Merge pull request #707 from PAWECOGmbH/staging

Staging to Production

Author: ptruessel

.github/copilot-instructions.md

@@ -0,0 +1,70 @@
+# Copilot Instructions for Saaster
+
+## Overview
+Saaster is a CFML-based SaaS framework using Lucee 6, NGINX, and MySQL 8.1, containerized via Docker Compose. The codebase is modular, with clear separation between API, frontend, backend, and setup logic. Configuration is flexible and environment-driven.
+
+## Architecture
+- **Core directories:**
+  - `www/`: Main web app (entry points, config, API, resources)
+  - `api/`: API endpoints, JWT auth, Taffy REST framework
+  - `frontend/`: UI, themes, mail templates
+  - `backend/`: Admin, modules, business logic
+  - `setup/`: Installation wizard, mock data loader
+  - `config/`: Environment, NGINX, DB migrations, backups
+- **Database migrations:**
+  - SQL files in `config/db/core/` and `config/db/dev/` for schema and test data
+- **Modularity:**
+  - Features are added via modules in `backend/modules/`
+
+## Developer Workflow
+- **Local setup:**
+  - Use `compose-dev.yml` with Docker Compose
+  - Copy and edit config files from `config/` as described in the README
+  - Access Lucee admin at `/lucee/admin/server.cfm` for DB and SMTP setup
+  - Run setup wizard at `/setup/index.cfm` to initialize app and create sysadmin
+- **Reload config:**
+  - Visit `/index.cfm?reinit=1` after changing `config.cfm`
+- **Test data:**
+  - Import SQL from `config/db/dev/` or use `/setup/mockdata/index.cfm`
+- **Custom Docker image:**
+  - Commit configured Lucee container and update `.env` with new image name
+
+## Conventions & Patterns
+- **CFML/CFM:**
+  - Application logic in `.cfc` (components), views in `.cfm` (templates)
+  - API follows Taffy REST conventions in `api/taffy/`
+  - JWT auth in `api/jwt/`
+- **Config:**
+  - Environment variables in `.env`, app config in `www/config.cfm`
+  - NGINX config in `config/nginx/conf.d/`
+- **Modules:**
+  - Extendable via `backend/modules/` and `api/jwt/models/`
+- **Testing:**
+  - Manual via setup wizard and mock data; no automated test suite detected
+
+## Integration Points
+- **External:**
+  - SMTP (local via Inbucket)
+  - MySQL DB
+  - NGINX reverse proxy
+- **Internal:**
+  - API endpoints communicate via REST (Taffy)
+  - Frontend and backend share config and DB
+
+## Examples
+- To add a new API endpoint: create a `.cfc` in `api/resources/` and register in Taffy
+- To add a module: place in `backend/modules/` and wire up in config
+- To update DB schema: add migration SQL to `config/db/core/`
+
+## References
+- See `readme.md` for setup and workflow details
+- Key config: `config/example.env`, `config/example.base.conf`, `config/example.config_dev.cfm`, `www/config.cfm`
+- Setup logic: `setup/index.cfm`, `setup/mockdata/`
+
+## Coding Instructions
+- Comments and documentation should be in english. Never use german in code comments.
+- Follow standard ColdFusion (Lucee 6) best practices script based.
+- Use 4 spaces for indentation, no tabs.
+- Instead of `var`, always use `local` to declare local variables, but only in functions.
+- Instead of 'for' loops, prefer the cf tag 'loop'.
+- In CF Script, SQL queries must always be built in this order: options, params, sql. The types should be like: {type: "string", value: arguments.importUUID}

config/backup/backup.sh

@@ -1,91 +1,17 @@
 #!/bin/bash
 
-set -a
-
-# --------------------------------------
-# CONFIGURATION
-# --------------------------------------
-
-LOGFILE="/var/log/backup-cron.log"
-echo "[BACKUP START] $(date)" | tee -a $LOGFILE
-
-# Load environment variables from .env
+# Load env
 source "$(dirname "$0")/../../.env"
 
-# Setup volume names and timestamp
-DB_VOLUME="${COMPOSE_PROJECT_NAME}_db_volume"
-USERDATA_VOLUME="${COMPOSE_PROJECT_NAME}_userdata_volume"
-TIMESTAMP=$(date +"%Y%m%d_%H%M")
-
-# Ensure local backup directory exists
-mkdir -p /backup
-
-# Create remote directories if they don't exist
-ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
-  "mkdir -p ${REMOTE_BACKUP_PATH}/{db,userdata,lucee}" >> $LOGFILE 2>&1
-
-# --------------------------------------
-# DATABASE BACKUP
-# --------------------------------------
-
-echo "[DB] Creating archive..." | tee -a $LOGFILE
-docker run --rm -v ${DB_VOLUME}:/volume -v /backup:/backup alpine sh -c \
-  "tar -czf /backup/database_${TIMESTAMP}.tar.gz -C /volume ." >> $LOGFILE 2>&1
-
-echo "[DB] Uploading to remote..." >> $LOGFILE
-scp -i ${SSH_KEY_PATH} /backup/database_${TIMESTAMP}.tar.gz \
-  ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/db/ >> $LOGFILE 2>&1
-
-# Verify and delete local backup if transfer succeeded
-ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
-  "[ -f ${REMOTE_BACKUP_PATH}/db/database_${TIMESTAMP}.tar.gz ]" \
-  && { echo "[DB] Remote verified, deleting local file" | tee -a $LOGFILE; rm /backup/database_${TIMESTAMP}.tar.gz; } \
-  || echo "[DB] Remote file missing – NOT deleted" | tee -a $LOGFILE
-
-# --------------------------------------
-# USERDATA BACKUP
-# --------------------------------------
-
-echo "[USERDATA] Creating archive..." | tee -a $LOGFILE
-docker run --rm -v ${USERDATA_VOLUME}:/volume -v /backup:/backup alpine sh -c \
-  "tar -czf /backup/userdata_${TIMESTAMP}.tar.gz -C /volume ." >> $LOGFILE 2>&1
-
-echo "[USERDATA] Uploading to remote..." | tee -a $LOGFILE
-scp -i ${SSH_KEY_PATH} /backup/userdata_${TIMESTAMP}.tar.gz \
-  ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/userdata/ >> $LOGFILE 2>&1
-
-ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
-  "[ -f ${REMOTE_BACKUP_PATH}/userdata/userdata_${TIMESTAMP}.tar.gz ]" \
-  && { echo "[USERDATA] Remote verified, deleting local file" | tee -a $LOGFILE; rm /backup/userdata_${TIMESTAMP}.tar.gz; } \
-  || echo "[USERDATA] Remote file missing – NOT deleted" | tee -a $LOGFILE
-
-# --------------------------------------
-# LUCEE IMAGE BACKUP
-# --------------------------------------
-
-echo "[LUCEE] Saving Docker image..." | tee -a $LOGFILE
-docker save -o /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar \
-  ${LUCEE_IMAGE}:${LUCEE_IMAGE_VERSION} >> $LOGFILE 2>&1
-
-echo "[LUCEE] Uploading to remote..." | tee -a $LOGFILE
-scp -i ${SSH_KEY_PATH} /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar \
-  ${SERVER_USER}@${SERVER_IP}:${REMOTE_BACKUP_PATH}/lucee/ >> $LOGFILE 2>&1
-
-ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
-  "[ -f ${REMOTE_BACKUP_PATH}/lucee/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar ]" \
-  && { echo "[LUCEE] Remote verified, deleting local file" | tee -a $LOGFILE; rm /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar; } \
-  || echo "[LUCEE] Remote file missing – NOT deleted" | tee -a $LOGFILE
-
-# --------------------------------------
-# REMOTE ROTATION
-# --------------------------------------
-
-echo "[ROTATE] Cleaning up old remote backups..." | tee -a $LOGFILE
-for folder in db userdata lucee; do
-  ssh -i ${SSH_KEY_PATH} ${SERVER_USER}@${SERVER_IP} \
-    "cd ${REMOTE_BACKUP_PATH}/$folder && ls -tp | grep -v '/$' | tail -n +31 | xargs -I {} rm -- {}" >> $LOGFILE 2>&1
-done
-
-echo "[BACKUP DONE] $(date)" | tee -a $LOGFILE
-
-set +a
+# ensure restore scripts are executable
+chmod +x "$(dirname "$0")"/backup_ssh.sh 2>/dev/null
+chmod +x "$(dirname "$0")"/backup_sftp.sh 2>/dev/null
+
+if [[ "$BACKUP_MODE" == "ssh" ]]; then
+    exec "$(dirname "$0")/backup_ssh.sh"
+elif [[ "$BACKUP_MODE" == "sftp" ]]; then
+    exec "$(dirname "$0")/backup_sftp.sh"
+else
+    echo "[ERROR] BACKUP_MODE is invalid → use \"ssh\" or \"sftp\"."
+    exit 1
+fi

