database/db.go

// Package database provides database initialization, migration, and management utilities
// for the 3x-ui panel using GORM with SQLite.
package database

import (
	"bytes"
	"errors"
	"io"
	"log"
	"os"
	"path"
	"slices"
	"strings"
	"time"

	"github.com/mhsanaei/3x-ui/v3/config"
	"github.com/mhsanaei/3x-ui/v3/database/model"
	"github.com/mhsanaei/3x-ui/v3/util/crypto"
	"github.com/mhsanaei/3x-ui/v3/xray"

	"gorm.io/driver/sqlite"
	"gorm.io/gorm"
	"gorm.io/gorm/logger"
)

var db *gorm.DB

const (
	defaultUsername = "admin"
	defaultPassword = "admin"
)

func initModels() error {
	models := []any{
		&model.User{},
		&model.Inbound{},
		&model.OutboundTraffics{},
		&model.Setting{},
		&model.InboundClientIps{},
		&xray.ClientTraffic{},
		&model.HistoryOfSeeders{},
		&model.CustomGeoResource{},
		&model.Node{},
		&model.ApiToken{},
	}
	for _, mdl := range models {
		if err := db.AutoMigrate(mdl); err != nil {
			if isIgnorableDuplicateColumnErr(err, mdl) {
				log.Printf("Ignoring duplicate column during auto migration for %T: %v", mdl, err)
				continue
			}
			log.Printf("Error auto migrating model: %v", err)
			return err
		}
	}
	return nil
}

func isIgnorableDuplicateColumnErr(err error, mdl any) bool {
	if err == nil {
		return false
	}
	errMsg := strings.ToLower(err.Error())
	const dupPrefix = "duplicate column name:"
	if !strings.Contains(errMsg, dupPrefix) {
		return false
	}
	idx := strings.Index(errMsg, dupPrefix)
	if idx < 0 {
		return false
	}
	col := strings.TrimSpace(errMsg[idx+len(dupPrefix):])
	col = strings.Trim(col, "`\"[]")
	if col == "" {
		return false
	}
	return db != nil && db.Migrator().HasColumn(mdl, col)
}

// initUser creates a default admin user if the users table is empty.
func initUser() error {
	empty, err := isTableEmpty("users")
	if err != nil {
		log.Printf("Error checking if users table is empty: %v", err)
		return err
	}
	if empty {
		hashedPassword, err := crypto.HashPasswordAsBcrypt(defaultPassword)

		if err != nil {
			log.Printf("Error hashing default password: %v", err)
			return err
		}

		user := &model.User{
			Username: defaultUsername,
			Password: hashedPassword,
		}
		return db.Create(user).Error
	}
	return nil
}

// runSeeders migrates user passwords to bcrypt and records seeder execution to prevent re-running.
func runSeeders(isUsersEmpty bool) error {
	empty, err := isTableEmpty("history_of_seeders")
	if err != nil {
		log.Printf("Error checking if users table is empty: %v", err)
		return err
	}

	if empty && isUsersEmpty {
		hashSeeder := &model.HistoryOfSeeders{
			SeederName: "UserPasswordHash",
		}
		if err := db.Create(hashSeeder).Error; err != nil {
			return err
		}
		return seedApiTokens()
	}

	var seedersHistory []string
	if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &seedersHistory).Error; err != nil {
		log.Printf("Error fetching seeder history: %v", err)
		return err
	}

	if !slices.Contains(seedersHistory, "UserPasswordHash") && !isUsersEmpty {
		var users []model.User
		if err := db.Find(&users).Error; err != nil {
			log.Printf("Error fetching users for password migration: %v", err)
			return err
		}

		for _, user := range users {
			hashedPassword, err := crypto.HashPasswordAsBcrypt(user.Password)
			if err != nil {
				log.Printf("Error hashing password for user '%s': %v", user.Username, err)
				return err
			}
			if err := db.Model(&user).Update("password", hashedPassword).Error; err != nil {
				log.Printf("Error updating password for user '%s': %v", user.Username, err)
				return err
			}
		}

		hashSeeder := &model.HistoryOfSeeders{
			SeederName: "UserPasswordHash",
		}
		if err := db.Create(hashSeeder).Error; err != nil {
			return err
		}
	}

	if !slices.Contains(seedersHistory, "ApiTokensTable") {
		if err := seedApiTokens(); err != nil {
			return err
		}
	}
	return nil
}

// seedApiTokens copies the legacy `apiToken` setting into the new
// api_tokens table as a row named "default" so existing central panels
// keep working after the upgrade. Idempotent — records itself in
// history_of_seeders and only runs when api_tokens is empty.
func seedApiTokens() error {
	empty, err := isTableEmpty("api_tokens")
	if err != nil {
		return err
	}
	if empty {
		var legacy model.Setting
		err := db.Model(model.Setting{}).Where("key = ?", "apiToken").First(&legacy).Error
		if err == nil && legacy.Value != "" {
			row := &model.ApiToken{
				Name:    "default",
				Token:   legacy.Value,
				Enabled: true,
			}
			if err := db.Create(row).Error; err != nil {
				log.Printf("Error migrating legacy apiToken: %v", err)
				return err
			}
		}
	}
	return db.Create(&model.HistoryOfSeeders{SeederName: "ApiTokensTable"}).Error
}

// isTableEmpty returns true if the named table contains zero rows.
func isTableEmpty(tableName string) (bool, error) {
	var count int64
	err := db.Table(tableName).Count(&count).Error
	return count == 0, err
}

// InitDB sets up the database connection, migrates models, and runs seeders.
func InitDB(dbPath string) error {
	dir := path.Dir(dbPath)
	err := os.MkdirAll(dir, 0755)
	if err != nil {
		return err
	}

	var gormLogger logger.Interface

	if config.IsDebug() {
		gormLogger = logger.Default
	} else {
		gormLogger = logger.Discard
	}

	c := &gorm.Config{
		Logger: gormLogger,
	}
	dsn := dbPath + "?_journal_mode=WAL&_busy_timeout=10000&_synchronous=NORMAL&_txlock=immediate"
	db, err = gorm.Open(sqlite.Open(dsn), c)
	if err != nil {
		return err
	}

	sqlDB, err := db.DB()
	if err != nil {
		return err
	}
	if _, err := sqlDB.Exec("PRAGMA journal_mode=WAL"); err != nil {
		return err
	}
	if _, err := sqlDB.Exec("PRAGMA busy_timeout=10000"); err != nil {
		return err
	}
	if _, err := sqlDB.Exec("PRAGMA synchronous=NORMAL"); err != nil {
		return err
	}
	sqlDB.SetMaxOpenConns(8)
	sqlDB.SetMaxIdleConns(4)
	sqlDB.SetConnMaxLifetime(time.Hour)

	if err := initModels(); err != nil {
		return err
	}

	isUsersEmpty, err := isTableEmpty("users")
	if err != nil {
		return err
	}

	if err := initUser(); err != nil {
		return err
	}
	return runSeeders(isUsersEmpty)
}

// CloseDB closes the database connection if it exists.
func CloseDB() error {
	if db != nil {
		sqlDB, err := db.DB()
		if err != nil {
			return err
		}
		return sqlDB.Close()
	}
	return nil
}

// GetDB returns the global GORM database instance.
func GetDB() *gorm.DB {
	return db
}

func IsNotFound(err error) bool {
	return errors.Is(err, gorm.ErrRecordNotFound)
}

// IsSQLiteDB checks if the given file is a valid SQLite database by reading its signature.
func IsSQLiteDB(file io.ReaderAt) (bool, error) {
	signature := []byte("SQLite format 3\x00")
	buf := make([]byte, len(signature))
	_, err := file.ReadAt(buf, 0)
	if err != nil {
		return false, err
	}
	return bytes.Equal(buf, signature), nil
}

// Checkpoint performs a WAL checkpoint on the SQLite database to ensure data consistency.
func Checkpoint() error {
	// Update WAL
	err := db.Exec("PRAGMA wal_checkpoint;").Error
	if err != nil {
		return err
	}
	return nil
}

// ValidateSQLiteDB opens the provided sqlite DB path with a throw-away connection
// and runs a PRAGMA integrity_check to ensure the file is structurally sound.
// It does not mutate global state or run migrations.
func ValidateSQLiteDB(dbPath string) error {
	if _, err := os.Stat(dbPath); err != nil { // file must exist
		return err
	}
	gdb, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{Logger: logger.Discard})
	if err != nil {
		return err
	}
	sqlDB, err := gdb.DB()
	if err != nil {
		return err
	}
	defer sqlDB.Close()
	var res string
	if err := gdb.Raw("PRAGMA integrity_check;").Scan(&res).Error; err != nil {
		return err
	}
	if res != "ok" {
		return errors.New("sqlite integrity check failed: " + res)
	}
	return nil
}
docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// Package database provides database initialization, migration, and management utilities`
			`// for the 3x-ui panel using GORM with SQLite.`
3x-ui 2023-02-09 22:48:06 +03:30			`package database`

			`import (`
update axios-init and db.go 2023-05-05 22:51:39 +04:30			`"bytes"`
fix(import): prevent sqlite disk I/O error by validating temp DB then swapping 2025-10-14 22:03:17 +02:00			`"errors"`
update axios-init and db.go 2023-05-05 22:51:39 +04:30			`"io"`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`"log"`
3x-ui 2023-02-09 22:48:06 +03:30			`"os"`
			`"path"`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`"slices"`
fix: ignore duplicate column errors during AutoMigrate on upgraded DBs 2026-05-14 11:10:38 +02:00			`"strings"`
feat(nodes): traffic-writer queue, full-mirror sync, WS event fixes 2026-05-10 16:25:23 +02:00			`"time"`
🚀 Some improvements for x-ui.sh and ip job (#665 ) 2023-07-01 15:56:43 +03:30
v3 2026-05-10 02:13:42 +02:00			`"github.com/mhsanaei/3x-ui/v3/config"`
			`"github.com/mhsanaei/3x-ui/v3/database/model"`
			`"github.com/mhsanaei/3x-ui/v3/util/crypto"`
			`"github.com/mhsanaei/3x-ui/v3/xray"`
update pack 2023-02-16 19:28:20 +03:30
			`"gorm.io/driver/sqlite"`
			`"gorm.io/gorm"`
			`"gorm.io/gorm/logger"`
3x-ui 2023-02-09 22:48:06 +03:30			`)`

			`var db *gorm.DB`

Refactor database initialization 2024-07-14 01:22:02 +02:00			`const (`
			`defaultUsername = "admin"`
			`defaultPassword = "admin"`
			`)`

			`func initModels() error {`
Refactor: Use any instead of interface{} 2025-03-12 20:13:51 +01:00			`models := []any{`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`&model.User{},`
			`&model.Inbound{},`
			`&model.OutboundTraffics{},`
revert group management (#2656 ) 2025-02-04 11:27:58 +01:00			`&model.Setting{},`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`&model.InboundClientIps{},`
			`&xray.ClientTraffic{},`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`&model.HistoryOfSeeders{},`
Add custom geosite/geoip URL sources (#3980 ) 2026-04-19 22:24:24 +03:00			`&model.CustomGeoResource{},`
Vue3 migration (#4198 ) 2026-05-09 17:38:48 +02:00			`&model.Node{},`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`&model.ApiToken{},`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`}`
fix: ignore duplicate column errors during AutoMigrate on upgraded DBs 2026-05-14 11:10:38 +02:00			`for _, mdl := range models {`
			`if err := db.AutoMigrate(mdl); err != nil {`
			`if isIgnorableDuplicateColumnErr(err, mdl) {`
			`log.Printf("Ignoring duplicate column during auto migration for %T: %v", mdl, err)`
			`continue`
			`}`
revert group management (#2656 ) 2025-02-04 11:27:58 +01:00			`log.Printf("Error auto migrating model: %v", err)`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`return err`
			`}`
			`}`
			`return nil`
a lot of improvement 2023-05-23 02:43:15 +03:30			`}`

fix: ignore duplicate column errors during AutoMigrate on upgraded DBs 2026-05-14 11:10:38 +02:00			`func isIgnorableDuplicateColumnErr(err error, mdl any) bool {`
			`if err == nil {`
			`return false`
			`}`
			`errMsg := strings.ToLower(err.Error())`
			`const dupPrefix = "duplicate column name:"`
			`if !strings.Contains(errMsg, dupPrefix) {`
			`return false`
			`}`
			`idx := strings.Index(errMsg, dupPrefix)`
			`if idx < 0 {`
			`return false`
			`}`
			`col := strings.TrimSpace(errMsg[idx+len(dupPrefix):])`
			col = strings.Trim(col, "`\"[]")
			`if col == "" {`
			`return false`
			`}`
			`return db != nil && db.Migrator().HasColumn(mdl, col)`
			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// initUser creates a default admin user if the users table is empty.`
3x-ui 2023-02-09 22:48:06 +03:30			`func initUser() error {`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`empty, err := isTableEmpty("users")`
3x-ui 2023-02-09 22:48:06 +03:30			`if err != nil {`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`log.Printf("Error checking if users table is empty: %v", err)`
3x-ui 2023-02-09 22:48:06 +03:30			`return err`
			`}`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`if empty {`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`hashedPassword, err := crypto.HashPasswordAsBcrypt(defaultPassword)`

			`if err != nil {`
			`log.Printf("Error hashing default password: %v", err)`
			`return err`
			`}`

3x-ui 2023-02-09 22:48:06 +03:30			`user := &model.User{`
chore: implement 2fa auth (#2968 ) 2025-05-08 21:20:58 +07:00			`Username: defaultUsername,`
			`Password: hashedPassword,`
3x-ui 2023-02-09 22:48:06 +03:30			`}`
			`return db.Create(user).Error`
			`}`
			`return nil`
			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// runSeeders migrates user passwords to bcrypt and records seeder execution to prevent re-running.`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`func runSeeders(isUsersEmpty bool) error {`
			`empty, err := isTableEmpty("history_of_seeders")`
			`if err != nil {`
			`log.Printf("Error checking if users table is empty: %v", err)`
			`return err`
			`}`

			`if empty && isUsersEmpty {`
			`hashSeeder := &model.HistoryOfSeeders{`
			`SeederName: "UserPasswordHash",`
			`}`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`if err := db.Create(hashSeeder).Error; err != nil {`
			`return err`
			`}`
			`return seedApiTokens()`
			`}`

			`var seedersHistory []string`
			`if err := db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &seedersHistory).Error; err != nil {`
			`log.Printf("Error fetching seeder history: %v", err)`
			`return err`
			`}`

			`if !slices.Contains(seedersHistory, "UserPasswordHash") && !isUsersEmpty {`
			`var users []model.User`
			`if err := db.Find(&users).Error; err != nil {`
			`log.Printf("Error fetching users for password migration: %v", err)`
Fix silently ignored errors in password migration seeder (#4206 ) 2026-05-10 20:46:42 +08:00			`return err`
			`}`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`for _, user := range users {`
			`hashedPassword, err := crypto.HashPasswordAsBcrypt(user.Password)`
			`if err != nil {`
			`log.Printf("Error hashing password for user '%s': %v", user.Username, err)`
Fix silently ignored errors in password migration seeder (#4206 ) 2026-05-10 20:46:42 +08:00			`return err`
			`}`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`if err := db.Model(&user).Update("password", hashedPassword).Error; err != nil {`
			`log.Printf("Error updating password for user '%s': %v", user.Username, err)`
			`return err`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`}`
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`}`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00
feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`hashSeeder := &model.HistoryOfSeeders{`
			`SeederName: "UserPasswordHash",`
			`}`
			`if err := db.Create(hashSeeder).Error; err != nil {`
			`return err`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`}`
			`}`

feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			`if !slices.Contains(seedersHistory, "ApiTokensTable") {`
			`if err := seedApiTokens(); err != nil {`
			`return err`
			`}`
			`}`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`return nil`
			`}`

feat(api-tokens): manage multiple named tokens; add tab/section anchor URLs 2026-05-13 16:34:31 +02:00			// seedApiTokens copies the legacy `apiToken` setting into the new
			`// api_tokens table as a row named "default" so existing central panels`
			`// keep working after the upgrade. Idempotent — records itself in`
			`// history_of_seeders and only runs when api_tokens is empty.`
			`func seedApiTokens() error {`
			`empty, err := isTableEmpty("api_tokens")`
			`if err != nil {`
			`return err`
			`}`
			`if empty {`
			`var legacy model.Setting`
			`err := db.Model(model.Setting{}).Where("key = ?", "apiToken").First(&legacy).Error`
			`if err == nil && legacy.Value != "" {`
			`row := &model.ApiToken{`
			`Name: "default",`
			`Token: legacy.Value,`
			`Enabled: true,`
			`}`
			`if err := db.Create(row).Error; err != nil {`
			`log.Printf("Error migrating legacy apiToken: %v", err)`
			`return err`
			`}`
			`}`
			`}`
			`return db.Create(&model.HistoryOfSeeders{SeederName: "ApiTokensTable"}).Error`
			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// isTableEmpty returns true if the named table contains zero rows.`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`func isTableEmpty(tableName string) (bool, error) {`
			`var count int64`
			`err := db.Table(tableName).Count(&count).Error`
			`return count == 0, err`
3x-ui 2023-02-09 22:48:06 +03:30			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// InitDB sets up the database connection, migrates models, and runs seeders.`
3x-ui 2023-02-09 22:48:06 +03:30			`func InitDB(dbPath string) error {`
			`dir := path.Dir(dbPath)`
Fix overly permissive file permissions (os.ModePerm) (#4207 ) 2026-05-10 20:47:28 +08:00			`err := os.MkdirAll(dir, 0755)`
3x-ui 2023-02-09 22:48:06 +03:30			`if err != nil {`
			`return err`
			`}`

