Upload 6 files

routers/backup.py

@@ -1,33 +1,53 @@
-"""
+"""
 Backup & Restore API — talks directly to HuggingFace Dataset API.
 
 Flow:
   1. Space asks Worker for HF credentials (token, repo, user path prefix)
   2. Space uploads/downloads/lists archives directly via HuggingFace API
-
-Requires env var:
-  ADMIN_API_URL - URL of the Cloudflare Worker admin API
 """
 
 import os
 import shutil
 import tarfile
+import tempfile
 from datetime import datetime
 from pathlib import Path
 
 import httpx
-from fastapi import APIRouter, HTTPException, BackgroundTasks, Request
+from fastapi import APIRouter, BackgroundTasks, Depends, HTTPException, Query, Request
 
-from config import DATA_DIR, ADMIN_API_URL, BACKUP_DIR
-from storage import load_meta, save_meta, validate_zone_name
+from auth import AuthUser, get_current_user
+from config import ADMIN_API_URL, BACKUP_DIR, DATA_DIR
+from routers.terminal import kill_terminal
+from storage import check_zone_owner, load_meta, save_meta, validate_zone_name
 
 router = APIRouter(prefix="/api/backup", tags=["backup"])
 
 HF_API = "https://huggingface.co/api"
+_backup_status: dict = {"running": False, "last": None, "error": None, "progress": ""}
+
+
+def _utc_stamp() -> str:
+    return datetime.utcnow().strftime("%Y%m%dT%H%M%SZ")
+
+
+def _archive_file_name(zone_name: str) -> str:
+    return f"{zone_name}__{_utc_stamp()}.tar.gz"
+
+
+def _zone_from_backup_name(name: str) -> str:
+    base = Path(name).name
+    if not base.endswith(".tar.gz"):
+        return base
+    stem = base[:-7]
+    return stem.split("__", 1)[0]
+
+
+def _backup_sort_key(item: dict) -> tuple[str, str]:
+    return (item.get("last_modified") or "", item.get("backup_name") or "")
 
 
 def _get_token(request: Request) -> str:
-    """Extract JWT token from request Authorization header."""
     auth = request.headers.get("Authorization", "")
     if auth.startswith("Bearer "):
         return auth[7:]
@@ -35,7 +55,6 @@ def _get_token(request: Request) -> str:
 
 
 def _get_credentials(token: str) -> dict:
-    """Get HF credentials from Worker. Returns {hf_token, repo, path_prefix}."""
     with httpx.Client(timeout=15) as client:
         resp = client.get(
             f"{ADMIN_API_URL}/backup/credentials",
@@ -48,7 +67,6 @@ def _get_credentials(token: str) -> dict:
 
 
 def _log_action(token: str, zone_name: str, action: str, status: str, file_path: str = ""):
-    """Log backup/restore action to Worker (best-effort)."""
     try:
         with httpx.Client(timeout=10) as client:
             client.post(
@@ -60,19 +78,122 @@ def _log_action(token: str, zone_name: str, action: str, status: str, file_path:
         pass
 
 
-def _create_zone_archive(zone_name: str) -> Path:
-    """Create a tar.gz archive of a zone directory."""
+def _create_zone_archive(zone_name: str) -> tuple[Path, str]:
     zone_path = DATA_DIR / zone_name
     if not zone_path.is_dir():
         raise ValueError(f"Zone '{zone_name}' khong ton tai")
 
-    archive_path = BACKUP_DIR / f"{zone_name}.tar.gz"
+    fd, temp_path = tempfile.mkstemp(prefix=f"{zone_name}-", suffix=".tar.gz", dir=str(BACKUP_DIR))
+    os.close(fd)
+    archive_path = Path(temp_path)
     with tarfile.open(archive_path, "w:gz") as tar:
         tar.add(str(zone_path), arcname=zone_name)
-    return archive_path
+    return archive_path, _archive_file_name(zone_name)
 
 
-_backup_status: dict = {"running": False, "last": None, "error": None, "progress": ""}
+def _assert_restore_allowed(zone_name: str, user: AuthUser):
+    meta = load_meta()
+    if zone_name in meta:
+        check_zone_owner(zone_name, user.sub, user.role)
+
+
+def _extract_archive(archive_path: Path, zone_name: str):
+    zone_path = DATA_DIR / zone_name
+    if zone_path.exists():
+        shutil.rmtree(zone_path)
+    zone_path.mkdir(parents=True, exist_ok=True)
+
+    with tarfile.open(archive_path, "r:gz") as tar:
+        for member in tar.getmembers():
+            member_path = os.path.normpath(member.name)
+            if member_path.startswith("..") or os.path.isabs(member_path):
+                raise ValueError(f"Archive chua path khong an toan: {member.name}")
+            if member_path != zone_name and not member_path.startswith(f"{zone_name}/"):
+                raise ValueError(f"Archive chua path ngoai zone: {member.name}")
+        tar.extractall(path=str(DATA_DIR), filter="data")
+
+
+def _ensure_restored_meta(zone_name: str, user: AuthUser):
+    meta = load_meta()
+    if zone_name not in meta:
+        meta[zone_name] = {
+            "description": "Restored from backup",
+            "created": datetime.now().isoformat(),
+            "owner_id": user.sub,
+            "owner_name": user.username,
+        }
+        save_meta(meta)
+
+
+def _download_from_hf(creds: dict, backup_name: str) -> bytes:
+    file_path = f"{creds['path_prefix']}/{backup_name}"
+    with httpx.Client(timeout=300, follow_redirects=True) as client:
+        resp = client.get(
+            f"https://huggingface.co/datasets/{creds['repo']}/resolve/main/{file_path}",
+            headers={"Authorization": f"Bearer {creds['hf_token']}"},
+        )
+        if resp.status_code == 404:
+            raise FileNotFoundError(f"Backup '{backup_name}' khong ton tai")
+        if resp.status_code != 200:
+            raise ValueError(f"HF download error: {resp.status_code}")
+        return resp.content
+
+
+def _list_backups_from_hf(creds: dict) -> list[dict]:
+    with httpx.Client(timeout=30) as client:
+        resp = client.get(
+            f"{HF_API}/datasets/{creds['repo']}/tree/main/{creds['path_prefix']}",
+            headers={"Authorization": f"Bearer {creds['hf_token']}"},
+        )
+    if resp.status_code == 404:
+        return []
+    if resp.status_code != 200:
+        raise ValueError(f"HF API error: {resp.status_code} {resp.text}")
+
+    meta = load_meta()
+    items: list[dict] = []
+    for entry in resp.json():
+        path = entry.get("path", "")
+        if entry.get("type") != "file" or not path.endswith(".tar.gz"):
+            continue
+        backup_name = path.split("/")[-1]
+        zone_name = _zone_from_backup_name(backup_name)
+        items.append(
+            {
+                "zone_name": zone_name,
+                "backup_name": backup_name,
+                "file": path,
+                "size": (entry.get("lfs") or {}).get("size") or entry.get("size", 0),
+                "last_modified": (entry.get("lastCommit") or {}).get("date", ""),
+                "local_exists": zone_name in meta,
+            }
+        )
+    return sorted(items, key=_backup_sort_key, reverse=True)
+
+
+def _delete_backup_from_hf(creds: dict, backup_name: str):
+    from huggingface_hub import HfApi
+
+    api = HfApi(token=creds["hf_token"])
+    api.delete_file(
+        path_in_repo=f"{creds['path_prefix']}/{backup_name}",
+        repo_id=creds["repo"],
+        repo_type="dataset",
+        commit_message=f"Delete backup: {backup_name}",
+    )
+
+
+def _upload_to_hf(creds: dict, backup_name: str, archive_path: Path):
+    from huggingface_hub import HfApi
+
+    api = HfApi(token=creds["hf_token"])
+    api.upload_file(
+        path_or_fileobj=str(archive_path),
+        path_in_repo=f"{creds['path_prefix']}/{backup_name}",
+        repo_id=creds["repo"],
+        repo_type="dataset",
+        commit_message=f"Backup: {backup_name}",
+    )
 
 
 @router.get("/status")
@@ -88,74 +209,76 @@ def backup_status():
 
 
 @router.get("/list")
-async def list_backups(request: Request):
+async def list_backups(request: Request, user: AuthUser = Depends(get_current_user)):
     if not ADMIN_API_URL:
         raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh")
+
     token = _get_token(request)
     if not token:
         raise HTTPException(401, "Chua dang nhap")
+
     try:
         creds = _get_credentials(token)
-        async with httpx.AsyncClient(timeout=30) as client:
-            resp = await client.get(
-                f"{HF_API}/datasets/{creds['repo']}/tree/main/{creds['path_prefix']}",
-                headers={"Authorization": f"Bearer {creds['hf_token']}"},
-            )
-            if resp.status_code == 404:
-                return []
-            if resp.status_code != 200:
-                raise HTTPException(502, f"HF API error: {resp.status_code} {resp.text}")
-            tree = resp.json()
-            meta = load_meta()
-            return [
-                {
-                    "zone_name": f["path"].split("/")[-1].replace(".tar.gz", ""),
-                    "file": f["path"],
-                    "size": (f.get("lfs") or {}).get("size") or f.get("size", 0),
-                    "last_modified": (f.get("lastCommit") or {}).get("date", ""),
-                    "local_exists": f["path"].split("/")[-1].replace(".tar.gz", "") in meta,
-                }
-                for f in tree
-                if f.get("type") == "file" and f["path"].endswith(".tar.gz")
-            ]
+        backups = _list_backups_from_hf(creds)
+        if user.role == "admin":
+            return backups
+
+        meta = load_meta()
+        allowed = {name for name, info in meta.items() if info.get("owner_id") == user.sub}
+        return [item for item in backups if item["zone_name"] in allowed or not item["local_exists"]]
     except ValueError as e:
         raise HTTPException(502, str(e))
     except httpx.HTTPError as e:
         raise HTTPException(502, f"Khong the ket noi: {e}")
 
 
-def _upload_to_hf(creds: dict, zone_name: str, archive_path: Path):
-    """Upload archive directly to HuggingFace Dataset via huggingface_hub."""
-    from huggingface_hub import HfApi
+@router.delete("/file")
+async def delete_backup_file(
+    request: Request,
+    backup_name: str = Query(...),
+    user: AuthUser = Depends(get_current_user),
+):
+    if not ADMIN_API_URL:
+        raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh")
 
-    file_path = f"{creds['path_prefix']}/{zone_name}.tar.gz"
-    api = HfApi(token=creds["hf_token"])
-    api.upload_file(
-        path_or_fileobj=str(archive_path),
-        path_in_repo=file_path,
-        repo_id=creds["repo"],
-        repo_type="dataset",
-        commit_message=f"Backup zone: {zone_name}",
-    )
+    zone_name = _zone_from_backup_name(backup_name)
+    try:
+        _assert_restore_allowed(zone_name, user)
+        creds = _get_credentials(_get_token(request))
+        _delete_backup_from_hf(creds, backup_name)
+        _log_action(_get_token(request), zone_name, "delete_backup", "success", backup_name)
+        return {"ok": True}
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+    except Exception as e:
+        raise HTTPException(502, str(e))
 
 
 @router.post("/zone/{zone_name}")
-async def backup_zone(zone_name: str, request: Request, background_tasks: BackgroundTasks):
+async def backup_zone(
+    zone_name: str,
+    request: Request,
+    background_tasks: BackgroundTasks,
+    user: AuthUser = Depends(get_current_user),
+):
     if not ADMIN_API_URL:
         raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh")
+
     token = _get_token(request)
     if not token:
         raise HTTPException(401, "Chua dang nhap")
+
     try:
         validate_zone_name(zone_name)
+        check_zone_owner(zone_name, user.sub, user.role)
         if not (DATA_DIR / zone_name).is_dir():
             raise ValueError(f"Zone '{zone_name}' khong ton tai")
     except ValueError as e:
         raise HTTPException(400, str(e))
+
     if _backup_status["running"]:
         raise HTTPException(409, "Dang co backup khac dang chay")
 
-    # Fetch credentials before background task (validates JWT now)
     try:
         creds = _get_credentials(token)
     except ValueError as e:
@@ -165,21 +288,21 @@ async def backup_zone(zone_name: str, request: Request, background_tasks: Backgr
         _backup_status["running"] = True
         _backup_status["error"] = None
         _backup_status["progress"] = f"Dang backup zone: {zone_name}..."
+        archive_path: Path | None = None
+        backup_name = ""
         try:
-            archive_path = _create_zone_archive(zone_name)
-            try:
-                _upload_to_hf(creds, zone_name, archive_path)
-            finally:
-                archive_path.unlink(missing_ok=True)
-            _log_action(token, zone_name, "backup", "success",
-                        f"{creds['path_prefix']}/{zone_name}.tar.gz")
+            archive_path, backup_name = _create_zone_archive(zone_name)
+            _upload_to_hf(creds, backup_name, archive_path)
+            _log_action(token, zone_name, "backup", "success", f"{creds['path_prefix']}/{backup_name}")
             _backup_status["last"] = datetime.now().isoformat()
             _backup_status["progress"] = f"Backup zone {zone_name} thanh cong"
         except Exception as e:
             _backup_status["error"] = str(e)
             _backup_status["progress"] = f"Loi backup: {e}"
-            _log_action(token, zone_name, "backup", "error")
+            _log_action(token, zone_name, "backup", "error", backup_name)
         finally:
+            if archive_path:
+                archive_path.unlink(missing_ok=True)
             _backup_status["running"] = False
 
     background_tasks.add_task(_run)
@@ -187,9 +310,14 @@ async def backup_zone(zone_name: str, request: Request, background_tasks: Backgr
 
 
 @router.post("/all")
-async def backup_all(request: Request, background_tasks: BackgroundTasks):
+async def backup_all(
+    request: Request,
+    background_tasks: BackgroundTasks,
+    user: AuthUser = Depends(get_current_user),
+):
     if not ADMIN_API_URL:
         raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh")
+
     token = _get_token(request)
     if not token:
         raise HTTPException(401, "Chua dang nhap")
@@ -201,27 +329,26 @@ async def backup_all(request: Request, background_tasks: BackgroundTasks):
     except ValueError as e:
         raise HTTPException(502, str(e))
 
+    meta = load_meta()
+    zone_names = [
+        name for name, info in meta.items()
+        if (DATA_DIR / name).is_dir() and (user.role == "admin" or info.get("owner_id") == user.sub)
+    ]
+
     def _run():
         _backup_status["running"] = True
         _backup_status["error"] = None
         _backup_status["progress"] = "Dang backup tat ca zones..."
         try:
-            meta = load_meta()
-            total = len(meta)
-            done = 0
-            for zone_name in meta:
-                zone_path = DATA_DIR / zone_name
-                if not zone_path.is_dir():
-                    continue
-                _backup_status["progress"] = f"Dang backup zone {zone_name} ({done + 1}/{total})..."
-                archive_path = _create_zone_archive(zone_name)
+            total = len(zone_names)
+            for idx, zone_name in enumerate(zone_names, start=1):
+                _backup_status["progress"] = f"Dang backup zone {zone_name} ({idx}/{total})..."
+                archive_path, backup_name = _create_zone_archive(zone_name)
                 try:
-                    _upload_to_hf(creds, zone_name, archive_path)
+                    _upload_to_hf(creds, backup_name, archive_path)
                 finally:
                     archive_path.unlink(missing_ok=True)
-                _log_action(token, zone_name, "backup", "success",
-                            f"{creds['path_prefix']}/{zone_name}.tar.gz")
-                done += 1
+                _log_action(token, zone_name, "backup", "success", f"{creds['path_prefix']}/{backup_name}")
             _backup_status["last"] = datetime.now().isoformat()
             _backup_status["progress"] = "Backup tat ca zones thanh cong"
         except Exception as e:
@@ -234,37 +361,38 @@ async def backup_all(request: Request, background_tasks: BackgroundTasks):
     return {"ok": True, "message": "Dang backup tat ca zones trong nen..."}
 
 
-def _download_from_hf(creds: dict, zone_name: str) -> bytes:
-    """Download archive directly from HuggingFace Dataset."""
-    file_path = f"{creds['path_prefix']}/{zone_name}.tar.gz"
-    with httpx.Client(timeout=300, follow_redirects=True) as client:
-        resp = client.get(
-            f"https://huggingface.co/datasets/{creds['repo']}/resolve/main/{file_path}",
-            headers={"Authorization": f"Bearer {creds['hf_token']}"},
-        )
-        if resp.status_code == 404:
-            raise FileNotFoundError(f"Backup zone '{zone_name}' khong ton tai")
-        if resp.status_code != 200:
-            raise ValueError(f"HF download error: {resp.status_code}")
-        return resp.content
-
-
 @router.post("/restore/{zone_name}")
-async def restore_zone(zone_name: str, request: Request, background_tasks: BackgroundTasks):
+async def restore_zone(
+    zone_name: str,
+    request: Request,
+    background_tasks: BackgroundTasks,
+    backup_name: str | None = Query(None),
+    user: AuthUser = Depends(get_current_user),
+):
     if not ADMIN_API_URL:
         raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh")
+
     token = _get_token(request)
     if not token:
         raise HTTPException(401, "Chua dang nhap")
+
     try:
         validate_zone_name(zone_name)
+        _assert_restore_allowed(zone_name, user)
     except ValueError as e:
         raise HTTPException(400, str(e))
+
     if _backup_status["running"]:
         raise HTTPException(409, "Dang co backup/restore khac dang chay")
 
     try:
         creds = _get_credentials(token)
+        target_backup_name = backup_name
+        if not target_backup_name:
+            backups = [item for item in _list_backups_from_hf(creds) if item["zone_name"] == zone_name]
+            if not backups:
+                raise ValueError(f"Khong tim thay backup cho zone '{zone_name}'")
+            target_backup_name = backups[0]["backup_name"]
     except ValueError as e:
         raise HTTPException(502, str(e))
 
@@ -272,40 +400,26 @@ async def restore_zone(zone_name: str, request: Request, background_tasks: Backg
         _backup_status["running"] = True
         _backup_status["error"] = None
         _backup_status["progress"] = f"Dang restore zone: {zone_name}..."
+        archive_path: Path | None = None
         try:
-            data = _download_from_hf(creds, zone_name)
-            archive_path = BACKUP_DIR / f"{zone_name}.tar.gz"
+            data = _download_from_hf(creds, target_backup_name)
+            fd, temp_path = tempfile.mkstemp(prefix=f"restore-{zone_name}-", suffix=".tar.gz", dir=str(BACKUP_DIR))
+            os.close(fd)
+            archive_path = Path(temp_path)
             archive_path.write_bytes(data)
-
-            try:
-                zone_path = DATA_DIR / zone_name
-                if zone_path.exists():
-                    shutil.rmtree(zone_path)
-                zone_path.mkdir(parents=True, exist_ok=True)
-                with tarfile.open(archive_path, "r:gz") as tar:
-                    for member in tar.getmembers():
-                        member_path = os.path.normpath(member.name)
-                        if member_path.startswith("..") or os.path.isabs(member_path):
-                            raise ValueError(f"Archive chua path khong an toan: {member.name}")
-                        if not member_path.startswith(zone_name):
-                            raise ValueError(f"Archive chua path ngoai zone: {member.name}")
-                    tar.extractall(path=str(DATA_DIR), filter="data")
-                meta = load_meta()
-                if zone_name not in meta:
-                    meta[zone_name] = {"description": f"Restored from backup", "created": datetime.now().isoformat()}
-                    save_meta(meta)
-            finally:
-                archive_path.unlink(missing_ok=True)
-
-            _log_action(token, zone_name, "restore", "success",
-                        f"{creds['path_prefix']}/{zone_name}.tar.gz")
+            kill_terminal(zone_name)
+            _extract_archive(archive_path, zone_name)
+            _ensure_restored_meta(zone_name, user)
+            _log_action(token, zone_name, "restore", "success", f"{creds['path_prefix']}/{target_backup_name}")
             _backup_status["last"] = datetime.now().isoformat()
             _backup_status["progress"] = f"Restore zone {zone_name} thanh cong"
         except Exception as e:
             _backup_status["error"] = str(e)
             _backup_status["progress"] = f"Loi restore: {e}"
-            _log_action(token, zone_name, "restore", "error")
+            _log_action(token, zone_name, "restore", "error", target_backup_name or "")
         finally:
+            if archive_path:
+                archive_path.unlink(missing_ok=True)
             _backup_status["running"] = False
 
     background_tasks.add_task(_run)
@@ -313,9 +427,14 @@ async def restore_zone(zone_name: str, request: Request, background_tasks: Backg
 
 
 @router.post("/restore-all")
-async def restore_all(request: Request, background_tasks: BackgroundTasks):
+async def restore_all(
+    request: Request,
+    background_tasks: BackgroundTasks,
+    user: AuthUser = Depends(get_current_user),
+):
     if not ADMIN_API_URL:
         raise HTTPException(400, "ADMIN_API_URL chua duoc cau hinh")
+
     token = _get_token(request)
     if not token:
         raise HTTPException(401, "Chua dang nhap")
@@ -327,64 +446,46 @@ async def restore_all(request: Request, background_tasks: BackgroundTasks):
     except ValueError as e:
         raise HTTPException(502, str(e))
 
+    try:
+        backups = _list_backups_from_hf(creds)
+    except ValueError as e:
+        raise HTTPException(502, str(e))
+
+    latest_by_zone: dict[str, dict] = {}
+    for item in backups:
+        zone_name = item["zone_name"]
+        try:
+            _assert_restore_allowed(zone_name, user)
+        except ValueError:
+            continue
+        latest_by_zone.setdefault(zone_name, item)
+
     def _run():
         _backup_status["running"] = True
         _backup_status["error"] = None
         _backup_status["progress"] = "Dang restore tat ca zones..."
         try:
-            # List backups from HF directly
-            with httpx.Client(timeout=30) as client:
-                resp = client.get(
-                    f"{HF_API}/datasets/{creds['repo']}/tree/main/{creds['path_prefix']}",
-                    headers={"Authorization": f"Bearer {creds['hf_token']}"},
-                )
-            if resp.status_code == 404:
-                _backup_status["progress"] = "Khong co backup nao"
-                return
-            if resp.status_code != 200:
-                raise ValueError(f"HF API error: {resp.status_code}")
-
-            tree = resp.json()
-            backup_files = [
-                f for f in tree
-                if f.get("type") == "file" and f["path"].endswith(".tar.gz")
-            ]
-            total = len(backup_files)
+            items = list(latest_by_zone.values())
+            total = len(items)
             done = 0
-            for bf in backup_files:
-                zn = bf["path"].split("/")[-1].replace(".tar.gz", "")
-                _backup_status["progress"] = f"Dang restore zone {zn} ({done + 1}/{total})..."
-                try:
-                    data = _download_from_hf(creds, zn)
-                except FileNotFoundError:
-                    continue
-                archive_path = BACKUP_DIR / f"{zn}.tar.gz"
-                archive_path.write_bytes(data)
-
+            for idx, item in enumerate(items, start=1):
+                zone_name = item["zone_name"]
+                backup_name = item["backup_name"]
+                _backup_status["progress"] = f"Dang restore zone {zone_name} ({idx}/{total})..."
+                archive_path: Path | None = None
                 try:
-                    zone_path = DATA_DIR / zn
-                    if zone_path.exists():
-                        shutil.rmtree(zone_path)
-                    zone_path = DATA_DIR / zn
-                    if zone_path.exists():
-                        shutil.rmtree(zone_path)
-                    zone_path.mkdir(parents=True, exist_ok=True)
-                    with tarfile.open(archive_path, "r:gz") as tar:
-                        for member in tar.getmembers():
-                            member_path = os.path.normpath(member.name)
-                            if member_path.startswith("..") or os.path.isabs(member_path):
-                                raise ValueError(f"Archive chua path khong an toan: {member.name}")
-                            if not member_path.startswith(zn):
-                                raise ValueError(f"Archive chua path ngoai zone: {member.name}")
-                        tar.extractall(path=str(DATA_DIR), filter="data")
-                    meta = load_meta()
-                    if zn not in meta:
-                        meta[zn] = {"description": "Restored from backup", "created": datetime.now().isoformat()}
-                        save_meta(meta)
+                    data = _download_from_hf(creds, backup_name)
+                    fd, temp_path = tempfile.mkstemp(prefix=f"restore-{zone_name}-", suffix=".tar.gz", dir=str(BACKUP_DIR))
+                    os.close(fd)
+                    archive_path = Path(temp_path)
+                    archive_path.write_bytes(data)
+                    kill_terminal(zone_name)
+                    _extract_archive(archive_path, zone_name)
+                    _ensure_restored_meta(zone_name, user)
+                    done += 1
                 finally:
-                    archive_path.unlink(missing_ok=True)
-                done += 1
-
+                    if archive_path:
+                        archive_path.unlink(missing_ok=True)
             _backup_status["last"] = datetime.now().isoformat()
             _backup_status["progress"] = f"Restore {done}/{total} zones thanh cong"
         except Exception as e:

