Full DB management from admin UI: bidirectional migration, fallback, switch & restart

- db.json persists backend choice independently of the DB
- OpenSmart(): try Postgres → fall back to BoltDB with warning if it fails
- Reverse migration: Postgres → BoltDB (MigrateFromPostgres)
- POST /api/admin/database/switch: save backend choice + auto-restart
- Admin UI Database page: migrate both directions, switch backend with one click
- ENV_POSTGRES_URL auto-saved to db.json for UI awareness
- Default base path: /sauth

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 2 people

VERSION

@@ -1 +1 @@
-0.5.0
+0.5.1

internal/handler/admin_migration.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"
 	"sync"
+	"time"
 
 	"simpleauth/internal/store"
 )
@@ -23,9 +24,14 @@ func (h *Handler) initMigrationState() {
 // handleDatabaseInfo returns info about the current database backend.
 // GET /api/admin/database/info
 func (h *Handler) handleDatabaseInfo(w http.ResponseWriter, r *http.Request) {
+	dbCfg, _ := store.LoadDBConfig(h.cfg.DataDir)
 	info := map[string]interface{}{
 		"backend": h.storeBackend(),
 	}
+	if dbCfg != nil && dbCfg.PostgresURL != "" {
+		// Mask password in URL for display
+		info["postgres_configured"] = true
+	}
 	jsonResp(w, info, http.StatusOK)
 }
 
@@ -62,21 +68,19 @@ func (h *Handler) handleMigrateTest(w http.ResponseWriter, r *http.Request) {
 	jsonResp(w, map[string]interface{}{"ok": true}, http.StatusOK)
 }
 
-// handleMigrateStart starts a BoltDB → Postgres migration.
+// handleMigrateStart starts a migration (BoltDB→Postgres or Postgres→BoltDB).
 // POST /api/admin/database/migrate
 func (h *Handler) handleMigrateStart(w http.ResponseWriter, r *http.Request) {
 	var req struct {
-		PostgresURL string `json:"postgres_url"`
+		PostgresURL string `json:"postgres_url"` // required for bolt→pg
+		Direction   string `json:"direction"`     // "to_postgres" (default) or "to_boltdb"
 	}
-	if err := readJSON(r, &req); err != nil || req.PostgresURL == "" {
-		jsonError(w, "postgres_url is required", http.StatusBadRequest)
+	if err := readJSON(r, &req); err != nil {
+		jsonError(w, "invalid request body", http.StatusBadRequest)
 		return
 	}
-
-	boltStore, ok := h.store.(*store.BoltStore)
-	if !ok {
-		jsonError(w, "migration only supported from BoltDB backend", http.StatusBadRequest)
-		return
+	if req.Direction == "" {
+		req.Direction = "to_postgres"
 	}
 
 	h.migration.mu.RLock()
@@ -87,25 +91,15 @@ func (h *Handler) handleMigrateStart(w http.ResponseWriter, r *http.Request) {
 	}
 	h.migration.mu.RUnlock()
 
-	// Open target Postgres
-	target, err := store.OpenPostgres(req.PostgresURL)
-	if err != nil {
-		jsonError(w, "failed to connect to postgres: "+err.Error(), http.StatusBadRequest)
-		return
-	}
-
 	// Reset status
 	h.migration.mu.Lock()
 	h.migration.status = store.MigrationStatus{State: "running", Progress: map[string]string{}}
 	h.migration.mu.Unlock()
 
 	statusCh := make(chan store.MigrationStatus, 100)
 
-	// Background migration
-	go func() {
-		defer target.Close()
-
-		// Consume status updates
+	// Consume status updates in background
+	consumeStatus := func() chan struct{} {
 		done := make(chan struct{})
 		go func() {
 			for s := range statusCh {
@@ -115,22 +109,80 @@ func (h *Handler) handleMigrateStart(w http.ResponseWriter, r *http.Request) {
 			}
 			close(done)
 		}()
+		return done
+	}
 
-		err := store.MigrateToPostgres(boltStore, target, statusCh)
-		close(statusCh)
-		<-done
+	switch req.Direction {
+	case "to_postgres":
+		if req.PostgresURL == "" {
+			jsonError(w, "postgres_url is required", http.StatusBadRequest)
+			return
+		}
+		boltStore, ok := h.store.(*store.BoltStore)
+		if !ok {
+			jsonError(w, "current backend is not BoltDB", http.StatusBadRequest)
+			return
+		}
+		target, err := store.OpenPostgres(req.PostgresURL)
+		if err != nil {
+			jsonError(w, "failed to connect to postgres: "+err.Error(), http.StatusBadRequest)
+			return
+		}
 
