Skip to content

feat: restore database backups #23978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
insertish wants to merge 118 commits into
base: main
Choose a base branch
from
Open

feat: restore database backups #23978

insertish wants to merge 118 commits into from
+4,768 −370

Conversation

@insertish
Copy link
Contributor

@insertish insertish commented Nov 18, 2025
edited
Loading

  • Maintenance mode is now its own settings page with a section for restoring database backups.
  • Users can now manage their backups, incl. ability to restore and delete from the settings interface.
  • Users can now restore a database backup from onboarding / initial instance setup.
  • Basic integrity/heuristic checks for the library folders (displayed during onboarding "restore from backup").
  • Users can upload .sql or .sql.gz database dumps to restore.
  • Backup creation job now uses pg_dump instead of pg_dumpall.

How Has This Been Tested?

  • Updated maintenance e2e tests for API & web.
  • Update maintenance (& worker) service tests to cover new functionality.
  • Added new process repository tests to ensure duplex stream functions correctly.
  • Updated existing CLI & backup service tests where necessary to account for changes.

Demo

restore-demo.mp4

Screenshots

 Screenshot 2025-11-25 at 11-16-33 Maintenance - Immich
Screenshot 2025-11-25 at 11-16-40 Maintenance - Immich Screenshot 2025-11-25 at 11-16-47 Maintenance - Immich

... non-exhaustive

API Changes

  • GET /admin/maintenance/status returns the current action, task, progress, error (also sent over WS as MaintenanceStatusV1)
  • GET /admin/maintenance/integrity generates an integrity check and heuristics report
  • GET /admin/maintenance/backups/list provides a list of valid backup files present
  • GET /admin/maintenance/backups/:filename allows a user to download a backup file
  • DELETE /admin/maintenance/backups/:filename deletes the backup file
  • POST /admin/maintenance/backups/restore starts the database restore flow (onboarding only)
  • POST /admin/maintenance/backups/upload allows user to upload a backup file

Checklist:

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation if applicable
  • I have no unrelated changes in the PR.
  • I have confirmed that any new dependencies are strictly necessary.
  • I have written tests for new code (if applicable)
  • I have followed naming conventions/patterns in the surrounding code
  • All code in src/services/ uses repositories implementations for database calls, filesystem operations, etc.
  • All code in src/repositories/ is pretty basic/simple and does not have any immich specific logic (that belongs in src/services/)

Please describe to which degree, if any, an LLM was used in creating this pull request.

Implementation of Duplex stream code is derived from documentation / example code generated by Claude.
It has since been refined and thoroughly tested.

Further Work (out of scope)

  • The translation keys shared_link_edit_expire_after_option_[...] and shared_link_expires_[...] are too specific to their actual contents.
  • Ellipsis usage in source translations is inconsistent, mix of ... and

@insertish
chore: open api
b01b63b 
fix: missing action in cli.service.ts
@insertish
chore: add missing repositories to MaintenanceModule
edc1333
@insertish
refactor: move logSecret into module init
73ae766
@insertish
feat: initialise StorageCore in maintenance mode
d040de2
@insertish
feat: authenticate websocket requests in maintenance mode
c090a1a
@insertish
test: add mock for new storage fns
56c93a7
@insertish
feat: add MaintenanceEphemeralStateRepository
7c2e8b1 
refactor: cache the secret in memory
@insertish
test: update service worker tests
af741a4
@insertish
feat: add external maintenance mode status
442fe6e
@insertish
feat: synchronised status, restore db action
26587dd
@insertish
test: backup restore service tests
31410c3
@insertish
refactor: DRY end maintenance
dd1cf12
@insertish
feat: list and delete backup routes
53a74a7
@insertish
feat: start action on boot
31f4665
@insertish
fix: should set status on restore end
f778a42
@insertish
refactor: add maintenanceStore to hold writables
f69c49a
@insertish
feat: sync status to web app
56a4159
@insertish
feat: web impl.
2e15012
@insertish
test: various utils for testings
b887d4f
@insertish
test: web e2e tests
9d4ad11
@alextran1502 alextran1502 requested a review from jrasm91 December 1, 2025 15:20
jrasm91
jrasm91 reviewed Dec 2, 2025
View reviewed changes
server/src/controllers/maintenance.controller.ts Outdated
description: 'Put Immich into maintenance mode to restore a backup (Immich must not be configured)',
history: new HistoryBuilder().added('v9.9.9').alpha('v9.9.9'),
})
async startRestoreFlow(
Copy link
Member

@jrasm91 jrasm91 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have an endpoint for entering maintenance mode and I find it a bit weird that we now have another place where that happens. Can we just pass the file to the startMaintenance endpoint instead? Or, can you wait in the client for maintenance to start and then request a database restore after that?

