feat(config): 添加回调密钥配置

在 `backup.conf` 中为回调功能引入了新的配置项。新增了 `callback_secret` 变量，用于验证回调请求的安全性，为新的通知功能奠定基础。

feat(config): add callback secret configuration

Introduces a new section for callback settings in `backup.conf`. This adds the `callback_secret` variable to secure callback requests, laying the groundwork for the new notification feature.

Author: oldjs

backup.conf

@@ -214,4 +214,10 @@ RUN_BACKUP_VERIFICATION=true
 # - CONTAINER_EXCLUDE_MOUNTS=true/false
 # - CONTAINER_PAUSE_DURING_BACKUP=true/false
 # - CONTAINER_PRE_BACKUP_SCRIPT="/path/to/script.sh"
-# - CONTAINER_POST_BACKUP_SCRIPT="/path/to/script.sh" 
+# - CONTAINER_POST_BACKUP_SCRIPT="/path/to/script.sh" 
+# ============================================================================
+# 回调配置
+# ============================================================================
+
+# 回调密钥（用于验证回调请求的安全性）
+callback_secret="a_very_secure_random_string_12345!@#$%^&*()"

go.mod

@@ -0,0 +1,3 @@
+module dcoker_backup_script
+
+go 1.24.4

go/callback/README.md

@@ -0,0 +1,101 @@
+# 安全回调服务器
+
+## 功能简介
+
+此工具提供了一个带签名验证的安全回调接口，用于触发 Docker 容器和卷的备份操作。
+
+## 配置
+
+在使用此回调服务器之前，您需要在项目根目录下的 `backup.conf` 文件中配置 `callback_secret`。
+
+```bash
+# backup.conf
+callback_secret=your_secret_key_here
+```
+
+## 编译服务器
+
+在 `go/callback/` 目录中运行以下命令来编译服务器：
+
+```bash
+go build -o ../../callback_server .
+```
+
+这将在项目根目录生成一个名为 `callback_server` 的可执行文件。
+
+## 运行服务器
+
+切换到项目根目录并运行生成的可执行文件：
+
+```bash
+./callback_server
+```
+
+服务器将在 `localhost:8080` 启动。
+
+## API 端点
+
+### `POST /backup`
+
+此端点用于触发备份操作。
+
+**Headers:**
+
+- `X-Signature`: 请求签名，用于验证请求来源。签名是使用配置的 `callback_secret` 对请求体进行 HMAC-SHA256 计算得出的。
+
+**Request Body:**
+
+```json
+{
+  "args": ["arg1", "arg2"]
+}
+```
+
+- `args`: 传递给备份脚本的参数数组。
+
+## 编译并使用客户端示例
+
+在 `go/callback/` 目录中运行以下命令来编译客户端示例：
+
+```bash
+go build -o client_example client_example.go
+```
+
+由于 `client_example.go` 文件被构建标签 `//go:build ignore` 标记，所以编译时必须显式指定文件名。
+
+然后可以使用以下命令来调用回调接口：
+
+```bash
+./client_example -a --volumes
+```
+
+## Client Examples
+
+### Python 示例
+
+依赖安装: `pip install requests`，运行命令: `python client_example.py [args...]`
+
+### JavaScript (Node.js) 示例
+
+依赖安装: 无需额外依赖，运行命令: `node client_example.js [args...]`
+
+### TypeScript 示例
+
+依赖安装: `npm install -g typescript ts-node`，运行命令: `ts-node client_example.ts [args...]`
+
+### cURL 示例 (Linux/macOS)
+
+您也可以使用 `curl` 和其他命令行工具直接触发回调。这是一个一键执行的示例，它会自动从 `backup.conf` 读取密钥、生成签名并发起请求：
+
+```shell
+# 注意：请在 go/callback 目录下运行此命令
+SECRET=$(grep 'callback_secret' ../../backup.conf | cut -d '"' -f 2)
+BODY='{"args": ["-a", "--volumes"]}'
+SIGNATURE=$(echo -n "$BODY" | openssl dgst -sha256 -hmac "$SECRET" -binary | base64)
+
+curl -X POST \
+  -H "Content-Type: application/json" \
+  -H "X-Signature: $SIGNATURE" \
+  -d "$BODY" \
+  http://localhost:47731/backup
+```

go/callback/client_example.go

@@ -0,0 +1,127 @@
+//go:build ignore
+
+package main
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+)
+
+const (
+	callbackURL     = "http://localhost:47731/backup"
+	signatureHeader = "X-Signature"
+)
+
+var configFilePath = "../../backup.conf"
+
+// RequestBody represents the JSON structure for the request
+type RequestBody struct {
+	Args []string `json:"args"`
+}
+
+// readConfig reads the configuration file and extracts the callback secret.
+func readConfig() (string, error) {
+	content, err := os.ReadFile(configFilePath)
+	if err != nil {
+		return "", fmt.Errorf("failed to read config file: %w", err)
+	}
+
+	lines := strings.Split(string(content), "\n")
+	for _, line := range lines {
+		// Skip comments and empty lines
+		trimmedLine := strings.TrimSpace(line)
+		if trimmedLine == "" || strings.HasPrefix(trimmedLine, "#") {
+			continue
+		}
+
+		// Check if the line contains the callback_secret
+		if strings.HasPrefix(trimmedLine, "callback_secret") {
+			parts := strings.SplitN(trimmedLine, "=", 2)
+			if len(parts) == 2 {
+				// Remove quotes if present
+				secret := strings.TrimSpace(parts[1])
+				secret = strings.Trim(secret, "\"'")
+				return secret, nil
+			}
+		}
+	}
+	return "", fmt.Errorf("callback_secret not found in config file")
+}
+
+// generateSignature generates an HMAC-SHA256 signature for the given body using the provided secret.
+func generateSignature(body []byte, secret string) string {
+	h := hmac.New(sha256.New, []byte(secret))
+	h.Write(body)
+	signature := h.Sum(nil)
+	return "sha256=" + hex.EncodeToString(signature)
+}
+
+func main() {
+	if len(os.Args) < 2 {
+		fmt.Println("Usage: client_example.go <arg1> [arg2] ...")
+		os.Exit(1)
+	}
+
+	// Read the callback secret from the config file
+	secret, err := readConfig()
+	if err != nil {
+		fmt.Printf("Error reading config: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Get command line arguments (excluding program name)
+	args := os.Args[1:]
+
+	// Create the request body
+	requestBody := RequestBody{
+		Args: args,
+	}
+
+	// Marshal the request body to JSON
+	jsonBody, err := json.Marshal(requestBody)
+	if err != nil {
+		fmt.Printf("Error marshaling JSON: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Generate the signature
+	signature := generateSignature(jsonBody, secret)
+
+	// Create the HTTP request
+	req, err := http.NewRequest("POST", callbackURL, bytes.NewBuffer(jsonBody))
+	if err != nil {
+		fmt.Printf("Error creating request: %v\n", err)
+		os.Exit(1)
+	}
+
+	// Set headers
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set(signatureHeader, signature)
+
+	// Send the request
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Printf("Error sending request: %v\n", err)
+		os.Exit(1)
+	}
+	defer resp.Body.Close()
+
+	// Read and print the response
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		fmt.Printf("Error reading response: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Printf("Response Status: %s\n", resp.Status)
+	fmt.Printf("Response Body: %s\n", string(respBody))
+}

go/callback/client_example.js

@@ -0,0 +1,58 @@
+const fs = require("fs");
+const crypto = require("crypto");
+const http = require("http");
+
+// 从 ../../backup.conf 同步读取 callback_secret
+const configPath = "../../backup.conf";
+const configContent = fs.readFileSync(configPath, "utf8");
+const callbackSecret = configContent.trim();
+
+// 获取命令行参数（排除 node 和脚本路径）
+const args = process.argv.slice(2);
+
+// 构造 JSON 字符串
+const requestBody = JSON.stringify({ args: args });
+
+// 使用 HMAC-SHA256 生成签名
+const signature = crypto
+  .createHmac("sha256", callbackSecret)
+  .update(requestBody)
+  .digest("hex");
+
+// 定义请求选项
+const options = {
+  hostname: "localhost",
+  port: 47731,
+  path: "/backup",
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    "X-Signature": signature,
+    "Content-Length": Buffer.byteLength(requestBody),
+  },
+};
+
+// 发送 HTTP 请求
+const req = http.request(options, (res) => {
+  let data = "";
+
+  // 监听数据接收
+  res.on("data", (chunk) => {
+    data += chunk;
+  });
+
+  // 监听响应结束
+  res.on("end", () => {
+    console.log("Response from server:");
+    console.log(data);
+  });
+});
+
+// 监听请求错误
+req.on("error", (e) => {
+  console.error(`Problem with request: ${e.message}`);
+});
+
+// 发送请求体
+req.write(requestBody);
+req.end();

go/callback/client_example.py

@@ -0,0 +1,66 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import sys
+import json
+import hmac
+import hashlib
+import requests
+import os
+
+
+def load_callback_secret(config_path):
+    """Load callback_secret from the configuration file."""
+    try:
+        with open(config_path, "r") as f:
+            for line in f:
+                if line.startswith("callback_secret="):
+                    # Remove the 'callback_secret=' prefix and any surrounding whitespace or quotes
+                    secret = line[len("callback_secret=") :].strip().strip("\"'")
+                    return secret
+    except FileNotFoundError:
+        print(f"Error: Configuration file '{config_path}' not found.")
+        sys.exit(1)
+    except Exception as e:
+        print(f"Error reading configuration file: {e}")
+        sys.exit(1)
+
+    print("Error: 'callback_secret' not found in configuration file.")
+    sys.exit(1)
+
+
+def main():
+    # Define the path to the configuration file
+    config_path = os.path.join(os.path.dirname(__file__), "..", "..", "backup.conf")
+
+    # Load the callback secret
+    callback_secret = load_callback_secret(config_path)
+
+    # Get command line arguments
+    args = sys.argv[1:]
+
+    # Create the JSON payload
+    payload = {"args": args}
+    json_data = json.dumps(payload, separators=(",", ":"))
+
+    # Generate HMAC-SHA256 signature
+    signature = hmac.new(
+        callback_secret.encode("utf-8"), json_data.encode("utf-8"), hashlib.sha256
+    ).hexdigest()
+
+    # Prepare headers
+    headers = {"Content-Type": "application/json", "X-Signature": signature}
+
+    # Send POST request
+    url = "http://localhost:47731/backup"
+    try:
+        response = requests.post(url, data=json_data, headers=headers)
+        print(f"Status Code: {response.status_code}")
+        print(f"Response Body: {response.text}")
+    except requests.exceptions.RequestException as e:
+        print(f"Error sending request: {e}")
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()