+		go func() {
+			done := consumeStatus()
+			err := store.MigrateToPostgres(boltStore, target, statusCh)
+			close(statusCh)
+			<-done
+			target.Close()
+
+			if err != nil {
+				h.migration.mu.Lock()
+				h.migration.status.State = "failed"
+				h.migration.status.Error = err.Error()
+				h.migration.mu.Unlock()
+			}
+		}()
+
+		h.audit("migration_started", "admin", getClientIP(r), map[string]interface{}{
+			"direction": "to_postgres",
+		})
+
+	case "to_boltdb":
+		pgStore, ok := h.store.(*store.PostgresStore)
+		if !ok {
+			jsonError(w, "current backend is not PostgreSQL", http.StatusBadRequest)
+			return
+		}
+		target, err := store.OpenBolt(h.cfg.DataDir)
 		if err != nil {
-			h.migration.mu.Lock()
-			h.migration.status.State = "failed"
-			h.migration.status.Error = err.Error()
-			h.migration.mu.Unlock()
+			jsonError(w, "failed to open BoltDB: "+err.Error(), http.StatusInternalServerError)
+			return
 		}
-	}()
 
-	h.audit("migration_started", "admin", getClientIP(r), map[string]interface{}{
-		"target": "postgres",
-	})
+		go func() {
+			done := consumeStatus()
+			err := store.MigrateFromPostgres(pgStore, target, statusCh)
+			close(statusCh)
+			<-done
+			target.Close()
+
+			if err != nil {
+				h.migration.mu.Lock()
+				h.migration.status.State = "failed"
+				h.migration.status.Error = err.Error()
+				h.migration.mu.Unlock()
+			}
+		}()
+
+		h.audit("migration_started", "admin", getClientIP(r), map[string]interface{}{
+			"direction": "to_boltdb",
+		})
+
+	default:
+		jsonError(w, "direction must be 'to_postgres' or 'to_boltdb'", http.StatusBadRequest)
+		return
+	}
 
 	jsonResp(w, map[string]string{"status": "started"}, http.StatusAccepted)
 }
@@ -146,3 +198,57 @@ func (h *Handler) handleMigrateStatus(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	w.Write(data)
 }
+
+// handleSwitchBackend saves the backend choice to db.json and triggers restart.
+// POST /api/admin/database/switch
+func (h *Handler) handleSwitchBackend(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Backend     string `json:"backend"`      // "boltdb" or "postgres"
+		PostgresURL string `json:"postgres_url"`  // required when backend=postgres
+	}
+	if err := readJSON(r, &req); err != nil {
+		jsonError(w, "invalid request body", http.StatusBadRequest)
+		return
+	}
+
+	switch req.Backend {
+	case "boltdb":
+		if err := store.SaveDBConfig(h.cfg.DataDir, &store.DBConfig{Backend: "boltdb"}); err != nil {
+			jsonError(w, "failed to save config: "+err.Error(), http.StatusInternalServerError)
+			return
+		}
+	case "postgres":
+		if req.PostgresURL == "" {
+			jsonError(w, "postgres_url is required", http.StatusBadRequest)
+			return
+		}
+		if err := store.TestPostgresConnection(req.PostgresURL); err != nil {
+			jsonError(w, "postgres connection failed: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		if err := store.SaveDBConfig(h.cfg.DataDir, &store.DBConfig{Backend: "postgres", PostgresURL: req.PostgresURL}); err != nil {
+			jsonError(w, "failed to save config: "+err.Error(), http.StatusInternalServerError)
+			return
+		}
+	default:
+		jsonError(w, "backend must be 'boltdb' or 'postgres'", http.StatusBadRequest)
+		return
+	}
+
+	h.audit("backend_switched", "admin", getClientIP(r), map[string]interface{}{
+		"backend": req.Backend,
+	})
+
+	jsonResp(w, map[string]string{"status": "saved", "backend": req.Backend}, http.StatusOK)
+
+	// Trigger restart if channel available
+	if h.restartCh != nil {
+		go func() {
+			time.Sleep(200 * time.Millisecond)
+			select {
+			case h.restartCh <- struct{}{}:
+			default:
+			}
+		}()
+	}
+}

internal/handler/handler.go

@@ -223,6 +223,7 @@ func (h *Handler) registerRoutes(uiFS fs.FS) {
 	h.mux.HandleFunc("POST /api/admin/database/test", h.requireMasterAdmin(h.handleMigrateTest))
 	h.mux.HandleFunc("POST /api/admin/database/migrate", h.requireMasterAdmin(h.handleMigrateStart))
 	h.mux.HandleFunc("GET /api/admin/database/migrate/status", h.requireMasterAdmin(h.handleMigrateStatus))
+	h.mux.HandleFunc("POST /api/admin/database/switch", h.requireMasterAdmin(h.handleSwitchBackend))
 
 	// Admin: Backup/Restore
 	h.mux.HandleFunc("GET /api/admin/backup", h.requireMasterAdmin(h.handleBackup))

internal/store/dbconfig.go

@@ -0,0 +1,92 @@
+package store
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"os"
+	"path/filepath"
+)
+
+// DBConfig persists the active backend choice in a local JSON file.
+// This lives outside the DB so it can be read before opening any store.
+type DBConfig struct {
+	Backend     string `json:"backend"`      // "boltdb" or "postgres"
+	PostgresURL string `json:"postgres_url"`  // connection string (only when backend=postgres)
+}
+
+// DBConfigPath returns the path to db.json in the data directory.
+func DBConfigPath(dataDir string) string {
+	return filepath.Join(dataDir, "db.json")
+}
+
+// LoadDBConfig reads the backend config from db.json.
+// Returns nil if the file doesn't exist (first run).
+func LoadDBConfig(dataDir string) (*DBConfig, error) {
+	path := DBConfigPath(dataDir)
+	data, err := os.ReadFile(path)
+	if os.IsNotExist(err) {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, fmt.Errorf("read db config: %w", err)
+	}
+	var cfg DBConfig
+	if err := json.Unmarshal(data, &cfg); err != nil {
+		return nil, fmt.Errorf("parse db config: %w", err)
+	}
+	return &cfg, nil
+}
+
+// SaveDBConfig writes the backend config to db.json.
+func SaveDBConfig(dataDir string, cfg *DBConfig) error {
+	if err := os.MkdirAll(dataDir, 0700); err != nil {
+		return err
+	}
+	data, err := json.MarshalIndent(cfg, "", "  ")
+	if err != nil {
+		return err
+	}
+	return os.WriteFile(DBConfigPath(dataDir), data, 0600)
+}
+
+// OpenSmart opens the appropriate store based on:
+// 1. db.json in dataDir (if exists — UI-managed backend choice)
+// 2. postgresURL from env/config (backward compat)
+// 3. Falls back to BoltDB
+//
+// If Postgres is configured but fails, it falls back to BoltDB with a warning.
+func OpenSmart(dataDir, envPostgresURL string) (Store, error) {
+	if err := os.MkdirAll(dataDir, 0700); err != nil {
+		return nil, fmt.Errorf("create data dir: %w", err)
+	}
+
+	// Check db.json first (UI-managed)
+	dbCfg, _ := LoadDBConfig(dataDir)
+	if dbCfg != nil && dbCfg.Backend == "postgres" && dbCfg.PostgresURL != "" {
+		s, err := OpenPostgres(dbCfg.PostgresURL)
+		if err != nil {
+			log.Printf("[store] WARNING: Postgres failed (%v) — falling back to BoltDB", err)
+			return OpenBolt(dataDir)
+		}
+		log.Printf("[store] Using PostgreSQL backend")
+		return s, nil
+	}
+
+	// Check env/config postgres URL (backward compat)
+	if envPostgresURL != "" {
+		s, err := OpenPostgres(envPostgresURL)
+		if err != nil {
+			log.Printf("[store] WARNING: Postgres failed (%v) — falling back to BoltDB", err)
+			return OpenBolt(dataDir)
+		}
+		// Save to db.json so UI knows the backend
+		SaveDBConfig(dataDir, &DBConfig{Backend: "postgres", PostgresURL: envPostgresURL})
+		log.Printf("[store] Using PostgreSQL backend (from env)")
+		return s, nil
+	}
+
+	// Default: BoltDB
+	log.Printf("[store] Using BoltDB backend")
+	return OpenBolt(dataDir)
+}