Refactor storage to provider-agnostic band-scoped model

Replaces per-member Nextcloud credentials with a BandStorage model that supports multiple providers. Credentials are Fernet-encrypted at rest; worker receives audio via an internal streaming endpoint instead of direct storage access. - Add BandStorage DB model with partial unique index (one active per band) - Add migrations 0007 (create band_storage) and 0008 (drop old nc columns) - Add StorageFactory that builds the correct StorageClient from BandStorage - Add storage router: connect/nextcloud, OAuth2 authorize/callback, list, disconnect - Add Fernet encryption helpers in security/encryption.py - Rewrite watcher for per-band polling via internal API config endpoint - Update worker to stream audio from API instead of accessing storage directly - Update frontend: new storage API in bands.ts, rewritten StorageSection, simplified band creation modal (no storage step) - Add STORAGE_ENCRYPTION_KEY to all docker-compose files Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 23:22:36 +02:00
parent ba22853bc7
commit b2d6b4d113
44 changed files with 1725 additions and 675 deletions
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -7,6 +7,8 @@ services:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-default_secure_password}
    volumes:
      - pg_data_dev:/var/lib/postgresql/data
+    ports:
+      - "5432:5432"
    networks:
      - rh_net
    healthcheck:
@@ -20,6 +22,11 @@ services:
    image: redis:7-alpine
    networks:
      - rh_net
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping || exit 1"]
+      interval: 5s
+      timeout: 3s
+      retries: 10

  api:
    build:
@@ -34,6 +41,7 @@ services:
      REDIS_URL: redis://redis:6379/0
      SECRET_KEY: ${SECRET_KEY:-replace_me_with_32_byte_hex_default}
      INTERNAL_SECRET: ${INTERNAL_SECRET:-replace_me_with_32_byte_hex_default}
+      STORAGE_ENCRYPTION_KEY: ${STORAGE_ENCRYPTION_KEY:-5vaaZQs4J7CFYZ7fqee37HgIt4xNxKHHX6OWd29Yh5E=}
      DOMAIN: localhost
    ports:
      - "8000:8000"
@@ -43,6 +51,29 @@ services:
      db:
        condition: service_healthy

+  audio-worker:
+    build:
+      context: ./worker
+      target: development
+    environment:
+      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-rh_user}:${POSTGRES_PASSWORD:-default_secure_password}@db:5432/${POSTGRES_DB:-rehearsalhub}
+      REDIS_URL: redis://redis:6379/0
+      API_URL: http://api:8000
+      INTERNAL_SECRET: ${INTERNAL_SECRET:-replace_me_with_32_byte_hex_default}
+      ANALYSIS_VERSION: "1.0.0"
+      LOG_LEVEL: DEBUG
+      PYTHONUNBUFFERED: "1"
+    volumes:
+      - ./worker/src:/app/src:z
+      - audio_tmp:/tmp/audio
+    networks:
+      - rh_net
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+
  web:
    build:
      context: ./web
@@ -62,3 +93,4 @@ networks:

 volumes:
  pg_data_dev:
+  audio_tmp: