Expose admin endpoint to backup DB

[bketelsen]

consider exposing admin or api endpoint to stream bolt db contents

https://github.com/boltdb/bolt#database-backups

[nilslice]

I've put quite a bit of thought into how to implement this over the course of the build, but want to get a better idea of how other users would expect this to be done.

Currently, you can just cp the .db files and push those out to a backup machine or storage endpoint. But, I haven't tested it on any database of significant size (over 100MB or so).

There are a couple of ways I have considered this, but all have trade-offs in security, management/maintenance, or complexity. All of the following would implement the Bolt io.Writer approach:

1. hardcode endpoint with basic auth
   • would allow easy programmatic remote backup
2. hardcode endpoint with JWT/cookie auth (like /admin/* route auth)
   • all admin users could download in browser, or get their cookie and pass it in curl/wget or similar
   • also fairly easy remote backup, but JWT/cookie expire and would need to be renewed
3. run-time generated endpoint (pseudo-random) displayed in config to admin user
   • just obscuring/hiding the security, probably not the best idea
4. run-time password provided by admin user required in query string or form value of backup request
   • remote backups would need to hardcode password in routine, also not ideal

Any thoughts on these or other implementations?

p.s. since all routes are registered to the DefaultServeMux using just the stdlib net/http package, you can add any routes with custom handlers as long as they don't conflict with existing ones. These could be added in any package (content, addons, admin, etc)

[bketelsen]

I like option 1 best - I just want to curl and download on a cron job

[nilslice]

@bketelsen - I have most of this implemented now as per option 1. The way it works is there is one new route registered at '/admin/backup' that requires a query string:
'?source={system,analytics,uploads}'

Unfortunately I ran out of time before I'm now traveling back to LA, so I can't wrap up and push until later tonight. Just wanted to let you know it's almost there to save you time implementing it yourself in case you were thinking about it.

[nilslice]

@bketelsen - this has been pushed to master. just adding a new release and will then close this issue.

[bketelsen]

Thanks for this!

[nilslice]

Documentation for backups is here: https://github.com/ponzu-cms/ponzu/wiki/Backups in case anyone finds this issue via search while looking for Ponzu backup info.