fix(repository): harden database writes

slobbe · slobbe · commit 19c8aa540c51 · 2026-04-29T18:08:47.000+02:00
diff --git a/internal/repository/repository.go b/internal/repository/repository.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/slobbe/appimage-manager/internal/config"
@@ -93,15 +94,67 @@ func isSupportedUpdateKind(kind models.UpdateKind) bool {
 }
 
 func SaveDB(path string, db *DB) error {
-	tmp := path + ".tmp"
 	b, err := json.MarshalIndent(db, "", "  ")
 	if err != nil {
 		return err
 	}
-	if err := os.WriteFile(tmp, b, 0o644); err != nil {
+
+	dir := filepath.Dir(path)
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return err
+	}
+
+	perm := os.FileMode(0o644)
+	if info, err := os.Stat(path); err == nil {
+		perm = info.Mode().Perm()
+	} else if !os.IsNotExist(err) {
+		return err
+	}
+
+	tmp, err := os.CreateTemp(dir, "."+filepath.Base(path)+".*.tmp")
+	if err != nil {
+		return err
+	}
+	tmpPath := tmp.Name()
+	cleanup := true
+	defer func() {
+		if cleanup {
+			_ = os.Remove(tmpPath)
+		}
+	}()
+
+	if err := tmp.Chmod(perm); err != nil {
+		_ = tmp.Close()
+		return err
+	}
+	if _, err := tmp.Write(b); err != nil {
+		_ = tmp.Close()
 		return err
 	}
-	return os.Rename(tmp, path)
+	if err := tmp.Sync(); err != nil {
+		_ = tmp.Close()
+		return err
+	}
+	if err := tmp.Close(); err != nil {
+		return err
+	}
+
+	if err := os.Rename(tmpPath, path); err != nil {
+		return err
+	}
+	cleanup = false
+
+	return syncDir(dir)
+}
+
+func syncDir(path string) error {
+	dir, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer dir.Close()
+
+	return dir.Sync()
 }
 
 func AddApp(appData *models.App, overwrite bool) error {
diff --git a/internal/repository/repository_batch_test.go b/internal/repository/repository_batch_test.go
@@ -3,13 +3,80 @@ package repo
 import (
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"testing"
 
 	"github.com/slobbe/appimage-manager/internal/config"
 	models "github.com/slobbe/appimage-manager/internal/types"
 )
 
+func TestSaveDBCreatesParentDirectory(t *testing.T) {
+	tmp := t.TempDir()
+	dbPath := filepath.Join(tmp, "nested", "state", "aim", "apps.json")
+
+	if err := SaveDB(dbPath, &DB{SchemaVersion: 1, Apps: map[string]*models.App{}}); err != nil {
+		t.Fatalf("SaveDB returned error: %v", err)
+	}
+
+	if _, err := os.Stat(dbPath); err != nil {
+		t.Fatalf("expected database file to exist: %v", err)
+	}
+
+	db, err := LoadDB(dbPath)
+	if err != nil {
+		t.Fatalf("LoadDB returned error: %v", err)
+	}
+	if db.SchemaVersion != 1 {
+		t.Fatalf("db.SchemaVersion = %d, want 1", db.SchemaVersion)
+	}
+	if len(db.Apps) != 0 {
+		t.Fatalf("len(db.Apps) = %d, want 0", len(db.Apps))
+	}
+}
+
+func TestSaveDBPreservesExistingPermissions(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("permission bits are not portable on Windows")
+	}
+
+	tmp := t.TempDir()
+	dbPath := filepath.Join(tmp, "apps.json")
+
+	if err := os.WriteFile(dbPath, []byte(`{"schemaVersion":1,"apps":{}}`), 0o600); err != nil {
+		t.Fatalf("failed to seed db file: %v", err)
+	}
+
+	if err := SaveDB(dbPath, &DB{SchemaVersion: 1, Apps: map[string]*models.App{}}); err != nil {
+		t.Fatalf("SaveDB returned error: %v", err)
+	}
+
+	info, err := os.Stat(dbPath)
+	if err != nil {
+		t.Fatalf("failed to stat db file: %v", err)
+	}
+	if got := info.Mode().Perm(); got != 0o600 {
+		t.Fatalf("db mode = %o, want 600", got)
+	}
+}
+
+func TestSaveDBUsesUniqueTempFilesAndCleansUp(t *testing.T) {
+	tmp := t.TempDir()
+	dbPath := filepath.Join(tmp, "apps.json")
+
+	if err := SaveDB(dbPath, &DB{SchemaVersion: 1, Apps: map[string]*models.App{}}); err != nil {
+		t.Fatalf("SaveDB returned error: %v", err)
+	}
+
+	matches, err := filepath.Glob(filepath.Join(tmp, ".apps.json.*.tmp"))
+	if err != nil {
+		t.Fatalf("failed to glob temp files: %v", err)
+	}
+	if len(matches) != 0 {
+		t.Fatalf("expected no temp files after successful save, found %v", matches)
+	}
+}
+
 func TestUpdateCheckMetadataBatch(t *testing.T) {
 	tmp := t.TempDir()
 	dbPath := filepath.Join(tmp, "apps.json")
