sync_data.sh

#!/bin/bash

# 检查环境变量
if [[ -z "$HF_TOKEN" ]] || [[ -z "$DATASET_ID" ]]; then
    echo "Starting without backup functionality - missing HF_TOKEN or DATASET_ID"
    exec apache2-foreground
    exit 0
fi

# 设置解密密钥 (非常长的随机字符串以增强安全性)
ENCRYPTION_KEY=${ENCRYPTION_KEY:-"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7B8C9D0E1F2G3H4I5J6K7L8M9N0O1P2Q3R4S5T6U7V8W9X0Y1Z2"}

# 激活虚拟环境
source /opt/venv/bin/activate

# 上传备份
upload_backup() {
    file_path="$1"
    file_name="$2"
    token="$HF_TOKEN"
    repo_id="$DATASET_ID"
    encryption_key="$ENCRYPTION_KEY"

    python3 -c "
from huggingface_hub import HfApi
import sys
import os
import base64
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
import io
def generate_key(password, salt=b'lsky_pro_salt'):
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        iterations=100000,
    )
    key = base64.urlsafe_b64encode(kdf.derive(password.encode()))
    return key
def encrypt_file(file_path, key):
    f = Fernet(key)
    with open(file_path, 'rb') as file:
        file_data = file.read()
    encrypted_data = f.encrypt(file_data)
    encrypted_file_path = file_path + '.enc'
    with open(encrypted_file_path, 'wb') as file:
        file.write(encrypted_data)
    return encrypted_file_path
def manage_backups(api, repo_id, max_files=10):
    files = api.list_repo_files(repo_id=repo_id, repo_type='dataset')
    backup_files = [f for f in files if f.startswith('lsky_backup_') and f.endswith('.tar.gz.enc')]
    backup_files.sort()
    
    if len(backup_files) >= max_files:
        files_to_delete = backup_files[:(len(backup_files) - max_files + 1)]
        for file_to_delete in files_to_delete:
            try:
                api.delete_file(path_in_repo=file_to_delete, repo_id=repo_id, repo_type='dataset')
                print(f'Deleted old backup: {file_to_delete}')
            except Exception as e:
                print(f'Error deleting {file_to_delete}: {str(e)}')
api = HfApi(token='$token')
try:
    # 生成加密密钥
    key = generate_key('$encryption_key')
    
    # 加密文件
    encrypted_file_path = encrypt_file('$file_path', key)
    
    # 上传加密文件
    api.upload_file(
        path_or_fileobj=encrypted_file_path,
        path_in_repo='$file_name.enc',
        repo_id='$repo_id',
        repo_type='dataset'
    )
    print(f'Successfully uploaded encrypted $file_name')
    
    # 删除临时加密文件
    os.remove(encrypted_file_path)
    
    # 管理备份文件数量
    manage_backups(api, '$repo_id')
except Exception as e:
    print(f'Error uploading file: {str(e)}')
"
}

# 下载最新备份
download_latest_backup() {
    token="$HF_TOKEN"
    repo_id="$DATASET_ID"
    encryption_key="$ENCRYPTION_KEY"

    python3 -c "
from huggingface_hub import HfApi
import sys
import os
import tarfile
import tempfile
import base64
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
def generate_key(password, salt=b'lsky_pro_salt'):
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        iterations=100000,
    )
    key = base64.urlsafe_b64encode(kdf.derive(password.encode()))
    return key
def decrypt_file(encrypted_file_path, key):
    f = Fernet(key)
    with open(encrypted_file_path, 'rb') as file:
        encrypted_data = file.read()
    decrypted_data = f.decrypt(encrypted_data)
    decrypted_file_path = encrypted_file_path[:-4]  # 移除 .enc 后缀
    with open(decrypted_file_path, 'wb') as file:
        file.write(decrypted_data)
    return decrypted_file_path
api = HfApi(token='$token')
try:
    files = api.list_repo_files(repo_id='$repo_id', repo_type='dataset')
    backup_files = [f for f in files if f.startswith('lsky_backup_') and f.endswith('.tar.gz.enc')]
    
    if not backup_files:
        print('No backup files found')
        sys.exit()
        
    latest_backup = sorted(backup_files)[-1]
    
    with tempfile.TemporaryDirectory() as temp_dir:
        # 下载加密的备份文件
        encrypted_filepath = api.hf_hub_download(
            repo_id='$repo_id',
            filename=latest_backup,
            repo_type='dataset',
            local_dir=temp_dir
        )
        
        if encrypted_filepath and os.path.exists(encrypted_filepath):
            # 生成解密密钥
            key = generate_key('$encryption_key')
            
            # 解密文件
            decrypted_filepath = decrypt_file(encrypted_filepath, key)
            
            # 解压缩到目标目录
            with tarfile.open(decrypted_filepath, 'r:gz') as tar:
                tar.extractall('/var/www/html')
            
            print(f'Successfully restored backup from {latest_backup}')
            
            # 清理临时文件
            os.remove(decrypted_filepath)
        
except Exception as e:
    print(f'Error downloading backup: {str(e)}')
"
}

# 首次启动时下载最新备份
echo "Checking for latest backup from HuggingFace..."
download_latest_backup

# 同步函数
sync_data() {
    while true; do
        echo "Starting sync process at $(date)"
        
        if [ -d /var/www/html ]; then
            timestamp=$(date +%Y%m%d_%H%M%S)
            backup_file="lsky_backup_${timestamp}.tar.gz"
            
            # 压缩数据目录
            tar -czf "/tmp/${backup_file}" -C /var/www/html .
            
            echo "Uploading backup to HuggingFace..."
            upload_backup "/tmp/${backup_file}" "${backup_file}"
            
            rm -f "/tmp/${backup_file}"
        else
            echo "Application directory does not exist yet, waiting for next sync..."
        fi
        
        SYNC_INTERVAL=${SYNC_INTERVAL:-7200}
        echo "Next sync in ${SYNC_INTERVAL} seconds..."
        sleep $SYNC_INTERVAL
    done
}

# 后台启动同步进程
sync_data &

# 启动 Apache
exec apache2-foreground