Refactor storage to provider-agnostic band-scoped model

Replaces per-member Nextcloud credentials with a BandStorage model that supports multiple providers. Credentials are Fernet-encrypted at rest; worker receives audio via an internal streaming endpoint instead of direct storage access. - Add BandStorage DB model with partial unique index (one active per band) - Add migrations 0007 (create band_storage) and 0008 (drop old nc columns) - Add StorageFactory that builds the correct StorageClient from BandStorage - Add storage router: connect/nextcloud, OAuth2 authorize/callback, list, disconnect - Add Fernet encryption helpers in security/encryption.py - Rewrite watcher for per-band polling via internal API config endpoint - Update worker to stream audio from API instead of accessing storage directly - Update frontend: new storage API in bands.ts, rewritten StorageSection, simplified band creation modal (no storage step) - Add STORAGE_ENCRYPTION_KEY to all docker-compose files Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 23:22:36 +02:00
parent ba22853bc7
commit b2d6b4d113
44 changed files with 1725 additions and 675 deletions
--- a/api/src/rehearsalhub/routers/init.py
+++ b/api/src/rehearsalhub/routers/init.py
@@ -6,6 +6,7 @@ from rehearsalhub.routers.invites import router as invites_router
 from rehearsalhub.routers.members import router as members_router
 from rehearsalhub.routers.sessions import router as sessions_router
 from rehearsalhub.routers.songs import router as songs_router
+from rehearsalhub.routers.storage import router as storage_router
 from rehearsalhub.routers.versions import router as versions_router
 from rehearsalhub.routers.ws import router as ws_router

@@ -17,6 +18,7 @@ __all__ = [
    "members_router",
    "sessions_router",
    "songs_router",
+    "storage_router",
    "versions_router",
    "annotations_router",
    "ws_router",