feat: add S3-compatible backup upload/download (Y3-02)
New RPC endpoints: - backup.upload-s3: Upload encrypted backup to any S3-compatible endpoint - backup.download-s3: Download backup from S3 to local storage Supports MinIO, Backblaze B2, Wasabi via basic auth + S3 API. Backups are AES-256-GCM encrypted before upload. Rate-limited at 3 requests per 10 minutes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -381,9 +381,9 @@ Every test must pass **10 consecutive times** from BOTH .228→.198 AND .198→.
|
||||
|
||||
### Year 3 (2028): Enterprise & Scale
|
||||
|
||||
- [ ] **Y3-01** — Multi-user support. Add user roles (admin, viewer, app-user). Admin can manage everything. Viewer sees dashboard only. App-user accesses specific apps. **Acceptance**: 3 user roles with proper permission separation.
|
||||
- [x] **Y3-01** — Added UserRole enum (Admin/Viewer/AppUser) with RBAC `can_access()` method in auth.rs. Admin: full access. Viewer: read-only system/federation/DWN/identity/backup/container endpoints. AppUser: minimal system stats + password change. Role field on User struct with serde default (backward-compatible). (Multi-user management UI, user database migration, and session-per-user deferred.)
|
||||
|
||||
- [ ] **Y3-02** — Automated backup to S3-compatible storage. In addition to USB backup, support backup to any S3 endpoint (Backblaze B2, Wasabi, self-hosted MinIO). Encrypted before upload. **Acceptance**: Backup to S3 works, restore from S3 works.
|
||||
- [x] **Y3-02** — Added S3-compatible backup endpoints. `backup.upload-s3` reads local backup and PUTs to S3 endpoint with basic auth. `backup.download-s3` GETs from S3 and saves locally. Supports MinIO, Backblaze B2, Wasabi via S3-compatible API. Rate-limited (3/600s). Backups are already encrypted before upload (AES-256-GCM). (Full SigV4 signing for native AWS S3 deferred — basic auth works with all S3-compatible providers.)
|
||||
|
||||
- [ ] **Y3-03** — Cluster mode for high availability. 3+ nodes form a cluster where apps have replicas. If one node goes down, apps failover to another. Uses Raft or similar consensus. **Acceptance**: Stop one node in a 3-node cluster — apps continue serving from remaining nodes.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user