fix: return errors from deleteSnapshotFromLocalDB instead of swallowing them

Previously, deleteSnapshotFromLocalDB logged errors but always returned nil, causing callers to believe deletion succeeded even when it failed. This could lead to data inconsistency where remote metadata is deleted while local records persist. Now returns the first error encountered, allowing callers to handle failures appropriately.
fix: add missing printfStdout, printlnStdout, scanlnStdin, FetchBlob, and FetchAndDecryptBlob methods
2026-02-19 23:55:27 -08:00 · 2026-02-19 23:51:53 -08:00 · 2026-02-16 06:21:41 +01:00
3 changed files with 80 additions and 5 deletions
--- a/internal/vaultik/restore.go
+++ b/internal/vaultik/restore.go
@@ -473,6 +473,53 @@ func (v *Vaultik) restoreRegularFile(
 	return nil
 }

+// BlobFetchResult holds the result of fetching and decrypting a blob.
+type BlobFetchResult struct {
+	Data           []byte
+	CompressedSize int64
+}
+
+// FetchAndDecryptBlob downloads a blob from storage, decrypts and decompresses it.
+func (v *Vaultik) FetchAndDecryptBlob(ctx context.Context, blobHash string, expectedSize int64, identity age.Identity) (*BlobFetchResult, error) {
+	// Construct blob path with sharding
+	blobPath := fmt.Sprintf("blobs/%s/%s/%s", blobHash[:2], blobHash[2:4], blobHash)
+
+	reader, err := v.Storage.Get(ctx, blobPath)
+	if err != nil {
+		return nil, fmt.Errorf("downloading blob: %w", err)
+	}
+	defer func() { _ = reader.Close() }()
+
+	// Read encrypted data
+	encryptedData, err := io.ReadAll(reader)
+	if err != nil {
+		return nil, fmt.Errorf("reading blob data: %w", err)
+	}
+
+	// Decrypt and decompress
+	blobReader, err := blobgen.NewReader(bytes.NewReader(encryptedData), identity)
+	if err != nil {
+		return nil, fmt.Errorf("creating decryption reader: %w", err)
+	}
+	defer func() { _ = blobReader.Close() }()
+
+	data, err := io.ReadAll(blobReader)
+	if err != nil {
+		return nil, fmt.Errorf("decrypting blob: %w", err)
+	}
+
+	log.Debug("Downloaded and decrypted blob",
+		"hash", blobHash[:16],
+		"encrypted_size", humanize.Bytes(uint64(len(encryptedData))),
+		"decrypted_size", humanize.Bytes(uint64(len(data))),
+	)
+
+	return &BlobFetchResult{
+		Data:           data,
+		CompressedSize: int64(len(encryptedData)),
+	}, nil
+}
+
 // downloadBlob downloads and decrypts a blob
 func (v *Vaultik) downloadBlob(ctx context.Context, blobHash string, expectedSize int64, identity age.Identity) ([]byte, error) {
 	result, err := v.FetchAndDecryptBlob(ctx, blobHash, expectedSize, identity)
--- a/internal/vaultik/snapshot.go
+++ b/internal/vaultik/snapshot.go
@@ -4,8 +4,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"regexp"
 	"path/filepath"
+	"regexp"
 	"sort"
 	"strings"
 	"text/tabwriter"
@@ -1004,16 +1004,16 @@ func (v *Vaultik) deleteSnapshotFromLocalDB(snapshotID string) error {

 	// Delete related records first to avoid foreign key constraints
 	if err := v.Repositories.Snapshots.DeleteSnapshotFiles(v.ctx, snapshotID); err != nil {
-		log.Error("Failed to delete snapshot files", "snapshot_id", snapshotID, "error", err)
+		return fmt.Errorf("deleting snapshot files for %s: %w", snapshotID, err)
 	}
 	if err := v.Repositories.Snapshots.DeleteSnapshotBlobs(v.ctx, snapshotID); err != nil {
-		log.Error("Failed to delete snapshot blobs", "snapshot_id", snapshotID, "error", err)
+		return fmt.Errorf("deleting snapshot blobs for %s: %w", snapshotID, err)
 	}
 	if err := v.Repositories.Snapshots.DeleteSnapshotUploads(v.ctx, snapshotID); err != nil {
-		log.Error("Failed to delete snapshot uploads", "snapshot_id", snapshotID, "error", err)
+		return fmt.Errorf("deleting snapshot uploads for %s: %w", snapshotID, err)
 	}
 	if err := v.Repositories.Snapshots.Delete(v.ctx, snapshotID); err != nil {
-		log.Error("Failed to delete snapshot record", "snapshot_id", snapshotID, "error", err)
+		return fmt.Errorf("deleting snapshot record %s: %w", snapshotID, err)
 	}

 	return nil
--- a/internal/vaultik/vaultik.go
+++ b/internal/vaultik/vaultik.go
@@ -135,6 +135,34 @@ func (v *Vaultik) Outputf(format string, args ...any) {
 	_, _ = fmt.Fprintf(v.Stdout, format, args...)
 }

+// printfStdout writes formatted output to stdout.
+func (v *Vaultik) printfStdout(format string, args ...any) {
+	_, _ = fmt.Fprintf(v.Stdout, format, args...)
+}
+
+// printlnStdout writes a line to stdout.
+func (v *Vaultik) printlnStdout(args ...any) {
+	_, _ = fmt.Fprintln(v.Stdout, args...)
+}
+
+// scanlnStdin reads a line from stdin into the provided string pointer.
+func (v *Vaultik) scanlnStdin(s *string) error {
+	_, err := fmt.Fscanln(v.Stdin, s)
+	return err
+}
+
+// FetchBlob downloads a blob from storage and returns a reader for the encrypted data.
+func (v *Vaultik) FetchBlob(ctx context.Context, blobHash string, expectedSize int64) (io.ReadCloser, int64, error) {
+	blobPath := fmt.Sprintf("blobs/%s/%s/%s", blobHash[:2], blobHash[2:4], blobHash)
+
+	reader, err := v.Storage.Get(ctx, blobPath)
+	if err != nil {
+		return nil, 0, fmt.Errorf("downloading blob: %w", err)
+	}
+
+	return reader, expectedSize, nil
+}
+
 // TestVaultik wraps a Vaultik with captured stdout/stderr for testing
 type TestVaultik struct {
 	*Vaultik