src/backupintegrity.js

import assert from 'assert';
import backups from './backups.js';
import backupFormats from './backupformats.js';
import backupSites from './backupsites.js';
import BoxError from './boxerror.js';
import consumers from 'node:stream/consumers';
import crypto from 'node:crypto';
import debugModule from 'debug';
import safe from 'safetydance';

const debug = debugModule('box:backupintegrity');


async function downloadBackupInfo(backupSite, backup) {
    const stream = await backupSites.storageApi(backupSite).download(backupSite.config, `${backup.remotePath}.backupinfo`);
    const buffer = await consumers.buffer(stream);
    return buffer;
}

async function verify(backup, backupSite, progressCallback) {
    assert.strictEqual(typeof backup, 'object');
    assert.strictEqual(typeof backupSite, 'object');
    assert.strictEqual(typeof progressCallback, 'function');

    if (backup === null) return [`${backup.id} is missing in database`];

    const [downloadError, backupInfoBuffer] = await safe(downloadBackupInfo(backupSite, backup));
    if (downloadError) {
        const messages = [`Failed to download ${backup.remotePath}.backupinfo: ${downloadError.message}`];
        await backups.setIntegrityResult(backup, 'failed', { messages });
        return;
    }

    const validSignature = crypto.verify(null /* algo */, backupInfoBuffer, backupSite.integrityKeyPair.publicKey, Buffer.from(backup.integrity.signature, 'hex'));
    progressCallback({ message: `Signature valid? ${validSignature}`});

    const backupInfo = JSON.parse(backupInfoBuffer.toString('utf8'));
    const integrityMap = new Map(Object.entries(backupInfo));

    const [verifyError, verifyMessages] = await safe(backupFormats.api(backupSite.format).verify(backupSite, backup.remotePath, integrityMap, progressCallback));
    progressCallback({ message: 'Verification done' });

    const messages = [];
    if (!validSignature) messages.push(`${backup.remotePath}.backupinfo has invalid signature`);
    if (verifyError) messages.push(`Failed to verify ${backup.remotePath}: ${verifyError.message}`);
    if (verifyMessages) messages.push(...verifyMessages);

    debug(`verified: ${JSON.stringify(verifyMessages, null, 4)}`);

    return messages;
}

async function check(backupId, progressCallback) {
    const backup = await backups.get(backupId);
    if (!backup) throw new BoxError(BoxError.BAD_FIELD, 'Backup not found');

    const backupSite = await backupSites.get(backup.siteId);
    if (!backupSite) throw new BoxError(BoxError.BAD_FIELD, 'Backup site not found');

    const aggregatedMessages = [];
    for (const depId of backup.dependsOn) {
        const depBackup = await backups.get(depId);
        const messages = await verify(depBackup, backupSite, progressCallback);

        await backups.setIntegrityResult(backup, messages.length === 0 ? 'passed' : 'failed', { messages });
        if (messages.length) aggregatedMessages.push(`Integrity check of dependent backup ${depBackup.remotePath} failed`);
    }

    const messages = await verify(backup, backupSite, progressCallback);
    aggregatedMessages.push(...messages);
    await backups.setIntegrityResult(backup, aggregatedMessages.length === 0 ? 'passed' : 'failed', { messages: aggregatedMessages });
}

export default {
    check
};
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`import assert from 'assert';`
			`import backups from './backups.js';`
migrate to "export default" 2026-02-14 15:43:24 +01:00			`import backupFormats from './backupformats.js';`
			`import backupSites from './backupsites.js';`
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`import BoxError from './boxerror.js';`
			`import consumers from 'node:stream/consumers';`
			`import crypto from 'node:crypto';`
			`import debugModule from 'debug';`
			`import safe from 'safetydance';`
tgz: integrity check 2025-08-15 16:09:58 +05:30
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`const debug = debugModule('box:backupintegrity');`

Revert "Add no-use-before-define linter rule" 2025-10-08 20:11:55 +02:00
integrity: add integrity check fields and initial UI 2026-02-08 11:17:27 +01:00			`async function downloadBackupInfo(backupSite, backup) {`
rename backupTargets to backupSites 2025-09-12 09:48:37 +02:00			const stream = await backupSites.storageApi(backupSite).download(backupSite.config, `${backup.remotePath}.backupinfo`);
tgz: integrity check 2025-08-15 16:09:58 +05:30			`const buffer = await consumers.buffer(stream);`
integrity: add integrity check fields and initial UI 2026-02-08 11:17:27 +01:00			`return buffer;`
			`}`

			`async function verify(backup, backupSite, progressCallback) {`
			`assert.strictEqual(typeof backup, 'object');`
			`assert.strictEqual(typeof backupSite, 'object');`
			`assert.strictEqual(typeof progressCallback, 'function');`
tgz: integrity check 2025-08-15 16:09:58 +05:30
integrity: add integrity check fields and initial UI 2026-02-08 11:17:27 +01:00			if (backup === null) return [`${backup.id} is missing in database`];

			`const [downloadError, backupInfoBuffer] = await safe(downloadBackupInfo(backupSite, backup));`
			`if (downloadError) {`
			const messages = [`Failed to download ${backup.remotePath}.backupinfo: ${downloadError.message}`];
			`await backups.setIntegrityResult(backup, 'failed', { messages });`
			`return;`
			`}`

			`const validSignature = crypto.verify(null /* algo */, backupInfoBuffer, backupSite.integrityKeyPair.publicKey, Buffer.from(backup.integrity.signature, 'hex'));`
tgz: integrity check 2025-08-15 16:09:58 +05:30			progressCallback({ message: `Signature valid? ${validSignature}`});

integrity: add integrity check fields and initial UI 2026-02-08 11:17:27 +01:00			`const backupInfo = JSON.parse(backupInfoBuffer.toString('utf8'));`
tgz: integrity check 2025-08-15 16:09:58 +05:30			`const integrityMap = new Map(Object.entries(backupInfo));`

integrity: add integrity check fields and initial UI 2026-02-08 11:17:27 +01:00			`const [verifyError, verifyMessages] = await safe(backupFormats.api(backupSite.format).verify(backupSite, backup.remotePath, integrityMap, progressCallback));`
tgz: integrity check 2025-08-15 16:09:58 +05:30			`progressCallback({ message: 'Verification done' });`

integrity: add integrity check fields and initial UI 2026-02-08 11:17:27 +01:00			`const messages = [];`
			if (!validSignature) messages.push(`${backup.remotePath}.backupinfo has invalid signature`);
			if (verifyError) messages.push(`Failed to verify ${backup.remotePath}: ${verifyError.message}`);
			`if (verifyMessages) messages.push(...verifyMessages);`

			debug(`verified: ${JSON.stringify(verifyMessages, null, 4)}`);

			`return messages;`
tgz: integrity check 2025-08-15 16:09:58 +05:30			`}`
integrity: store signature as base64 2025-10-07 18:42:51 +02:00
integrity: add integrity check fields and initial UI 2026-02-08 11:17:27 +01:00			`async function check(backupId, progressCallback) {`
			`const backup = await backups.get(backupId);`
			`if (!backup) throw new BoxError(BoxError.BAD_FIELD, 'Backup not found');`

			`const backupSite = await backupSites.get(backup.siteId);`
			`if (!backupSite) throw new BoxError(BoxError.BAD_FIELD, 'Backup site not found');`

			`const aggregatedMessages = [];`
			`for (const depId of backup.dependsOn) {`
			`const depBackup = await backups.get(depId);`
			`const messages = await verify(depBackup, backupSite, progressCallback);`

			`await backups.setIntegrityResult(backup, messages.length === 0 ? 'passed' : 'failed', { messages });`
			if (messages.length) aggregatedMessages.push(`Integrity check of dependent backup ${depBackup.remotePath} failed`);
			`}`

			`const messages = await verify(backup, backupSite, progressCallback);`
			`aggregatedMessages.push(...messages);`
			`await backups.setIntegrityResult(backup, aggregatedMessages.length === 0 ? 'passed' : 'failed', { messages: aggregatedMessages });`
			`}`
migrate to "export default" 2026-02-14 15:43:24 +01:00
			`export default {`
			`check`
			`};`