config/backup/backup_sftp.sh

@@ -0,0 +1,132 @@
+#!/bin/bash
+set -a
+
+LOGFILE="/var/log/backup-cron.log"
+echo "[BACKUP SFTP MODE] $(date)" | tee -a $LOGFILE
+
+source "$(dirname "$0")/../../.env"
+
+SFTP_FLAGS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null -o CheckHostIP=no -o LogLevel=ERROR -4"
+
+DB_VOLUME="${COMPOSE_PROJECT_NAME}_db_volume"
+USERDATA_VOLUME="${COMPOSE_PROJECT_NAME}_userdata_volume"
+TIMESTAMP=$(date +"%Y%m%d_%H%M")
+
+mkdir -p /backup
+
+# -----------------------------------------
+# CREATE REMOTE FOLDERS
+# -----------------------------------------
+echo "[SFTP] Ensuring remote folders exists..." | tee -a $LOGFILE
+
+sftp -q -i ${SSH_KEY_PATH} ${SFTP_FLAGS} -P ${SERVER_PORT} \
+    ${SERVER_USER}@${SERVER_HOST} >/dev/null 2>&1 <<EOF
+mkdir ${REMOTE_BACKUP_PATH}/db
+mkdir ${REMOTE_BACKUP_PATH}/userdata
+mkdir ${REMOTE_BACKUP_PATH}/lucee
+EOF
+
+
+# -----------------------------------------
+# DB BACKUP
+# -----------------------------------------
+echo "[DB] Creating archive..." | tee -a $LOGFILE
+docker run --rm -v ${DB_VOLUME}:/volume -v /backup:/backup alpine sh -c \
+    "tar -czf /backup/database_${TIMESTAMP}.tar.gz -C /volume ." >> $LOGFILE 2>&1
+
+echo "[DB] Uploading..." | tee -a $LOGFILE
+scp -q -i ${SSH_KEY_PATH} ${SFTP_FLAGS} -P ${SERVER_PORT} \
+    /backup/database_${TIMESTAMP}.tar.gz \
+    ${SERVER_USER}@${SERVER_HOST}:${REMOTE_BACKUP_PATH}/db/ >/dev/null 2>&1
+
+# verify remove
+FILE="database_${TIMESTAMP}.tar.gz"
+sftp -i ${SSH_KEY_PATH} ${SFTP_FLAGS} -P ${SERVER_PORT} ${SERVER_USER}@${SERVER_HOST} <<EOF | grep "$FILE" >/dev/null
+ls ${REMOTE_BACKUP_PATH}/db
+EOF
+[[ $? -eq 0 ]] && rm /backup/${FILE}
+
+# -----------------------------------------
+# USERDATA BACKUP
+# -----------------------------------------
+echo "[USERDATA] Creating archive..." | tee -a $LOGFILE
+docker run --rm -v ${USERDATA_VOLUME}:/volume -v /backup:/backup alpine sh -c \
+    "tar -czf /backup/userdata_${TIMESTAMP}.tar.gz -C /volume ." >> $LOGFILE 2>&1
+
+echo "[USERDATA] Uploading..." | tee -a $LOGFILE
+scp -q -i ${SSH_KEY_PATH} ${SFTP_FLAGS} -P ${SERVER_PORT} \
+    /backup/userdata_${TIMESTAMP}.tar.gz \
+    ${SERVER_USER}@${SERVER_HOST}:${REMOTE_BACKUP_PATH}/userdata/ >/dev/null 2>&1
+
+FILE="userdata_${TIMESTAMP}.tar.gz"