Copy link
Contributor Author

@insertish insertish Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Motivation here is to have a separate route without the authentication/permission checks in favour of checking if the first admin has been created (much like the logic for the first account registration: https://github.com/immich-app/immich/blob/main/server/src/services/auth.service.ts#L167)

server/src/maintenance/maintenance-worker.controller.ts Outdated
Comment on lines 64 to 87

@Get('admin/maintenance/backups/list')
@MaintenanceRoute()
listBackups(): Promise<MaintenanceListBackupsResponseDto> {
return this.service.listBackups();
}

@Get('admin/maintenance/backups/:filename')
@MaintenanceRoute()
downloadBackup(@Param() { filename }: FilenameParamDto, @Res() res: Response) {
res.header('Content-Disposition', 'attachment');
res.sendFile(this.service.getBackupPath(filename));
}

@Delete('admin/maintenance/backups/:filename')
@MaintenanceRoute()
async deleteBackup(@Param() { filename }: FilenameParamDto): Promise<void> {
return this.service.deleteBackup(filename);
}

@Post('admin/maintenance/backups/upload')
@MaintenanceRoute()
@UseInterceptors(FileInterceptor('file'))
uploadBackup(
Copy link
Member

@jrasm91 jrasm91 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's just make a separate controller that works in both situations.

Copy link
Contributor Author

@insertish insertish Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I separated backups into their own service which, since it's being used in the usual API worker, just inherits from BaseService so cannot be used in maintenance worker. It could not inherit from BaseService but that causes other issues like needing to fundamentally change some bits about tests & how these services are mocked. (and in general I think that would cause some headaches)

We've previously set convention to just reimplement routes we need in the maintenance worker controller:

immich/server/src/maintenance/maintenance-worker.controller.ts

Lines 42 to 45 in f9d2a97

@Get('server/config')
getServerConfig(): ServerConfigDto {
return this.service.getSystemConfig();
}

Which I think is fine to do here again? i.e.

immich/server/src/maintenance/maintenance-worker.controller.ts

Lines 78 to 82 in f9d2a97

@Get('admin/database-backups')
@MaintenanceRoute()
listBackups(): Promise<MaintenanceListBackupsResponseDto> {
return this.service.listBackups();
}

server/src/maintenance/maintenance-worker.service.ts
}
case MaintenanceAction.RestoreDatabase: {
if (!action.restoreBackupFilename) {
return;
Copy link
Member

@jrasm91 jrasm91 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be an error and you should validate it in the dto imo.

Copy link
Contributor Author

@insertish insertish Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is intentional behaviour to either show the restore flow or start a restore depending on if the filename is provided.

@insertish
refactor: move maintenance worker init into service
b5ff460
@insertish
refactor: maintenanceStatus -> getMaintenanceStatus
94af1bb 
refactor: `integrityCheck` -> `detectPriorInstall`
chore: add `v2.4.0` version
refactor: `/backups/list` -> `/backups`
refactor: use sendFile in download route
refactor: use separate backups permissions
chore: correct descriptions
refactor: permit handler that doesn't return promise for sendfile
@insertish
refactor: move status impl into service
a79b4bd 
refactor: add active flag to maintenance status
@insertish
refactor: split into database backup controller
9b95550
@insertish
test: split api e2e tests and passing
e0428b5
@insertish
fix: move end button into authed default maint page
0945e18
@insertish
fix: also show in restore flow
274775d
@insertish
fix: import getMaintenanceStatus
ef944c2
@insertish
test: split web e2e tests
f9d2a97
@insertish
refactor: ensure detect install is consistently named
305bf60
@insertish
chore: ensure admin for detect install while out of maint.
20d1e61
@insertish
refactor: remove state repository
17dfced
@insertish
test: update maint. worker service spec
4659ceb
@insertish
test: split backup service spec
fe8eb85
@insertish
refactor: rename db backup routes
a63b418
@insertish
refactor: instead of param, allow bulk backup deletion
207a8bc
@insertish
test: update sdk use in e2e test
4296211
@insertish
test: correct deleteBackup call
3019091
@insertish
fix: correct type for serverinstall response dto
cf3686a
@insertish
chore: validate filename for deletion
02265ba
@insertish
test: wip
6b9cc85
@insertish
test: backups no longer take path param
adc2d5d
@insertish
refactor: scope util to database-backups instead of backups
4e2187a
@insertish
fix: update worker controller with new route
0d05c0d
@insertish
merge: remote-tracking branch 'immich/main' into feat/database-restores
e958516
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrasm91 jrasm91 jrasm91 left review comments

@shenlong-tanwen shenlong-tanwen Awaiting requested review from shenlong-tanwen shenlong-tanwen is a code owner

@danieldietzler danieldietzler Awaiting requested review from danieldietzler danieldietzler is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

changelog:feature 🗄️server 🖥️web

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@insertish @jrasm91