feat(infrastructure): add backups

2026-03-22 15:12:08 +01:00 · 2025-10-12 20:14:48 +02:00
15 changed files with 177 additions and 381 deletions
--- a/7project/backend/app/api/auth.py
+++ b/7project/backend/app/api/auth.py
@@ -1,31 +0,0 @@
 from fastapi import APIRouter
 from app.schemas.user import UserCreate, UserRead, UserUpdate
 from app.services.user_service import auth_backend, fastapi_users
 router = APIRouter()
 # Keep existing paths as-is under /auth/* and /users/*
 router.include_router(
    fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
 )
 router.include_router(
    fastapi_users.get_register_router(UserRead, UserCreate),
    prefix="/auth",
    tags=["auth"],
 )
 router.include_router(
    fastapi_users.get_reset_password_router(),
    prefix="/auth",
    tags=["auth"],
 )
 router.include_router(
    fastapi_users.get_verify_router(UserRead),
    prefix="/auth",
    tags=["auth"],
 )
 router.include_router(
    fastapi_users.get_users_router(UserRead, UserUpdate),
    prefix="/users",
    tags=["users"],
 )
--- a/7project/backend/app/api/categories.py
+++ b/7project/backend/app/api/categories.py
@@ -1,77 +0,0 @@
 from typing import List
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy import select, delete
 from sqlalchemy.ext.asyncio import AsyncSession
 from app.models.categories import Category
 from app.schemas.category import CategoryCreate, CategoryRead
 from app.services.db import get_async_session
 from app.services.user_service import current_active_user
 from app.models.user import User
 router = APIRouter(prefix="/categories", tags=["categories"])
@router.post("/", response_model=CategoryRead, status_code=status.HTTP_201_CREATED)
 async def create_category(
    payload: CategoryCreate,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    # Enforce per-user unique name via query to provide 409 feedback
    res = await session.execute(
        select(Category).where(Category.user_id == user.id, Category.name == payload.name)
    )
    existing = res.scalar_one_or_none()
    if existing:
        raise HTTPException(status_code=409, detail="Category with this name already exists")
    category = Category(name=payload.name, description=payload.description, user_id=user.id)
    session.add(category)
    await session.commit()
    await session.refresh(category)
    return category
@router.get("/", response_model=List[CategoryRead])
 async def list_categories(
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res = await session.execute(select(Category).where(Category.user_id == user.id))
    return list(res.scalars())
@router.get("/{category_id}", response_model=CategoryRead)
 async def get_category(
    category_id: int,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res = await session.execute(
        select(Category).where(Category.id == category_id, Category.user_id == user.id)
    )
    category = res.scalar_one_or_none()
    if not category:
        raise HTTPException(status_code=404, detail="Category not found")
    return category
@router.delete("/{category_id}", status_code=status.HTTP_204_NO_CONTENT)
 async def delete_category(
    category_id: int,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res = await session.execute(
        select(Category.id).where(Category.id == category_id, Category.user_id == user.id)
    )
    if res.scalar_one_or_none() is None:
        raise HTTPException(status_code=404, detail="Category not found")
    await session.execute(
        delete(Category).where(Category.id == category_id, Category.user_id == user.id)
    )
    await session.commit()
    return None
--- a/7project/backend/app/api/transactions.py
+++ b/7project/backend/app/api/transactions.py
@@ -1,213 +0,0 @@
 from typing import List, Optional
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 from app.models.transaction import Transaction
 from app.models.categories import Category
 from app.schemas.transaction import (
    TransactionCreate,
    TransactionRead,
    TransactionUpdate,
 )
 from app.services.db import get_async_session
 from app.services.user_service import current_active_user
 from app.models.user import User
 router = APIRouter(prefix="/transactions", tags=["transactions"])
 def _to_read_model(tx: Transaction) -> TransactionRead:
    return TransactionRead(
        id=tx.id,
        amount=tx.amount,
        description=tx.description,
        category_ids=[c.id for c in (tx.categories or [])],
    )
@router.post("/", response_model=TransactionRead, status_code=status.HTTP_201_CREATED)
 async def create_transaction(
    payload: TransactionCreate,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    tx = Transaction(amount=payload.amount, description=payload.description, user_id=user.id)
    # Attach categories if provided (and owned by user)
    if payload.category_ids:
        res = await session.execute(
            select(Category).where(
                Category.user_id == user.id, Category.id.in_(payload.category_ids)
            )
        )
        categories = list(res.scalars())
        if len(categories) != len(set(payload.category_ids)):
            raise HTTPException(status_code=400, detail="One or more categories not found")