routers/files.py

@@ -1,144 +1,157 @@
-"""
-File management API.
-
-Single Responsibility: only handles file CRUD operations within zones.
-Separated from zone management (zones.py) — each has its own reason to change.
-"""
-
-import os
-import shutil
-from datetime import datetime
-from pathlib import Path
-
-from fastapi import APIRouter, Depends, Form, File, UploadFile, Query, HTTPException
-from fastapi.responses import FileResponse
-
-from auth import AuthUser, get_current_user
-from storage import get_zone_path, safe_path, check_zone_owner
-
-router = APIRouter(prefix="/api/zones/{zone_name}/files", tags=["files"])
-
-
-def _check_access(zone_name: str, user: AuthUser):
-    """Validate zone access for the current user."""
-    check_zone_owner(zone_name, user.sub, user.role)
-
-
-@router.get("")
-def list_files(zone_name: str, path: str = Query(""), user: AuthUser = Depends(get_current_user)):
-    try:
-        _check_access(zone_name, user)
-        zone_path = get_zone_path(zone_name)
-        target = safe_path(zone_path, path)
-        if not target.is_dir():
-            raise ValueError("Không phải thư mục")
-        return [
-            {
-                "name": item.name,
-                "is_dir": item.is_dir(),
-                "size": item.stat().st_size if item.is_file() else 0,
-                "modified": datetime.fromtimestamp(item.stat().st_mtime).isoformat(),
-            }
-            for item in sorted(target.iterdir())
-        ]
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.get("/read")
-def read_file(zone_name: str, path: str = Query(...), user: AuthUser = Depends(get_current_user)):
-    try:
-        _check_access(zone_name, user)
-        zone_path = get_zone_path(zone_name)
-        target = safe_path(zone_path, path)
-        if not target.is_file():
-            raise ValueError("File không tồn tại")
-        return {"content": target.read_text(encoding="utf-8", errors="replace"), "path": path}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.get("/download")
-def download_file(zone_name: str, path: str = Query(...), user: AuthUser = Depends(get_current_user)):
-    try:
-        _check_access(zone_name, user)
-        zone_path = get_zone_path(zone_name)
-        target = safe_path(zone_path, path)
-        if not target.is_file():
-            raise HTTPException(404, "File không tồn tại")
-        return FileResponse(target, filename=target.name)
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.post("/write")
-def write_file(zone_name: str, path: str = Form(...), content: str = Form(...), user: AuthUser = Depends(get_current_user)):
-    try:
-        _check_access(zone_name, user)
-        zone_path = get_zone_path(zone_name)
-        target = safe_path(zone_path, path)
-        target.parent.mkdir(parents=True, exist_ok=True)
-        target.write_text(content, encoding="utf-8")
-        return {"ok": True}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.post("/mkdir")
-def create_folder(zone_name: str, path: str = Form(...), user: AuthUser = Depends(get_current_user)):
-    try:
-        _check_access(zone_name, user)
-        zone_path = get_zone_path(zone_name)
-        target = safe_path(zone_path, path)
-        target.mkdir(parents=True, exist_ok=True)
-        return {"ok": True}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.post("/upload")
-async def upload_file(zone_name: str, path: str = Form(""), file: UploadFile = File(...), user: AuthUser = Depends(get_current_user)):
-    try:
-        _check_access(zone_name, user)
-        zone_path = get_zone_path(zone_name)
-        dest = safe_path(zone_path, os.path.join(path, file.filename))
-        dest.parent.mkdir(parents=True, exist_ok=True)
-        content = await file.read()
-        dest.write_bytes(content)
-        return {"ok": True, "path": str(dest.relative_to(zone_path))}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.delete("")
-def delete_file(zone_name: str, path: str = Query(...), user: AuthUser = Depends(get_current_user)):
-    try:
-        _check_access(zone_name, user)
-        zone_path = get_zone_path(zone_name)
-        target = safe_path(zone_path, path)
-        if target == zone_path.resolve():
-            raise ValueError("Không thể xoá thư mục gốc zone")
-        if target.is_dir():
-            shutil.rmtree(target)
-        elif target.is_file():
-            target.unlink()
-        else:
-            raise ValueError("File/thư mục không tồn tại")
-        return {"ok": True}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.post("/rename")
-def rename_file(zone_name: str, old_path: str = Form(...), new_name: str = Form(...), user: AuthUser = Depends(get_current_user)):
-    try:
-        _check_access(zone_name, user)
-        zone_path = get_zone_path(zone_name)
-        source = safe_path(zone_path, old_path)
-        if not source.exists():
-            raise ValueError("File/thư mục nguồn không tồn tại")
-        dest = safe_path(zone_path, str(Path(old_path).parent / new_name))
-        source.rename(dest)
-        return {"ok": True}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
+"""
+File management API.
+
+Single Responsibility: only handles file CRUD operations within zones.
+Separated from zone management (zones.py) — each has its own reason to change.
+"""
+
+import os
+import shutil
+import tempfile
+import zipfile
+from datetime import datetime
+from pathlib import Path
+
+from fastapi import APIRouter, Depends, Form, File, UploadFile, Query, HTTPException
+from fastapi.responses import FileResponse
+
+from auth import AuthUser, get_current_user
+from storage import get_zone_path, safe_path, check_zone_owner
+
+router = APIRouter(prefix="/api/zones/{zone_name}/files", tags=["files"])
+
+
+def _check_access(zone_name: str, user: AuthUser):
+    """Validate zone access for the current user."""
+    check_zone_owner(zone_name, user.sub, user.role)
+
+
+@router.get("")
+def list_files(zone_name: str, path: str = Query(""), user: AuthUser = Depends(get_current_user)):
+    try:
+        _check_access(zone_name, user)
+        zone_path = get_zone_path(zone_name)
+        target = safe_path(zone_path, path)
+        if not target.is_dir():
+            raise ValueError("Không phải thư mục")
+        items = sorted(target.iterdir(), key=lambda item: (not item.is_dir(), item.name.lower()))
+        return [
+            {
+                "name": item.name,
+                "is_dir": item.is_dir(),
+                "size": item.stat().st_size if item.is_file() else 0,
+                "modified": datetime.fromtimestamp(item.stat().st_mtime).isoformat(),
+            }
+            for item in items
+        ]
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.get("/read")
+def read_file(zone_name: str, path: str = Query(...), user: AuthUser = Depends(get_current_user)):
+    try:
+        _check_access(zone_name, user)
+        zone_path = get_zone_path(zone_name)
+        target = safe_path(zone_path, path)
+        if not target.is_file():
+            raise ValueError("File không tồn tại")
+        return {"content": target.read_text(encoding="utf-8", errors="replace"), "path": path}
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.get("/download")
+def download_file(zone_name: str, path: str = Query(...), user: AuthUser = Depends(get_current_user)):
+    try:
+        _check_access(zone_name, user)
+        zone_path = get_zone_path(zone_name)
+        target = safe_path(zone_path, path)
+        if target.is_file():
+            return FileResponse(target, filename=target.name)
+        if not target.is_dir():
+            raise HTTPException(404, "File không tồn tại")
+
+        fd, temp_name = tempfile.mkstemp(prefix=f"{target.name}-", suffix=".zip")
+        os.close(fd)
+        archive_path = Path(temp_name)
+        with zipfile.ZipFile(archive_path, "w", zipfile.ZIP_DEFLATED) as zf:
+            for child in target.rglob("*"):
+                if child.is_file():
+                    zf.write(child, arcname=child.relative_to(target.parent))
+        return FileResponse(archive_path, filename=f"{target.name}.zip", background=None)
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.post("/write")
+def write_file(zone_name: str, path: str = Form(...), content: str = Form(...), user: AuthUser = Depends(get_current_user)):
+    try:
+        _check_access(zone_name, user)
+        zone_path = get_zone_path(zone_name)
+        target = safe_path(zone_path, path)
+        target.parent.mkdir(parents=True, exist_ok=True)
+        target.write_text(content, encoding="utf-8")
+        return {"ok": True}
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.post("/mkdir")
+def create_folder(zone_name: str, path: str = Form(...), user: AuthUser = Depends(get_current_user)):
+    try:
+        _check_access(zone_name, user)
+        zone_path = get_zone_path(zone_name)
+        target = safe_path(zone_path, path)
+        target.mkdir(parents=True, exist_ok=True)
+        return {"ok": True}
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.post("/upload")
+async def upload_file(zone_name: str, path: str = Form(""), file: UploadFile = File(...), user: AuthUser = Depends(get_current_user)):
+    try:
+        _check_access(zone_name, user)
+        zone_path = get_zone_path(zone_name)
+        dest = safe_path(zone_path, os.path.join(path, file.filename))
+        dest.parent.mkdir(parents=True, exist_ok=True)
+        content = await file.read()
+        dest.write_bytes(content)
+        return {"ok": True, "path": str(dest.relative_to(zone_path))}
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.delete("")
+def delete_file(zone_name: str, path: str = Query(...), user: AuthUser = Depends(get_current_user)):
+    try:
+        _check_access(zone_name, user)
+        zone_path = get_zone_path(zone_name)
+        target = safe_path(zone_path, path)
+        if target == zone_path.resolve():
+            raise ValueError("Không thể xoá thư mục gốc zone")
+        if target.is_dir():
+            shutil.rmtree(target)
+        elif target.is_file():
+            target.unlink()
+        else:
+            raise ValueError("File/thư mục không tồn tại")
+        return {"ok": True}
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.post("/rename")
+def rename_file(zone_name: str, old_path: str = Form(...), new_name: str = Form(...), user: AuthUser = Depends(get_current_user)):
+    try:
+        _check_access(zone_name, user)
+        zone_path = get_zone_path(zone_name)
+        source = safe_path(zone_path, old_path)
+        if not source.exists():
+            raise ValueError("File/thư mục nguồn không tồn tại")
+        dest = safe_path(zone_path, str(Path(old_path).parent / new_name))
+        source.rename(dest)
+        return {"ok": True}
+    except ValueError as e:
+        raise HTTPException(400, str(e))

