* EE-319: backup endpoint (#193) * feat(backup): * add an orbiter to block writes while backup * add backup handler * add an ability to tar.gz a dir * add aes encryption support * EE-320: restore endpoint (#196) * feat(backup): * add restore handler * re-init system state after restore * feat(backup): Update server to respect readonly lock (#199) * feat(backup): EE-322 Add backup and restore screen (#198) Co-authored-by: Simon Meng <simon.meng@portainer.io> * name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss * backup custom templates and edge jobs * restart http and proxy servers after restore to re-init internal state * feat(backup): EE-322 hide password field if password protect toggle is off * feat(backup): EE-322 add tooltip for password field of restore backup * feat(backup): EE-322 wait for backend restart after restoring * Shutdown background go-routines * changed restore err message when cannot extract * fix: symlinks are ignored from backups * replace single admin check with a restartable monitor (#238) * clean log Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com> Co-authored-by: cong meng <mcpacino@gmail.com> Co-authored-by: Simon Meng <simon.meng@portainer.io>
58 lines
1.9 KiB
Go
58 lines
1.9 KiB
Go
package backup
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/mux"
|
|
httperror "github.com/portainer/libhttp/error"
|
|
portainer "github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/adminmonitor"
|
|
"github.com/portainer/portainer/api/http/offlinegate"
|
|
"github.com/portainer/portainer/api/http/security"
|
|
)
|
|
|
|
// Handler is an http handler responsible for backup and restore portainer state
|
|
type Handler struct {
|
|
*mux.Router
|
|
bouncer *security.RequestBouncer
|
|
dataStore portainer.DataStore
|
|
gate *offlinegate.OfflineGate
|
|
filestorePath string
|
|
shutdownTrigger context.CancelFunc
|
|
adminMonitor *adminmonitor.Monitor
|
|
}
|
|
|
|
// NewHandler creates an new instance of backup handler
|
|
func NewHandler(bouncer *security.RequestBouncer, dataStore portainer.DataStore, gate *offlinegate.OfflineGate, filestorePath string, shutdownTrigger context.CancelFunc, adminMonitor *adminmonitor.Monitor) *Handler {
|
|
h := &Handler{
|
|
Router: mux.NewRouter(),
|
|
bouncer: bouncer,
|
|
dataStore: dataStore,
|
|
gate: gate,
|
|
filestorePath: filestorePath,
|
|
shutdownTrigger: shutdownTrigger,
|
|
adminMonitor: adminMonitor,
|
|
}
|
|
|
|
h.Handle("/backup", bouncer.RestrictedAccess(adminAccess(httperror.LoggerHandler(h.backup)))).Methods(http.MethodPost)
|
|
h.Handle("/restore", bouncer.PublicAccess(httperror.LoggerHandler(h.restore))).Methods(http.MethodPost)
|
|
|
|
return h
|
|
}
|
|
|
|
func adminAccess(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
|
if err != nil {
|
|
httperror.WriteError(w, http.StatusInternalServerError, "Unable to retrieve user info from request context", err)
|
|
}
|
|
|
|
if !securityContext.IsAdmin {
|
|
httperror.WriteError(w, http.StatusUnauthorized, "User is not authorized to perfom the action", nil)
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|