2026-06-02 13:47:36 -05:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/**
|
2026-06-11 12:24:27 -05:00
|
|
|
* @package MokoSuiteBackup
|
|
|
|
|
* @subpackage com_mokosuitebackup
|
2026-06-02 13:47:36 -05:00
|
|
|
* @author Moko Consulting <hello@mokoconsulting.tech>
|
|
|
|
|
* @copyright Copyright (C) 2026 Moko Consulting. All rights reserved.
|
|
|
|
|
* @license GNU General Public License version 3 or later; see LICENSE
|
|
|
|
|
*/
|
|
|
|
|
|
2026-06-11 12:24:27 -05:00
|
|
|
namespace Joomla\Component\MokoSuiteBackup\Api\Controller;
|
2026-06-02 13:47:36 -05:00
|
|
|
|
|
|
|
|
defined('_JEXEC') or die;
|
|
|
|
|
|
|
|
|
|
use Joomla\CMS\MVC\Controller\ApiController;
|
2026-06-11 12:24:27 -05:00
|
|
|
use Joomla\Component\MokoSuiteBackup\Administrator\Engine\BackupEngine;
|
2026-06-02 13:47:36 -05:00
|
|
|
|
|
|
|
|
class BackupsController extends ApiController
|
|
|
|
|
{
|
|
|
|
|
protected $contentType = 'backups';
|
|
|
|
|
protected $default_view = 'backups';
|
|
|
|
|
|
|
|
|
|
/**
|
2026-06-11 12:24:27 -05:00
|
|
|
* Start a new backup (POST /api/index.php/v1/mokosuitebackup/backup)
|
2026-06-02 13:47:36 -05:00
|
|
|
*/
|
|
|
|
|
public function backup(): static
|
|
|
|
|
{
|
2026-06-13 07:23:53 -05:00
|
|
|
if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.run', 'com_mokosuitebackup')) {
|
|
|
|
|
$this->app->setHeader('status', 403);
|
|
|
|
|
echo json_encode(['errors' => [['title' => 'Access denied']]]);
|
|
|
|
|
$this->app->close();
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-02 13:47:36 -05:00
|
|
|
$data = json_decode($this->input->json->getRaw(), true) ?: [];
|
|
|
|
|
|
|
|
|
|
$profileId = (int) ($data['profile'] ?? 1);
|
|
|
|
|
$description = $data['description'] ?? 'API backup ' . date('Y-m-d H:i:s');
|
|
|
|
|
|
|
|
|
|
$engine = new BackupEngine();
|
|
|
|
|
$result = $engine->run($profileId, $description, 'api');
|
|
|
|
|
|
|
|
|
|
if ($result['success']) {
|
|
|
|
|
$this->app->setHeader('status', 200);
|
|
|
|
|
echo json_encode(['data' => $result]);
|
|
|
|
|
} else {
|
|
|
|
|
$this->app->setHeader('status', 500);
|
|
|
|
|
echo json_encode(['errors' => [['title' => $result['message']]]]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->app->close();
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2026-06-11 12:24:27 -05:00
|
|
|
* Download a backup archive (GET /api/index.php/v1/mokosuitebackup/backup/:id/download)
|
2026-06-02 13:47:36 -05:00
|
|
|
*/
|
|
|
|
|
public function download(): static
|
|
|
|
|
{
|
2026-06-13 07:23:53 -05:00
|
|
|
if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.download', 'com_mokosuitebackup')) {
|
|
|
|
|
$this->app->setHeader('status', 403);
|
|
|
|
|
echo json_encode(['errors' => [['title' => 'Access denied']]]);
|
|
|
|
|
$this->app->close();
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-02 13:47:36 -05:00
|
|
|
$id = $this->input->getInt('id', 0);
|
|
|
|
|
|
|
|
|
|
$model = $this->getModel('Backup', 'Administrator');
|
|
|
|
|
$item = $model->getItem($id);