routers/ports.py

@@ -1,74 +1,85 @@
-"""
-Port management API.
-
-Single Responsibility: only handles port CRUD for zones.
-Reverse proxy logic is in proxy.py — separate reason to change.
-"""
-
-from fastapi import APIRouter, Depends, Form, HTTPException
-
-from auth import AuthUser, get_current_user
-from config import MIN_PORT, MAX_PORT
-from storage import load_meta, save_meta, check_zone_owner
-
-router = APIRouter(prefix="/api/zones/{zone_name}/ports", tags=["ports"])
-
-
-def _validate_port(port: int):
-    if not (MIN_PORT <= port <= MAX_PORT):
-        raise ValueError(f"Port must be between {MIN_PORT} and {MAX_PORT}")
-
-
-def _validate_zone(meta: dict, zone_name: str):
-    if zone_name not in meta:
-        raise ValueError(f"Zone '{zone_name}' does not exist")
-
-
-@router.get("")
-def list_ports(zone_name: str, user: AuthUser = Depends(get_current_user)):
-    try:
-        check_zone_owner(zone_name, user.sub, user.role)
-        meta = load_meta()
-        _validate_zone(meta, zone_name)
-        return meta[zone_name].get("ports", [])
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.post("")
-def add_port(zone_name: str, port: int = Form(...), label: str = Form(""), user: AuthUser = Depends(get_current_user)):
-    try:
-        _validate_port(port)
-        check_zone_owner(zone_name, user.sub, user.role)
-        meta = load_meta()
-        _validate_zone(meta, zone_name)
-
-        ports = meta[zone_name].setdefault("ports", [])
-        for p in ports:
-            if p["port"] == port:
-                raise ValueError(f"Port {port} already mapped in zone '{zone_name}'")
-
-        entry = {"port": port, "label": label or f"Port {port}"}
-        ports.append(entry)
-        save_meta(meta)
-        return entry
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.delete("/{port}")
-def remove_port(zone_name: str, port: int, user: AuthUser = Depends(get_current_user)):
-    try:
-        check_zone_owner(zone_name, user.sub, user.role)
-        meta = load_meta()
-        _validate_zone(meta, zone_name)
-
-        ports = meta[zone_name].get("ports", [])
-        before = len(ports)
-        meta[zone_name]["ports"] = [p for p in ports if p["port"] != port]
-        if len(meta[zone_name]["ports"]) == before:
-            raise ValueError(f"Port {port} not found in zone '{zone_name}'")
-        save_meta(meta)
-        return {"ok": True}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
+"""
+Port management API.
+
+Single Responsibility: only handles port CRUD for zones.
+Reverse proxy logic is in proxy.py — separate reason to change.
+"""
+
+from fastapi import APIRouter, Depends, Form, HTTPException
+
+from auth import AuthUser, get_current_user
+from config import MAX_PORT, MIN_PORT
+from storage import check_zone_owner, load_meta, save_meta
+
+router = APIRouter(prefix="/api/zones/{zone_name}/ports", tags=["ports"])
+
+
+def _validate_port(port: int):
+    if not (MIN_PORT <= port <= MAX_PORT):
+        raise ValueError(f"Port must be between {MIN_PORT} and {MAX_PORT}")
+
+
+def _validate_zone(meta: dict, zone_name: str):
+    if zone_name not in meta:
+        raise ValueError(f"Zone '{zone_name}' does not exist")
+
+
+def _ensure_global_port_free(meta: dict, zone_name: str, port: int):
+    for name, info in meta.items():
+        if name == zone_name:
+            continue
+        for item in info.get("ports", []):
+            if item.get("port") == port:
+                raise ValueError(f"Port {port} is already used by zone '{name}'")
+
+
+@router.get("")
+def list_ports(zone_name: str, user: AuthUser = Depends(get_current_user)):
+    try:
+        check_zone_owner(zone_name, user.sub, user.role)
+        meta = load_meta()
+        _validate_zone(meta, zone_name)
+        return meta[zone_name].get("ports", [])
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.post("")
+def add_port(zone_name: str, port: int = Form(...), label: str = Form(""), user: AuthUser = Depends(get_current_user)):
+    try:
+        _validate_port(port)
+        check_zone_owner(zone_name, user.sub, user.role)
+        meta = load_meta()
+        _validate_zone(meta, zone_name)
+
+        ports = meta[zone_name].setdefault("ports", [])
+        for item in ports:
+            if item["port"] == port:
+                raise ValueError(f"Port {port} already mapped in zone '{zone_name}'")
+
+        _ensure_global_port_free(meta, zone_name, port)
+        entry = {"port": port, "label": label.strip() or f"Port {port}", "url": f"/port/{zone_name}/{port}/"}
+        ports.append(entry)
+        ports.sort(key=lambda item: item["port"])
+        save_meta(meta)
+        return entry
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.delete("/{port}")
+def remove_port(zone_name: str, port: int, user: AuthUser = Depends(get_current_user)):
+    try:
+        check_zone_owner(zone_name, user.sub, user.role)
+        meta = load_meta()
+        _validate_zone(meta, zone_name)
+
+        ports = meta[zone_name].get("ports", [])
+        before = len(ports)
+        meta[zone_name]["ports"] = [item for item in ports if item["port"] != port]
+        if len(meta[zone_name]["ports"]) == before:
+            raise ValueError(f"Port {port} not found in zone '{zone_name}'")
+        save_meta(meta)
+        return {"ok": True}
+    except ValueError as e:
+        raise HTTPException(400, str(e))

