Files
novacpx/panel/api/endpoints/backup.php
T
myron 135bbcb0b3 Features #14-17: WordPress Manager, Backup, Cloudflare, TOTP 2FA
- WordPressManager.php: wp-cli wrapper for install/update/clone/delete
- BackupManager.php: tar+mysqldump, schedules, retention, rclone
- CloudflareManager.php: zone/record management, sync, cache purge
- TOTP.php: RFC 6238 pure-PHP with backup codes
- Auth.php: TOTP_REQUIRED two-step login flow
- 4 new API endpoints: wordpress, backup, cloudflare, totp
- DB migration 002: TOTP cols, CF cols, wordpress_installs, backups tables
- admin.js: full UI for all 4 features + TOTP login step
- admin/index.php: sidebar nav for WordPress, 2FA Manager, Cloudflare

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-07 21:13:59 +00:00

83 lines
3.4 KiB
PHP

<?php
require_once NOVACPX_LIB . '/BackupManager.php';
if (!in_array($currentUser['role'], ['admin','reseller','user'])) Response::error('Forbidden', 403);
$bm = new BackupManager();
$body = json_decode(file_get_contents('php://input'), true) ?? [];
$isAdmin = $currentUser['role'] === 'admin';
$accountId = (int)($body['account_id'] ?? $_GET['account_id'] ?? 0);
if ($currentUser['role'] === 'user') $accountId = $currentUser['account_id'] ?? 0;
match ($action) {
'list' => (function() use ($bm, $accountId, $isAdmin) {
$list = $bm->list($isAdmin ? $accountId : $accountId);
Response::success(['backups' => $list, 'disk_used' => $bm->diskUsage($accountId)]);
})(),
'create' => (function() use ($bm, $body, $accountId) {
if (!$accountId) Response::error('account_id required');
$type = in_array($body['type'] ?? 'full', ['full','files','database']) ? $body['type'] : 'full';
$result = $bm->create($accountId, $type);
audit('backup_create', 'backup', ['account_id' => $accountId, 'type' => $type]);
Response::success($result, 'Backup created successfully');
})(),
'restore' => (function() use ($bm, $body, $isAdmin) {
if (!$isAdmin) Response::error('Admin only', 403);
$id = (int)($body['id'] ?? 0);
if (!$id) Response::error('id required');
$bm->restore($id);
audit('backup_restore', 'backup', ['id' => $id]);
Response::success(null, 'Backup restored successfully');
})(),
'download' => (function() use ($bm, $body) {
$id = (int)($body['id'] ?? $_GET['id'] ?? 0);
if (!$id) Response::error('id required');
$path = $bm->getDownloadPath($id);
$name = basename($path);
header('Content-Type: application/gzip');
header("Content-Disposition: attachment; filename=\"{$name}\"");
header('Content-Length: ' . filesize($path));
ob_end_clean();
readfile($path);
exit;
})(),
'delete' => (function() use ($bm, $body, $isAdmin) {
if (!$isAdmin) Response::error('Admin only', 403);
$id = (int)($body['id'] ?? 0);
if (!$id) Response::error('id required');
$bm->delete($id);
audit('backup_delete', 'backup', ['id' => $id]);
Response::success(null, 'Backup deleted');
})(),
'schedule' => (function() use ($bm, $body, $accountId, $isAdmin) {
if (!$isAdmin) Response::error('Admin only', 403);
if (!$accountId) Response::error('account_id required');
$freq = $body['frequency'] ?? 'daily';
$type = $body['type'] ?? 'full';
$retain = (int)($body['retain'] ?? 7);
$bm->setSchedule($accountId, $freq, $type, $retain);
Response::success(null, 'Backup schedule saved');
})(),
'get-schedule' => (function() use ($bm, $accountId) {
if (!$accountId) Response::error('account_id required');
Response::success($bm->getSchedule($accountId));
})(),
'upload-remote' => (function() use ($bm, $body, $isAdmin) {
if (!$isAdmin) Response::error('Admin only', 403);
$id = (int)($body['id'] ?? 0);
$remote = trim($body['remote'] ?? '');
if (!$id || !$remote) Response::error('id and remote required');
$out = $bm->uploadRemote($id, $remote);
Response::success(['output' => $out], 'Upload complete');
})(),
default => Response::error('Unknown action', 404),
};