Stage 2 #1: SFTP destinations CRUD + connection test

Foundation for the move/quarantine pipeline. Lets users register one or more remote SFTP destinations through the API, store credentials at rest under /data/sftp/{id}.{password|key} (mode 600), and verify connectivity + write access via a test endpoint. Endpoints: GET /api/sftp/destinations POST /api/sftp/destinations — create PUT /api/sftp/destinations/{id} — update DELETE /api/sftp/destinations/{id} POST /api/sftp/destinations/{id}/test — connect, stat base_path, mkdir probe POST /api/sftp/keypair — generate ED25519 keypair Host keys pinned per-destination on first connect (TOFU); subsequent mismatches are rejected. paramiko added to requirements. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-26 20:04:42 -04:00
parent 8b0fee0055
commit 7436b23db3
5 changed files with 386 additions and 1 deletions
--- a/app/scanner.py
+++ b/app/scanner.py
@@ -139,6 +139,21 @@ def init_db():
            suggested INTEGER DEFAULT 0
        );

+        CREATE TABLE IF NOT EXISTS sftp_destinations (
+            id                INTEGER PRIMARY KEY AUTOINCREMENT,
+            name              TEXT UNIQUE NOT NULL,
+            host              TEXT NOT NULL,
+            port              INTEGER NOT NULL DEFAULT 22,
+            username          TEXT NOT NULL,
+            auth_method       TEXT NOT NULL,           -- 'password' | 'key'
+            base_path         TEXT NOT NULL,
+            mirror_structure  INTEGER NOT NULL DEFAULT 1,
+            enabled           INTEGER NOT NULL DEFAULT 1,
+            created_at        TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+            last_tested_at    TIMESTAMP,
+            last_test_result  TEXT
+        );
+
        CREATE TABLE IF NOT EXISTS decisions (
            id                 INTEGER PRIMARY KEY AUTOINCREMENT,
            file_id            INTEGER NOT NULL,