routers/proxy.py

@@ -1,159 +1,168 @@
-"""
-Reverse proxy for virtual ports.
-
-Single Responsibility: only handles HTTP/WebSocket proxying.
-Port CRUD is in ports.py — separate concern.
-"""
-
-import asyncio
-import json
-
-import httpx
-from fastapi import APIRouter, Depends, Request, WebSocket, WebSocketDisconnect
-from fastapi.responses import Response
-
-from auth import AuthUser, get_current_user, get_ws_user
-from config import MIN_PORT, MAX_PORT
-from storage import load_meta, check_zone_owner
-
-router = APIRouter(tags=["proxy"])
-
-# ── Shared HTTP client ────────────────────────
-
-_HOP_HEADERS = frozenset({
-    "connection", "keep-alive", "proxy-authenticate", "proxy-authorization",
-    "te", "trailers", "transfer-encoding", "upgrade",
-})
-
-_client: httpx.AsyncClient | None = None
-
-
-def _get_client() -> httpx.AsyncClient:
-    global _client
-    if _client is None:
-        _client = httpx.AsyncClient(
-            timeout=httpx.Timeout(30.0, connect=5.0),
-            follow_redirects=False,
-            limits=httpx.Limits(max_connections=50),
-        )
-    return _client
-
-
-def _validate_proxy_access(zone_name: str, port: int):
-    """Validate port range and check it's registered for the zone."""
-    if not (MIN_PORT <= port <= MAX_PORT):
-        raise ValueError(f"Port must be between {MIN_PORT} and {MAX_PORT}")
-    meta = load_meta()
-    if zone_name not in meta:
-        raise ValueError(f"Zone '{zone_name}' does not exist")
-    ports = meta[zone_name].get("ports", [])
-    if not any(p["port"] == port for p in ports):
-        raise ValueError("Port not mapped")
-
-
-# ── HTTP Reverse Proxy ────────────────────────
-
-@router.api_route(
-    "/port/{zone_name}/{port}/{subpath:path}",
-    methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"],
-)
-async def proxy_http(request: Request, zone_name: str, port: int, subpath: str = "", user: AuthUser = Depends(get_current_user)):
-    try:
-        _validate_proxy_access(zone_name, port)
-        check_zone_owner(zone_name, user.sub, user.role)
-    except ValueError:
-        return Response(content="Port not mapped", status_code=404)
-
-    target_url = f"http://127.0.0.1:{port}/{subpath}"
-    if request.url.query:
-        target_url += f"?{request.url.query}"
-
-    headers = {}
-    for key, value in request.headers.items():
-        if key.lower() not in _HOP_HEADERS and key.lower() != "host":
-            headers[key] = value
-    headers["host"] = f"127.0.0.1:{port}"
-    headers["x-forwarded-for"] = request.client.host if request.client else "127.0.0.1"
-    headers["x-forwarded-proto"] = request.url.scheme
-    headers["x-forwarded-prefix"] = f"/port/{zone_name}/{port}"
-
-    body = await request.body()
-    client = _get_client()
-
-    try:
-        resp = await client.request(method=request.method, url=target_url, headers=headers, content=body)
-    except httpx.ConnectError:
-        return Response(
-            content=f"Cannot connect to port {port}. Make sure your server is running.",
-            status_code=502,
-            media_type="text/plain",
-        )
-    except httpx.TimeoutException:
-        return Response(content=f"Timeout connecting to port {port}", status_code=504, media_type="text/plain")
-
-    resp_headers = {}
-    for key, value in resp.headers.items():
-        if key.lower() not in _HOP_HEADERS and key.lower() != "content-encoding":
-            resp_headers[key] = value
-
-    return Response(content=resp.content, status_code=resp.status_code, headers=resp_headers)
-
-
-# ── WebSocket Reverse Proxy ──────────────────
-
-@router.websocket("/port/{zone_name}/{port}/ws/{subpath:path}")
-async def proxy_ws(websocket: WebSocket, zone_name: str, port: int, subpath: str = ""):
-    # Authenticate via query parameter
-    user = get_ws_user(websocket)
-    if not user:
-        await websocket.close(code=4001, reason="Chưa đăng nhập")
-        return
-
-    try:
-        _validate_proxy_access(zone_name, port)
-        check_zone_owner(zone_name, user.sub, user.role)
-    except ValueError:
-        await websocket.close(code=4004, reason="Port not mapped")
-        return
-
-    await websocket.accept()
-    target_url = f"ws://127.0.0.1:{port}/ws/{subpath}"
-
-    import websockets as ws_lib
-
-    try:
-        async with ws_lib.connect(target_url) as backend_ws:
-            async def client_to_backend():
-                try:
-                    while True:
-                        msg = await websocket.receive()
-                        if msg.get("type") == "websocket.disconnect":
-                            break
-                        if "text" in msg:
-                            await backend_ws.send(msg["text"])
-                        elif "bytes" in msg:
-                            await backend_ws.send(msg["bytes"])
-                except (WebSocketDisconnect, Exception):
-                    pass
-
-            async def backend_to_client():
-                try:
-                    async for message in backend_ws:
-                        if isinstance(message, str):
-                            await websocket.send_text(message)
-                        else:
-                            await websocket.send_bytes(message)
-                except (WebSocketDisconnect, Exception):
-                    pass
-
-            await asyncio.gather(client_to_backend(), backend_to_client())
-    except Exception:
-        try:
-            await websocket.send_text(json.dumps({"error": f"Cannot connect WebSocket to port {port}"}))
-        except Exception:
-            pass
-    finally:
-        try:
-            await websocket.close()
-        except Exception:
-            pass
+"""
+Reverse proxy for virtual ports.
+
+Single Responsibility: only handles HTTP/WebSocket proxying.
+Port CRUD is in ports.py — separate concern.
+"""
+
+import asyncio
+import json
+
+import httpx
+from fastapi import APIRouter, Depends, Request, WebSocket, WebSocketDisconnect
+from fastapi.responses import Response
+
+from auth import AuthUser, get_current_user, get_ws_user
+from config import MIN_PORT, MAX_PORT
+from storage import load_meta, check_zone_owner
+
+router = APIRouter(tags=["proxy"])
+
+# ── Shared HTTP client ────────────────────────
+
+_HOP_HEADERS = frozenset({
+    "connection", "keep-alive", "proxy-authenticate", "proxy-authorization",
+    "te", "trailers", "transfer-encoding", "upgrade",
+})
+
+_client: httpx.AsyncClient | None = None
+
+
+def _get_client() -> httpx.AsyncClient:
+    global _client
+    if _client is None:
+        _client = httpx.AsyncClient(
+            timeout=httpx.Timeout(30.0, connect=5.0),
+            follow_redirects=False,
+            limits=httpx.Limits(max_connections=50),
+        )
+    return _client
+
+
+
+
+async def close_proxy_client():
+    global _client
+    if _client is not None:
+        await _client.aclose()
+        _client = None
+
+
+def _validate_proxy_access(zone_name: str, port: int):
+    """Validate port range and check it's registered for the zone."""
+    if not (MIN_PORT <= port <= MAX_PORT):
+        raise ValueError(f"Port must be between {MIN_PORT} and {MAX_PORT}")
+    meta = load_meta()
+    if zone_name not in meta:
+        raise ValueError(f"Zone '{zone_name}' does not exist")
+    ports = meta[zone_name].get("ports", [])
+    if not any(p["port"] == port for p in ports):
+        raise ValueError("Port not mapped")
+
+
+# ── HTTP Reverse Proxy ────────────────────────
+
+@router.api_route(
+    "/port/{zone_name}/{port}/{subpath:path}",
+    methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"],
+)
+async def proxy_http(request: Request, zone_name: str, port: int, subpath: str = "", user: AuthUser = Depends(get_current_user)):
+    try:
+        _validate_proxy_access(zone_name, port)
+        check_zone_owner(zone_name, user.sub, user.role)
+    except ValueError:
+        return Response(content="Port not mapped", status_code=404)
+
+    target_url = f"http://127.0.0.1:{port}/{subpath}"
+    if request.url.query:
+        target_url += f"?{request.url.query}"
+
+    headers = {}
+    for key, value in request.headers.items():
+        if key.lower() not in _HOP_HEADERS and key.lower() != "host":
+            headers[key] = value
+    headers["host"] = f"127.0.0.1:{port}"
+    headers["x-forwarded-for"] = request.client.host if request.client else "127.0.0.1"
+    headers["x-forwarded-proto"] = request.url.scheme
+    headers["x-forwarded-prefix"] = f"/port/{zone_name}/{port}"
+
+    body = await request.body()
+    client = _get_client()
+
+    try:
+        resp = await client.request(method=request.method, url=target_url, headers=headers, content=body)
+    except httpx.ConnectError:
+        return Response(
+            content=f"Cannot connect to port {port}. Make sure your server is running.",
+            status_code=502,
+            media_type="text/plain",
+        )
+    except httpx.TimeoutException:
+        return Response(content=f"Timeout connecting to port {port}", status_code=504, media_type="text/plain")
+
+    resp_headers = {}
+    for key, value in resp.headers.items():
+        if key.lower() not in _HOP_HEADERS and key.lower() != "content-encoding":
+            resp_headers[key] = value
+
+    return Response(content=resp.content, status_code=resp.status_code, headers=resp_headers)
+
+
+# ── WebSocket Reverse Proxy ──────────────────
+
+@router.websocket("/port/{zone_name}/{port}/ws/{subpath:path}")
+async def proxy_ws(websocket: WebSocket, zone_name: str, port: int, subpath: str = ""):
+    # Authenticate via query parameter
+    user = get_ws_user(websocket)
+    if not user:
+        await websocket.close(code=4001, reason="Chưa đăng nhập")
+        return
+
+    try:
+        _validate_proxy_access(zone_name, port)
+        check_zone_owner(zone_name, user.sub, user.role)
+    except ValueError:
+        await websocket.close(code=4004, reason="Port not mapped")
+        return
+
+    await websocket.accept()
+    target_url = f"ws://127.0.0.1:{port}/ws/{subpath}"
+
+    import websockets as ws_lib
+
+    try:
+        async with ws_lib.connect(target_url) as backend_ws:
+            async def client_to_backend():
+                try:
+                    while True:
+                        msg = await websocket.receive()
+                        if msg.get("type") == "websocket.disconnect":
+                            break
+                        if "text" in msg:
+                            await backend_ws.send(msg["text"])
+                        elif "bytes" in msg:
+                            await backend_ws.send(msg["bytes"])
+                except (WebSocketDisconnect, Exception):
+                    pass
+
+            async def backend_to_client():
+                try:
+                    async for message in backend_ws:
+                        if isinstance(message, str):
+                            await websocket.send_text(message)
+                        else:
+                            await websocket.send_bytes(message)
+                except (WebSocketDisconnect, Exception):
+                    pass
+
+            await asyncio.gather(client_to_backend(), backend_to_client())
+    except Exception:
+        try:
+            await websocket.send_text(json.dumps({"error": f"Cannot connect WebSocket to port {port}"}))
+        except Exception:
+            pass
+    finally:
+        try:
+            await websocket.close()
+        except Exception:
+            pass