|
|
|
|
|
|
|
|
|
|
if (!$item || !$item->id || !$item->filesexist || !is_file($item->absolute_path)) {
|
|
|
|
|
$this->app->setHeader('status', 404);
|
|
|
|
|
echo json_encode(['errors' => [['title' => 'Backup file not found']]]);
|
|
|
|
|
$this->app->close();
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-13 07:42:19 -05:00
|
|
|
// Stream as binary download instead of base64 to avoid memory exhaustion
|
|
|
|
|
while (@ob_end_clean()) {
|
|
|
|
|
// clear all buffers
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$filename = basename($item->archivename ?? $item->absolute_path);
|
|
|
|
|
$filesize = filesize($item->absolute_path);
|
|
|
|
|
$contentType = str_ends_with($filename, '.tar.gz')
|
|
|
|
|
? 'application/gzip'
|
|
|
|
|
: 'application/zip';
|
|
|
|
|
|
|
|
|
|
header('Content-Type: ' . $contentType);
|
2026-06-15 01:10:01 -05:00
|
|
|
header("Content-Disposition: attachment; filename*=UTF-8''" . rawurlencode($filename));
|
2026-06-13 07:42:19 -05:00
|
|
|
header('Content-Length: ' . $filesize);
|
|
|
|
|
header('Cache-Control: no-cache, must-revalidate');
|
|
|
|
|
|
|
|
|
|
readfile($item->absolute_path);
|
2026-06-02 13:47:36 -05:00
|
|
|
|
|
|
|
|
$this->app->close();
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2026-06-11 12:24:27 -05:00
|
|
|
* List backup profiles (GET /api/index.php/v1/mokosuitebackup/profiles)
|
2026-06-02 13:47:36 -05:00
|
|
|
*/
|
|
|
|
|
public function profiles(): static
|
|
|
|
|
{
|
2026-06-13 07:23:53 -05:00
|
|
|
if (!$this->app->getIdentity()->authorise('core.manage', 'com_mokosuitebackup')) {
|
|
|
|
|
$this->app->setHeader('status', 403);
|
|
|
|
|
echo json_encode(['errors' => [['title' => 'Access denied']]]);
|
|
|
|
|
$this->app->close();
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-02 13:47:36 -05:00
|
|
|
$model = $this->getModel('Profiles', 'Administrator');
|
|
|
|
|
$items = $model->getItems();
|
|
|
|
|
|
|
|
|
|
$data = [];
|
|
|
|
|
|
2026-06-21 18:08:58 -05:00
|
|
|
// Strip sensitive credentials before serialization
|
|
|
|
|
$sensitiveFields = [
|
|
|
|
|
'ftp_password', 'ftp_username',
|
|
|
|
|
's3_access_key', 's3_secret_key',
|
|
|
|
|
'gdrive_client_secret', 'gdrive_refresh_token',
|
|
|
|
|
'encryption_password', 'ntfy_token',
|
|
|
|
|
];
|
|
|
|
|
|
2026-06-02 13:47:36 -05:00
|
|
|
foreach ($items as $item) {
|
2026-06-21 18:08:58 -05:00
|
|
|
$safe = clone $item;
|
|
|
|
|
|
|
|
|
|
foreach ($sensitiveFields as $field) {
|
|
|
|
|
if (isset($safe->$field) && $safe->$field !== '') {
|
|
|
|
|
$safe->$field = '***';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-02 13:47:36 -05:00
|
|
|
$data[] = [
|
|
|
|
|
'type' => 'profiles',
|
2026-06-21 18:08:58 -05:00
|
|
|
'id' => $safe->id,
|
|
|
|
|
'attributes' => $safe,
|
2026-06-02 13:47:36 -05:00
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->app->setHeader('status', 200);
|
|
|
|
|
echo json_encode(['data' => $data]);
|
|
|
|
|
$this->app->close();
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
}
|