        tx.categories = categories
    session.add(tx)
    await session.commit()
    await session.refresh(tx)
    # Ensure categories are loaded
    await session.refresh(tx, attribute_names=["categories"])
    return _to_read_model(tx)
@router.get("/", response_model=List[TransactionRead])
 async def list_transactions(
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res = await session.execute(
        select(Transaction).where(Transaction.user_id == user.id).order_by(Transaction.id)
    )
    txs = list(res.scalars())
    # Eagerly load categories for each transaction
    for tx in txs:
        await session.refresh(tx, attribute_names=["categories"])
    return [_to_read_model(tx) for tx in txs]
@router.get("/{transaction_id}", response_model=TransactionRead)
 async def get_transaction(
    transaction_id: int,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res = await session.execute(
        select(Transaction).where(
            Transaction.id == transaction_id, Transaction.user_id == user.id
        )
    )
    tx: Optional[Transaction] = res.scalar_one_or_none()
    if not tx:
        raise HTTPException(status_code=404, detail="Transaction not found")
    await session.refresh(tx, attribute_names=["categories"])
    return _to_read_model(tx)
@router.patch("/{transaction_id}", response_model=TransactionRead)
 async def update_transaction(
    transaction_id: int,
    payload: TransactionUpdate,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res = await session.execute(
        select(Transaction).where(
            Transaction.id == transaction_id, Transaction.user_id == user.id
        )
    )
    tx: Optional[Transaction] = res.scalar_one_or_none()
    if not tx:
        raise HTTPException(status_code=404, detail="Transaction not found")
    if payload.amount is not None:
        tx.amount = payload.amount
    if payload.description is not None:
        tx.description = payload.description
    if payload.category_ids is not None:
        # Preload categories to avoid async lazy-load during assignment
        await session.refresh(tx, attribute_names=["categories"])
        if payload.category_ids:
            res = await session.execute(
                select(Category).where(
                    Category.user_id == user.id, Category.id.in_(payload.category_ids)
                )
            )
            categories = list(res.scalars())
            if len(categories) != len(set(payload.category_ids)):
                raise HTTPException(status_code=400, detail="One or more categories not found")
            tx.categories = categories
        else:
            tx.categories = []
    await session.commit()
    await session.refresh(tx, attribute_names=["categories"])
    return _to_read_model(tx)
@router.delete("/{transaction_id}", status_code=status.HTTP_204_NO_CONTENT)
 async def delete_transaction(
    transaction_id: int,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res = await session.execute(
        select(Transaction).where(
            Transaction.id == transaction_id, Transaction.user_id == user.id
        )
    )
    tx = res.scalar_one_or_none()
    if not tx:
        raise HTTPException(status_code=404, detail="Transaction not found")
    await session.delete(tx)
    await session.commit()
    return None
@router.post("/{transaction_id}/categories/{category_id}", response_model=TransactionRead)
 async def assign_category(
    transaction_id: int,
    category_id: int,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    # Load transaction and category ensuring ownership
    res_tx = await session.execute(
        select(Transaction).where(
            Transaction.id == transaction_id, Transaction.user_id == user.id
        )
    )
    tx: Optional[Transaction] = res_tx.scalar_one_or_none()
    if not tx:
        raise HTTPException(status_code=404, detail="Transaction not found")
    res_cat = await session.execute(
        select(Category).where(Category.id == category_id, Category.user_id == user.id)
    )
    cat: Optional[Category] = res_cat.scalar_one_or_none()
    if not cat:
        raise HTTPException(status_code=404, detail="Category not found")
    await session.refresh(tx, attribute_names=["categories"])
    if cat not in tx.categories:
        tx.categories.append(cat)
        await session.commit()
        await session.refresh(tx, attribute_names=["categories"])
    return _to_read_model(tx)
@router.delete("/{transaction_id}/categories/{category_id}", response_model=TransactionRead)
 async def unassign_category(
    transaction_id: int,
    category_id: int,
    session: AsyncSession = Depends(get_async_session),
    user: User = Depends(current_active_user),
 ):
    res_tx = await session.execute(
        select(Transaction).where(
            Transaction.id == transaction_id, Transaction.user_id == user.id
        )
    )
    tx: Optional[Transaction] = res_tx.scalar_one_or_none()
    if not tx:
        raise HTTPException(status_code=404, detail="Transaction not found")
    res_cat = await session.execute(
        select(Category).where(Category.id == category_id, Category.user_id == user.id)
