeBytes, err = uploadSFTP(ctx, settings, localPath)
default:
err = fmt.Errorf("unknown kind: %s", t.Kind)
}
r.DurationMs = time.Since(start).Milliseconds()
if err != nil {
r.OK = false
r.Error = err.Error()
} else {
r.OK = true
}
return r
}
// uploadS3 mit minio-go. Funktioniert mit jeder S3-API.
func uploadS3(ctx context.Context, s S3Settings, localPath string) (int64, error) {
if s.Endpoint == "" || s.Bucket == "" || s.AccessKey == "" || s.SecretKey == "" {
return 0, errors.New("s3 settings incomplete (endpoint/bucket/access_key/secret_key required)")
}
cl, err := minio.New(s.Endpoint, &minio.Options{
Creds: miniocred.NewStaticV4(s.AccessKey, s.SecretKey, ""),
Secure: s.UseSSL,
Region: s.Region,
})
if err != nil {
return 0, fmt.Errorf("minio client: %w", err)
}
f, err := os.Open(localPath)
if err != nil {
return 0, err
}
defer f.Close()
stat, err := f.Stat()
if err != nil {
return 0, err
}
objName := filepath.Base(localPath)
if s.PathPrefix != "" {
objName = strings.TrimRight(s.PathPrefix, "/") + "/" + objName
}
info, err := cl.PutObject(ctx, s.Bucket, objName, f, stat.Size(),
minio.PutObjectOptions{ContentType: "application/gzip"})
if err != nil {
return 0, fmt.Errorf("put: %w", err)
}
return info.Size, nil
}
// uploadSFTP — ssh dial + sftp client + Write. Verifiziert Host-Key
// gegen settings.host_key_fingerprint wenn gesetzt (SHA256:...).
func uploadSFTP(ctx context.Context, s SFTPSettings, localPath string) (int64, error) {
if s.Host == "" || s.Port == 0 || s.Username == "" || s.RemoteDir == "" {
return 0, errors.New("sftp settings incomplete (host/port/username/remote_dir required)")
}
var authMethods []ssh.AuthMethod
if s.Password != "" {
authMethods = append(authMethods, ssh.Password(s.Password))
}
if s.PrivateKeyB64 != "" {
keyBytes, err := base64.StdEncoding.DecodeString(s.PrivateKeyB64)
if err != nil {
return 0, fmt.Errorf("decode private_key: %w", err)
}
signer, err := ssh.ParsePrivateKey(keyBytes)
if err != nil {
return 0, fmt.Errorf("parse private_key: %w", err)
}
authMethods = append(authMethods, ssh.PublicKeys(signer))
}
if len(authMethods) == 0 {
return 0, errors.New("no auth method (password or private_key required)")
}
hostKeyCallback := ssh.InsecureIgnoreHostKey()
if fp := strings.TrimSpace(s.HostKeyFingerprint); fp != "" {
expected := fp
hostKeyCallback = func(_ string, _ net.Addr, key ssh.PublicKey) error {
got := ssh.FingerprintSHA256(key)
if got != expected {
return fmt.Errorf("host key mismatch: got %s, expected %s", got, expected)
}
return nil
}
}
cfg := &ssh.ClientConfig{
User: s.Username,
Auth: authMethods,
HostKeyCallback: hostKeyCallback,
Timeout: 15 * time.Second,
}
addr := fmt.Sprintf("%s:%d", s.Host, s.Port)
conn, err := ssh.Dial("tcp", addr, cfg)
if err != nil {
return 0, fmt.Errorf("ssh dial %s: %w", addr, err)
}
defer conn.Close()
cl, err := sftp.NewClient(conn)
if err != nil {
return 0, fmt.Errorf("sftp client: %w", err)
}
defer cl.Close()
// remote-dir anlegen (idempotent)
_ = cl.MkdirAll(s.RemoteDir)
src, err := os.Open(localPath)
if err != nil {
return 0, err
}
defer src.Close()
stat, err := src.Stat()
if err != nil {
return 0, err
}
dstPath := strings.TrimRight(s.RemoteDir, "/") + "/" + filepath.Base(localPath)
dst, err := cl.Create(dstPath)
if err != nil {
return 0, fmt.Errorf("create remote: %w", err)
}
defer dst.Close()
if _, err := io.Copy(dst, src); err != nil {
return 0, fmt.Errorf("copy: %w", err)
}
return stat.Size(), nil
}
// Test schickt ein 1KB-Probe-File und löscht es wieder. Failures hier
// = Konfig-Problem, nicht relevant für Operator-Backup. UI-Endpoint
// nutzt das für den „Verbindung testen"-Button.
func (s *Service) Test(ctx context.Context, t Target) error {
tmp, err := os.CreateTemp("", "eg-remote-test-*.txt")
if err != nil {
return err
}
defer os.Remove(tmp.Name())
_, _ = tmp.WriteString("edgeguard remote-target test " + time.Now().Format(time.RFC3339))
tmp.Close()
r := s.uploadOne(ctx, t, tmp.Name())
if !r.OK {
return errors.New(r.Error)
}
// Cleanup: für S3 → DeleteObject, für SFTP → Remove. Lass uns
// bei beiden ignorieren wenn der Cleanup-Delete fehlschlägt —
// der Operator sieht im Bucket halt eine 1KB-Datei.
switch t.Kind {
case KindS3:
var settings S3Settings
if json.Unmarshal(t.Settings, &settings) == nil {
if cl, err := minio.New(settings.Endpoint, &minio.Options{
Creds: miniocred.NewStaticV4(settings.AccessKey, settings.SecretKey, ""),
Secure: settings.UseSSL,
Region: settings.Region,
}); err == nil {
objName := filepath.Base(tmp.Name())
if settings.PathPrefix != "" {
objName = strings.TrimRight(settings.PathPrefix, "/") + "/" + objName
}
_ = cl.RemoveObject(ctx, settings.Bucket, objName, minio.RemoveObjectOptions{})
}
}
case KindSFTP:
var settings SFTPSettings
if json.Unmarshal(t.Settings, &settings) == nil {
var authMethods []ssh.AuthMethod
if settings.Password != "" {
authMethods = append(authMethods, ssh.Password(settings.Password))
}
if settings.PrivateKeyB64 != "" {
if keyBytes, err := base64.StdEncoding.DecodeString(settings.PrivateKeyB64); err == nil {
if signer, err := ssh.ParsePrivateKey(keyBytes); err == nil {
authMethods = append(authMethods, ssh.PublicKeys(signer))
}
}
}
if len(authMethods) > 0 {
if conn, err := ssh.Dial("tcp", fmt.Sprintf("%s:%d", settings.Host, settings.Port),
&ssh.ClientConfig{User: settings.Username, Auth: authMethods,
HostKeyCallback: ssh.InsecureIgnoreHostKey(), Timeout: 5 * time.Second}); err == nil {
if cl, err := sftp.NewClient(conn); err == nil {
_ = cl.Remove(strings.TrimRight(settings.RemoteDir, "/") + "/" + filepath.Base(tmp.Name()))
cl.Close()
}
conn.Close()
}
}
}
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink