more fixes

backend/scripts/backup.py

@@ -8,18 +8,15 @@ from pathlib import Path
 from huggingface_hub import HfApi, hf_hub_download, CommitOperationAdd
 
 ###############################################################################
-# 1) Determine where the *actual* database file lives
-#    - We read DATA_DIR from the environment, defaulting to "/app/backend/data"
-#    - Then the DB is "webui.db" in that directory.
+# 1) Determine DB location from your env.py (DATA_DIR), defaulting to /app/backend/data
 ###############################################################################
 DATA_DIR = os.environ.get("DATA_DIR", "/app/backend/data")
 DB_FILE_PATH = os.path.join(DATA_DIR, "webui.db")
 
 ###############################################################################
-# 2) Choose a writable directory for our backup artifacts (encrypted .gpg, etc.)
-#    By default, "/tmp" is writable on Hugging Face Spaces.
+# 2) Use /workspace (guaranteed writable on HF Spaces) for backups.
 ###############################################################################
-BACKUP_DIR = "/tmp/open_webui/db_backup"
+BACKUP_DIR = "/workspace/open_webui/db_backup"
 TIMESTAMP_FILE_PATH = os.path.join(BACKUP_DIR, "last_backup_time.txt")
 DB_GPG_PATH = os.path.join(BACKUP_DIR, "webui.db.gpg")
 
@@ -30,17 +27,14 @@ REPO_DB_GPG_FILE = "db_backup/webui.db.gpg"
 
 def ensure_directories():
     """
-    Create and verify the /tmp/open_webui/db_backup directory.
-    We only need to ensure the backup directory is writable, because
-    the DB itself is at DATA_DIR, which might be read-only or read-write
-    depending on your environment.
+    Create/verify /workspace/open_webui/db_backup.
     """
     try:
         os.makedirs(BACKUP_DIR, mode=0o755, exist_ok=True)
         dir_stat = os.stat(BACKUP_DIR)
-        print(f"Backup directory {BACKUP_DIR} created or exists with permissions: {oct(dir_stat.st_mode)[-3:]}")
+        print(f"Backup directory {BACKUP_DIR} exists with permissions: {oct(dir_stat.st_mode)[-3:]}")
         
-        # Verify we can write to this directory
+        # Quick test to verify we can write
         test_file = os.path.join(BACKUP_DIR, '.write_test')
         with open(test_file, 'w') as f:
             f.write('test')
@@ -55,7 +49,7 @@ def ensure_directories():
 
 def verify_database():
     """
-    Ensure the actual database file exists and passes a basic SQLite integrity check.
+    Check that webui.db exists and passes PRAGMA integrity_check.
     """
     if not os.path.exists(DB_FILE_PATH):
         print(f"Database file not found at: {DB_FILE_PATH}")
@@ -74,33 +68,32 @@ def verify_database():
             tables = cursor.fetchall()
             
             if result.lower() == "ok" and len(tables) > 0:
-                print("Database integrity verified successfully")
-                print(f"Found {len(tables)} tables in database")
+                print("Database integrity verified successfully.")
+                print(f"Found {len(tables)} tables in database.")
                 return True
             else:
-                print("Database integrity check failed")
+                print("Database integrity check failed.")
                 if result.lower() != "ok":
                     print(f"Integrity check result: {result}")
                 if len(tables) == 0:
-                    print("No tables found in database")
+                    print("No tables found in database.")
                 return False
     except sqlite3.Error as e:
-        print(f"SQLite error during verification: {e}")
+        print(f"SQLite error: {e}")
         return False
     except Exception as e:
-        print(f"Unexpected error during verification: {e}")
+        print(f"Unexpected error: {e}")
         return False
 
 
 def encrypt_database(passphrase):
     """
-    Encrypt the real DB file (DB_FILE_PATH) using GPG, outputting
-    the .gpg file to /tmp/open_webui/db_backup.
+    Encrypt /app/backend/data/webui.db to /workspace/open_webui/db_backup/webui.db.gpg.
     """
     try:
         print("\nPreparing for database encryption...")
         
-        # Ensure a GPG home directory for key storage
+        # Make sure .gnupg is created with correct permissions
         gnupg_dir = '/root/.gnupg'
         os.makedirs(gnupg_dir, mode=0o700, exist_ok=True)
         
@@ -110,6 +103,7 @@ def encrypt_database(passphrase):
             "--batch",
             "--yes",
             "--passphrase", passphrase,
+            "--pinentry-mode", "loopback",     # <--- important in containers
             "-c",
             "--cipher-algo", "AES256",
             "-o", DB_GPG_PATH,
@@ -128,42 +122,37 @@ def encrypt_database(passphrase):
             return False
         
         if os.path.exists(DB_GPG_PATH):
-            encrypted_size = os.path.getsize(DB_GPG_PATH)
-            print(f"Encryption successful. Encrypted file size: {encrypted_size:,} bytes")
+            size = os.path.getsize(DB_GPG_PATH)
+            print(f"Encryption successful. Encrypted file size: {size:,} bytes")
             return True
         else:
-            print("GPG reported success but the .gpg file was not found.")
+            print("GPG reported success, but webui.db.gpg not found.")
             return False
     except Exception as e:
-        print(f"Encryption failed with exception: {e}")
+        print(f"Encryption failed: {e}")
         return False
 
 
 def get_last_backup_time(repo_id, hf_token):
     """
-    Fetch last backup timestamp from the Hugging Face Space (if present).
+    Retrieve last backup timestamp from the HF repo (if it exists).
     """
     try:
         api = HfApi()
-        files = api.list_repo_files(
-            repo_id=repo_id, 
-            repo_type="space", 
-            token=hf_token
-        )
+        files = api.list_repo_files(repo_id=repo_id, repo_type="space", token=hf_token)
         if REPO_TIMESTAMP_FILE not in files:
-            print("No timestamp file found in repository")
+            print("No timestamp file found in repository.")
             return None
         