    )
    cat: Optional[Category] = res_cat.scalar_one_or_none()
    if not cat:
        raise HTTPException(status_code=404, detail="Category not found")
    await session.refresh(tx, attribute_names=["categories"])
    if cat in tx.categories:
        tx.categories.remove(cat)
        await session.commit()
        await session.refresh(tx, attribute_names=["categories"])
    return _to_read_model(tx)
--- a/7project/backend/app/app.py
+++ b/7project/backend/app/app.py
@@ -3,10 +3,8 @@ from fastapi.middleware.cors import CORSMiddleware
 from app.models.user import User
-from app.services.user_service import current_active_verified_user
+from app.schemas.user import UserCreate, UserRead, UserUpdate
-from app.api.auth import router as auth_router
+from app.services.user_service import auth_backend, current_active_verified_user, fastapi_users
 from app.api.categories import router as categories_router
 from app.api.transactions import router as transactions_router
 app = FastAPI()
@@ -22,9 +20,29 @@ app.add_middleware(
    allow_headers=["*"],
 )
-app.include_router(auth_router)
+app.include_router(
-app.include_router(categories_router)
+    fastapi_users.get_auth_router(auth_backend), prefix="/auth/jwt", tags=["auth"]
-app.include_router(transactions_router)
+)
 app.include_router(
    fastapi_users.get_register_router(UserRead, UserCreate),
    prefix="/auth",
    tags=["auth"],
 )
 app.include_router(
    fastapi_users.get_reset_password_router(),
    prefix="/auth",
    tags=["auth"],
 )
 app.include_router(
    fastapi_users.get_verify_router(UserRead),
    prefix="/auth",
    tags=["auth"],
 )
 app.include_router(
    fastapi_users.get_users_router(UserRead, UserUpdate),
    prefix="/users",
    tags=["users"],
 )
 # Liveness/root endpoint
--- a/7project/backend/app/schemas/category.py
+++ b/7project/backend/app/schemas/category.py
@@ -1,23 +0,0 @@
 from typing import Optional
 from pydantic import BaseModel
 try:
    # Pydantic v2
    from pydantic import ConfigDict  # type: ignore
    _HAS_V2 = True
 except Exception:  # pragma: no cover
    _HAS_V2 = False
 class CategoryBase(BaseModel):
    name: str
    description: Optional[str] = None
 class CategoryCreate(CategoryBase):
    pass
 class CategoryRead(CategoryBase):
    id: int
    if _HAS_V2:
        model_config = ConfigDict(from_attributes=True)  # type: ignore
    else:  # Pydantic v1 fallback
        class Config:  # type: ignore
            orm_mode = True
--- a/7project/backend/app/schemas/transaction.py
+++ b/7project/backend/app/schemas/transaction.py
@@ -1,21 +0,0 @@
 from typing import List, Optional
 from pydantic import BaseModel, Field
 class TransactionBase(BaseModel):
    amount: float = Field(..., gt=-1e18, lt=1e18)
    description: Optional[str] = None
 class TransactionCreate(TransactionBase):
    category_ids: Optional[List[int]] = None
 class TransactionUpdate(BaseModel):
    amount: Optional[float] = Field(None, gt=-1e18, lt=1e18)
    description: Optional[str] = None
    category_ids: Optional[List[int]] = None
 class TransactionRead(TransactionBase):
    id: int
    category_ids: List[int] = []
    class Config:
        from_attributes = True
--- a/7project/backend/app/schemas/user.py
+++ b/7project/backend/app/schemas/user.py
@@ -4,13 +4,13 @@ from fastapi_users import schemas
 class UserRead(schemas.BaseUser[uuid.UUID]):
    first_name: Optional[str] = None
-    last_name: Optional[str] = None
+    surname: Optional[str] = None
 class UserCreate(schemas.BaseUserCreate):
    first_name: Optional[str] = None
-    last_name: Optional[str] = None
+    surname: Optional[str] = None
 class UserUpdate(schemas.BaseUserUpdate):
    first_name: Optional[str] = None
-    last_name: Optional[str] = None
+    surname: Optional[str] = None
--- a/7project/tofu/main.tf
+++ b/7project/tofu/main.tf
@@ -96,6 +96,13 @@ module "database" {
  phpmyadmin_enabled = var.phpmyadmin_enabled
  cloudflare_domain  = var.cloudflare_domain
  s3_enabled = var.s3_enabled
  s3_bucket = var.s3_bucket
  s3_region = var.s3_region
  s3_endpoint = var.s3_endpoint
  s3_key_id = var.s3_key_id
  s3_key_secret = var.s3_key_secret
 }
 #module "argocd" {
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v2
 name: maxscale-helm
-version: 1.0.8
+version: 1.0.14
 description: Helm chart for MaxScale related Kubernetes manifests
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/backup.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/backup.yaml
@@ -0,0 +1,42 @@
 {{- if .Values.s3.enabled }}
 apiVersion: k8s.mariadb.com/v1alpha1
 kind: Backup
 metadata:
  name: backup
  namespace: mariadb-operator
 spec:
  mariaDbRef:
    name: mariadb-repl
    namespace: mariadb-operator
  schedule:
    cron: "0 */3 * * *"
    suspend: false
  timeZone: "Europe/Prague"
  maxRetention: 720h # 30 days
  compression: bzip2
  storage:
    s3:
      bucket: {{ .Values.s3.bucket | quote }}
      endpoint: {{ .Values.s3.endpoint | quote }}
      accessKeyIdSecretKeyRef:
        name: s3-credentials
        key: key_id
      secretAccessKeySecretKeyRef:
        name: s3-credentials
        key: secret_key
      region: {{ .Values.s3.region | quote }}
      tls:
        enabled: true
  # Define a PVC to use as staging area for keeping the backups while they are being processed.
  stagingStorage:
    persistentVolumeClaim:
      resources:
        requests:
          storage: 10Gi
      accessModes:
        - ReadWriteOnce
  args:
    - --single-transaction
    - --all-databases
  logLevel: info
 {{- end }}
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/garage.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/templates/garage.yaml
@@ -0,0 +1,11 @@
 {{- if .Values.s3.enabled }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: s3-credentials
  namespace: mariadb-operator
 type: Opaque
 stringData:
  key_id: "{{ .Values.s3.key_id }}"
  secret_key: "{{ .Values.s3.key_secret }}"
 {{- end }}
--- a/7project/tofu/modules/maxscale/charts/maxscale-helm/values.yaml
+++ b/7project/tofu/modules/maxscale/charts/maxscale-helm/values.yaml
@@ -14,4 +14,12 @@ metallb:
 phpmyadmin:
  enabled: true
 s3:
  enabled: false
  endpoint: ""
  region: ""
  bucket: ""
  key_id: ""
  key_secret: ""
 base_domain: example.com
--- a/7project/tofu/modules/maxscale/main.tf
+++ b/7project/tofu/modules/maxscale/main.tf
@@ -59,7 +59,7 @@ resource "helm_release" "mariadb-operator" {
 resource "helm_release" "maxscale_helm" {
  name       = "maxscale-helm"
  chart      = "${path.module}/charts/maxscale-helm"
-  version    = "1.0.8"
+  version    = "1.0.14"
  depends_on = [helm_release.mariadb-operator-crds, kubectl_manifest.secrets]
  timeout    = 3600
@@ -71,6 +71,12 @@ resource "helm_release" "maxscale_helm" {
    { name = "metallb.primary_ip", value = var.primary_ip },
    { name = "metallb.secondary_ip", value = var.secondary_ip },
    { name = "phpmyadmin.enabled", value = tostring(var.phpmyadmin_enabled) },
-    { name = "base_domain", value = var.cloudflare_domain }
+    { name = "base_domain", value = var.cloudflare_domain },
    { name = "s3.key_id", value = var.s3_key_id },
    { name = "s3.key_secret", value = var.s3_key_secret },
    { name = "s3.enabled", value = var.s3_enabled },
    { name = "s3.endpoint", value = var.s3_endpoint },
    { name = "s3.region", value = var.s3_region },
    { name = "s3.bucket", value = var.s3_bucket },
  ]
 }
--- a/7project/tofu/modules/maxscale/variables.tf
+++ b/7project/tofu/modules/maxscale/variables.tf
@@ -52,7 +52,39 @@ variable "mariadb_user_password" {
 }
 variable "cloudflare_domain" {
-  type = string
+  type     = string
-  default = "Base cloudflare domain, e.g. example.com"
+  default  = "Base cloudflare domain, e.g. example.com"
  nullable = false
-}
+}
 variable "s3_key_id" {
  description = "S3 Key ID for backups"
  type        = string
  sensitive   = true
 }
 variable "s3_key_secret" {
  description = "S3 Key Secret for backups"
  type        = string
  sensitive   = true
 }
 variable "s3_enabled" {
  description = "Enable S3 backups"
  type        = bool
 }
 variable "s3_endpoint" {
  description = "S3 endpoint for backups"
  type        = string
 }
 variable "s3_region" {
  description = "S3 region for backups"
  type        = string
 }
 variable "s3_bucket" {
  description = "S3 bucket name for backups"
  type        = string
 }
--- a/7project/tofu/variables.tf
+++ b/7project/tofu/variables.tf
@@ -108,3 +108,40 @@ variable "rabbitmq-password" {
  sensitive   = true
  description = "Admin password for RabbitMQ user"
 }
 variable "s3_key_id" {
  description = "S3 Key ID for backups"
  type        = string
  sensitive   = true
  nullable    = false
 }
 variable "s3_key_secret" {
  description = "S3 Key Secret for backups"
  type        = string
  sensitive   = true
  nullable    = false
 }
 variable "s3_enabled" {
  description = "Enable S3 backups"
  type        = bool
 }
 variable "s3_endpoint" {
  description = "S3 endpoint for backups"
  type        = string
 }
 variable "s3_region" {
  description = "S3 region for backups"
  type        = string
 }
 variable "s3_bucket" {
  description = "S3 bucket name for backups"
  type        = string
 }