routers/zones.py

@@ -1,102 +1,148 @@
-"""
-Zone CRUD API.
-
-Single Responsibility: only handles zone create/list/delete.
-File management is in files.py, port management in ports.py.
-"""
-
-import shutil
-from datetime import datetime
-
-import httpx
-from fastapi import APIRouter, Depends, Form, HTTPException
-
-from auth import AuthUser, get_current_user
-from config import DATA_DIR, ADMIN_API_URL
-from storage import load_meta, save_meta, validate_zone_name, check_zone_owner
-from routers.terminal import kill_terminal
-
-router = APIRouter(prefix="/api/zones", tags=["zones"])
-
-
-def _get_max_zones() -> int:
-    """Fetch zone limit from Admin Worker config."""
-    if not ADMIN_API_URL:
-        return 0
-    try:
-        resp = httpx.get(f"{ADMIN_API_URL}/config", timeout=5)
-        if resp.status_code == 200:
-            return resp.json().get("max_zones", 0)
-    except Exception:
-        pass
-    return 0
-
-
-@router.get("")
-def list_zones(user: AuthUser = Depends(get_current_user)):
-    meta = load_meta()
-    return [
-        {
-            "name": name,
-            "created": info.get("created", ""),
-            "description": info.get("description", ""),
-            "exists": (DATA_DIR / name).is_dir(),
-        }
-        for name, info in meta.items()
-        if user.role == "admin" or info.get("owner_id") == user.sub
-    ]
-
-
-@router.post("")
-def create_zone(name: str = Form(...), description: str = Form(""), user: AuthUser = Depends(get_current_user)):
-    try:
-        validate_zone_name(name)
-        zone_path = DATA_DIR / name
-        if zone_path.exists():
-            raise ValueError(f"Zone '{name}' đã tồn tại")
-
-        # Check zone limit (per-user for non-admin)
-        max_zones = _get_max_zones()
-        if max_zones > 0:
-            meta = load_meta()
-            user_zones = [n for n, info in meta.items() if info.get("owner_id") == user.sub]
-            if len(user_zones) >= max_zones:
-                raise ValueError(f"Đã đạt giới hạn {max_zones} zones")
-
-        zone_path.mkdir(parents=True)
-        (zone_path / "README.md").write_text(
-            f"# {name}\n\nZone được tạo lúc {datetime.now().isoformat()}\n"
-        )
-
-        meta = load_meta()
-        meta[name] = {
-            "created": datetime.now().isoformat(),
-            "description": description,
-            "owner_id": user.sub,
-            "owner_name": user.username,
-        }
-        save_meta(meta)
-        return {"name": name, "path": str(zone_path)}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
-
-
-@router.delete("/{zone_name}")
-def delete_zone(zone_name: str, user: AuthUser = Depends(get_current_user)):
-    try:
-        validate_zone_name(zone_name)
-        check_zone_owner(zone_name, user.sub, user.role)
-
-        zone_path = DATA_DIR / zone_name
-        if not zone_path.exists():
-            raise ValueError(f"Zone '{zone_name}' không tồn tại")
-
-        kill_terminal(zone_name)
-        shutil.rmtree(zone_path)
-
-        meta = load_meta()
-        meta.pop(zone_name, None)
-        save_meta(meta)
-        return {"ok": True}
-    except ValueError as e:
-        raise HTTPException(400, str(e))
+"""
+Zone CRUD API.
+
+Single Responsibility: only handles zone create/list/delete.
+File management is in files.py, port management in ports.py.
+"""
+
+import shutil
+from datetime import datetime
+
+import httpx
+from fastapi import APIRouter, Depends, Form, HTTPException
+
+from auth import AuthUser, get_current_user
+from config import DATA_DIR, ADMIN_API_URL
+from storage import load_meta, save_meta, validate_zone_name, check_zone_owner
+from routers.terminal import kill_terminal
+
+router = APIRouter(prefix="/api/zones", tags=["zones"])
+
+
+def _get_max_zones() -> int:
+    """Fetch zone limit from Admin Worker config."""
+    if not ADMIN_API_URL:
+        return 0
+    try:
+        resp = httpx.get(f"{ADMIN_API_URL}/config", timeout=5)
+        if resp.status_code == 200:
+            return resp.json().get("max_zones", 0)
+    except Exception:
+        pass
+    return 0
+
+
+@router.get("")
+def list_zones(user: AuthUser = Depends(get_current_user)):
+    meta = load_meta()
+    return [
+        {
+            "name": name,
+            "created": info.get("created", ""),
+            "description": info.get("description", ""),
+            "exists": (DATA_DIR / name).is_dir(),
+        }
+        for name, info in meta.items()
+        if user.role == "admin" or info.get("owner_id") == user.sub
+    ]
+
+
+@router.post("")
+def create_zone(name: str = Form(...), description: str = Form(""), user: AuthUser = Depends(get_current_user)):
+    try:
+        validate_zone_name(name)
+        zone_path = DATA_DIR / name
+        if zone_path.exists():
+            raise ValueError(f"Zone '{name}' đã tồn tại")
+
+        # Check zone limit (per-user for non-admin)
+        max_zones = _get_max_zones()
+        if max_zones > 0:
+            meta = load_meta()
+            user_zones = [n for n, info in meta.items() if info.get("owner_id") == user.sub]
+            if len(user_zones) >= max_zones:
+                raise ValueError(f"Đã đạt giới hạn {max_zones} zones")
+
+        zone_path.mkdir(parents=True)
+        (zone_path / "README.md").write_text(
+            f"# {name}\n\nZone được tạo lúc {datetime.now().isoformat()}\n"
+        )
+
+        meta = load_meta()
+        meta[name] = {
+            "created": datetime.now().isoformat(),
+            "description": description,
+            "owner_id": user.sub,
+            "owner_name": user.username,
+        }
+        save_meta(meta)
+        return {"name": name, "path": str(zone_path)}
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.delete("/{zone_name}")
+def delete_zone(zone_name: str, user: AuthUser = Depends(get_current_user)):
+    try:
+        validate_zone_name(zone_name)
+        check_zone_owner(zone_name, user.sub, user.role)
+
+        zone_path = DATA_DIR / zone_name
+        if not zone_path.exists():
+            raise ValueError(f"Zone '{zone_name}' không tồn tại")
+
+        kill_terminal(zone_name)
+        shutil.rmtree(zone_path)
+
+        meta = load_meta()
+        meta.pop(zone_name, None)
+        save_meta(meta)
+        return {"ok": True}
+    except ValueError as e:
+        raise HTTPException(400, str(e))
+
+
+@router.patch("/{zone_name}")
+def update_zone(
+    zone_name: str,
+    new_name: str = Form(""),
+    description: str = Form(""),
+    user: AuthUser = Depends(get_current_user),
+):
+    try:
+        validate_zone_name(zone_name)
+        check_zone_owner(zone_name, user.sub, user.role)
+
+        zone_path = DATA_DIR / zone_name
+        if not zone_path.exists():
+            raise ValueError(f"Zone '{zone_name}' không tồn tại")
+
+        meta = load_meta()
+        info = meta.get(zone_name)
+        if not info:
+            raise ValueError(f"Zone '{zone_name}' không tồn tại")
+
+        next_name = (new_name or zone_name).strip() or zone_name
+        next_description = description.strip()
+
+        if next_name != zone_name:
+            validate_zone_name(next_name)
+            next_path = DATA_DIR / next_name
+            if next_path.exists():
+                raise ValueError(f"Zone '{next_name}' đã tồn tại")
+            zone_path.rename(next_path)
+            zone_path = next_path
+            meta[next_name] = meta.pop(zone_name)
+            zone_name = next_name
+            info = meta[zone_name]
+
+        info["description"] = next_description
+        save_meta(meta)
+        return {
+            "name": zone_name,
+            "description": info.get("description", ""),
+            "created": info.get("created", ""),
+            "exists": zone_path.is_dir(),
+        }
+    except ValueError as e:
+        raise HTTPException(400, str(e))