-        temp_file = hf_hub_download(
+        tmp_file = hf_hub_download(
             repo_id=repo_id,
             repo_type="space",
             filename=REPO_TIMESTAMP_FILE,
             token=hf_token
         )
-        with open(temp_file, "r", encoding="utf-8") as f:
-            timestamp_str = f.read().strip()
-        
-        return datetime.datetime.fromisoformat(timestamp_str)
+        with open(tmp_file, "r", encoding="utf-8") as f:
+            stamp_str = f.read().strip()
+        return datetime.datetime.fromisoformat(stamp_str)
     except Exception as e:
         print(f"Error getting last backup time: {e}")
         return None
@@ -171,7 +160,7 @@ def get_last_backup_time(repo_id, hf_token):
 
 def save_timestamp_locally():
     """
-    Save the current UTC time to /tmp/open_webui/db_backup/last_backup_time.txt.
+    Save the current UTC time to /workspace/open_webui/db_backup/last_backup_time.txt
     """
     try:
         now = datetime.datetime.now(datetime.timezone.utc)
@@ -190,28 +179,27 @@ def save_timestamp_locally():
 
 def backup_db():
     """
-    Main backup entry point:
-      1. Validate env variables
-      2. Ensure /tmp/open_webui/db_backup is writable
-      3. Check threshold to skip if recently backed up
-      4. Verify DB
-      5. Encrypt DB
-      6. Save local timestamp
-      7. Upload .gpg + timestamp to Hugging Face
+    Main backup process:
+      - Read passphrase, HF creds
+      - Create /workspace/open_webui/db_backup
+      - Possibly skip if threshold not met
+      - Verify DB
+      - Encrypt DB
+      - Save timestamp
+      - Upload to HF
     """
     passphrase = os.environ.get("BACKUP_PASSPHRASE")
     hf_token = os.environ.get("HF_TOKEN")
     space_id = os.environ.get("SPACE_ID")
     
     if not all([passphrase, hf_token, space_id]):
-        print("Error: Missing required environment variables for backup (BACKUP_PASSPHRASE, HF_TOKEN, SPACE_ID).")
+        print("Error: Missing required environment variables (BACKUP_PASSPHRASE, HF_TOKEN, SPACE_ID).")
         return False
     
     if not ensure_directories():
         print("Failed to create or verify backup directories.")
         return False
     
-    # Check threshold
     threshold_minutes = int(os.environ.get("BACKUP_THRESHOLD_MINUTES", 120))
     if threshold_minutes > 0:
         last_backup_dt = get_last_backup_time(space_id, hf_token)
@@ -221,28 +209,27 @@ def backup_db():
                 last_backup_dt = last_backup_dt.replace(tzinfo=datetime.timezone.utc)
             elapsed = now - last_backup_dt
             if elapsed.total_seconds() < threshold_minutes * 60:
-                print(f"Last backup was only {elapsed.total_seconds()/3600:.2f} hours ago")
-                print(f"Threshold is {threshold_minutes} minutes")
-                print("Skipping backup to avoid frequent rebuilds")
+                print(f"Last backup was only {elapsed.total_seconds()/60:.1f} min ago.")
+                print(f"Threshold is {threshold_minutes} minutes. Skipping backup.")
                 return True
     else:
-        print("Backup threshold check disabled (BACKUP_THRESHOLD_MINUTES=0).")
+        print("Backup threshold check disabled (0).")
     
-    # Verify local DB
+    # Verify DB
     if not verify_database():
         print("Database verification failed, aborting backup.")
         return False
     
-    # Encrypt the DB
+    # Encrypt
     if not encrypt_database(passphrase):
         print("Database encryption failed, aborting backup.")
         return False
     
-    # Save local timestamp
+    # Save timestamp
     if not save_timestamp_locally():
-        print("Warning: Failed to save timestamp locally, but continuing to upload.")
+        print("Warning: Failed to save timestamp, but continuing upload.")
     
-    # Upload to Hugging Face
+    # Upload to HF
     print("\nUploading to Hugging Face Spaces...")
     try:
         api = HfApi()
@@ -256,7 +243,6 @@ def backup_db():
                 path_or_fileobj=TIMESTAMP_FILE_PATH
             )
         ]
-        
         api.create_commit(
             repo_id=space_id,
             repo_type="space",
@@ -267,7 +253,7 @@ def backup_db():
         print("Backup files uploaded successfully!")
         return True
     except Exception as e:
-        print(f"Error uploading backup to HuggingFace: {e}")
+        print(f"Error uploading backup to HF: {e}")
         return False