+sftp -i ${SSH_KEY_PATH} ${SFTP_FLAGS} -P ${SERVER_PORT} ${SERVER_USER}@${SERVER_HOST} <<EOF | grep "$FILE" >/dev/null
+ls ${REMOTE_BACKUP_PATH}/userdata
+EOF
+[[ $? -eq 0 ]] && rm /backup/${FILE}
+
+# -----------------------------------------
+# LUCEE IMAGE BACKUP
+# -----------------------------------------
+echo "[LUCEE] Saving Docker image..." | tee -a $LOGFILE
+docker save -o /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar \
+    ${LUCEE_IMAGE}:${LUCEE_IMAGE_VERSION} >> $LOGFILE 2>&1
+
+echo "[LUCEE] Uploading..." | tee -a $LOGFILE
+scp -q -i ${SSH_KEY_PATH} ${SFTP_FLAGS} -P ${SERVER_PORT} \
+    /backup/image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar \
+    ${SERVER_USER}@${SERVER_HOST}:${REMOTE_BACKUP_PATH}/lucee/ >/dev/null 2>&1
+
+FILE="image_${LUCEE_IMAGE}_${LUCEE_IMAGE_VERSION}_${TIMESTAMP}.tar"
+sftp -i ${SSH_KEY_PATH} ${SFTP_FLAGS} -P ${SERVER_PORT} ${SERVER_USER}@${SERVER_HOST} <<EOF | grep "$FILE" >/dev/null
+ls ${REMOTE_BACKUP_PATH}/lucee
+EOF
+[[ $? -eq 0 ]] && rm /backup/${FILE}
+
+echo "[ROTATE] Cleaning up old remote backups..." | tee -a $LOGFILE
+
+for folder in db userdata lucee; do
+    echo "[ROTATE] Folder: $folder" >> $LOGFILE
+
+    RAW=$(
+        sftp -q -i "${SSH_KEY_PATH}" ${SFTP_FLAGS} -P "${SERVER_PORT}" \
+            -b - "${SERVER_USER}@${SERVER_HOST}" <<EOF 2>/dev/null
+ls -1 ${REMOTE_BACKUP_PATH}/${folder}
+EOF
+    )
+
+    FILELIST=$(echo "$RAW" \
+        | grep -v "^sftp>" \
+        | grep -v "^ls" \
+        | sed "s#${REMOTE_BACKUP_PATH}/${folder}/##"
+    )
+
+    [ -z "$FILELIST" ] && continue
+
+    SORTED=$(echo "$FILELIST" | sort -r)
+
+    DELETE=$(echo "$SORTED" | tail -n +$((${MAX_BACKUPS}+1)))
+
+    DELETE_COUNT=$(echo "$DELETE" | grep -c .)
+
+    [ "$DELETE_COUNT" -eq 0 ] && continue
+
+    echo "[ROTATE] $DELETE_COUNT files will be deleted..." >> $LOGFILE
+
+    BATCHFILE=$(mktemp)
+
+    for file in $DELETE; do
+        echo "rm \"${REMOTE_BACKUP_PATH}/${folder}/$file\"" >> "$BATCHFILE"
+    done
+
+    sftp -q -i "${SSH_KEY_PATH}" ${SFTP_FLAGS} -P "${SERVER_PORT}" \
+        -b "$BATCHFILE" "${SERVER_USER}@${SERVER_HOST}" >/dev/null 2>&1
+
+    rm "$BATCHFILE"
+
+    echo "[ROTATE] $DELETE_COUNT files from $folder were deleted." >> $LOGFILE
+done
+
+
+echo "[BACKUP DONE] $(date)" | tee -a $LOGFILE
+
+set +a