			`var gormLogger logger.Interface`

			`if config.IsDebug() {`
			`gormLogger = logger.Default`
			`} else {`
			`gormLogger = logger.Discard`
			`}`

			`c := &gorm.Config{`
revert group management (#2656 ) 2025-02-04 11:27:58 +01:00			`Logger: gormLogger,`
3x-ui 2023-02-09 22:48:06 +03:30			`}`
feat(nodes): traffic-writer queue, full-mirror sync, WS event fixes 2026-05-10 16:25:23 +02:00			`dsn := dbPath + "?_journal_mode=WAL&_busy_timeout=10000&_synchronous=NORMAL&_txlock=immediate"`
			`db, err = gorm.Open(sqlite.Open(dsn), c)`
3x-ui 2023-02-09 22:48:06 +03:30			`if err != nil {`
			`return err`
			`}`

feat(nodes): traffic-writer queue, full-mirror sync, WS event fixes 2026-05-10 16:25:23 +02:00			`sqlDB, err := db.DB()`
			`if err != nil {`
			`return err`
			`}`
			`if _, err := sqlDB.Exec("PRAGMA journal_mode=WAL"); err != nil {`
			`return err`
			`}`
			`if _, err := sqlDB.Exec("PRAGMA busy_timeout=10000"); err != nil {`
			`return err`
			`}`
			`if _, err := sqlDB.Exec("PRAGMA synchronous=NORMAL"); err != nil {`
			`return err`
			`}`
			`sqlDB.SetMaxOpenConns(8)`
			`sqlDB.SetMaxIdleConns(4)`
			`sqlDB.SetConnMaxLifetime(time.Hour)`

Refactor database initialization 2024-07-14 01:22:02 +02:00			`if err := initModels(); err != nil {`
			`return err`
			`}`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00
			`isUsersEmpty, err := isTableEmpty("users")`
go package correction 2025-09-18 22:06:01 +02:00			`if err != nil {`
			`return err`
			`}`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00
Refactor database initialization 2024-07-14 01:22:02 +02:00			`if err := initUser(); err != nil {`
			`return err`
			`}`
feat: hashing user passwords 2025-05-03 12:27:53 +03:00			`return runSeeders(isUsersEmpty)`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// CloseDB closes the database connection if it exists.`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`func CloseDB() error {`
			`if db != nil {`
			`sqlDB, err := db.DB()`
			`if err != nil {`
a lot of improvement 2023-05-23 02:43:15 +03:30			`return err`
			`}`
Refactor database initialization 2024-07-14 01:22:02 +02:00			`return sqlDB.Close()`
3x-ui 2023-02-09 22:48:06 +03:30			`}`
			`return nil`
			`}`

docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// GetDB returns the global GORM database instance.`
3x-ui 2023-02-09 22:48:06 +03:30			`func GetDB() *gorm.DB {`
			`return db`
			`}`

			`func IsNotFound(err error) bool {`
Add custom geosite/geoip URL sources (#3980 ) 2026-04-19 22:24:24 +03:00			`return errors.Is(err, gorm.ErrRecordNotFound)`
3x-ui 2023-02-09 22:48:06 +03:30			`}`
update axios-init and db.go 2023-05-05 22:51:39 +04:30
docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// IsSQLiteDB checks if the given file is a valid SQLite database by reading its signature.`
a lot of improvement 2023-05-23 02:43:15 +03:30			`func IsSQLiteDB(file io.ReaderAt) (bool, error) {`
update axios-init and db.go 2023-05-05 22:51:39 +04:30			`signature := []byte("SQLite format 3\x00")`
			`buf := make([]byte, len(signature))`
a lot of improvement 2023-05-23 02:43:15 +03:30			`_, err := file.ReadAt(buf, 0)`
update axios-init and db.go 2023-05-05 22:51:39 +04:30			`if err != nil {`
			`return false, err`
			`}`
			`return bytes.Equal(buf, signature), nil`
			`}`
Update DB WAL before backup #1300 2023-12-08 20:35:10 +01:00
docs: add comments for all functions 2025-09-20 09:35:50 +02:00			`// Checkpoint performs a WAL checkpoint on the SQLite database to ensure data consistency.`
Update DB WAL before backup #1300 2023-12-08 20:35:10 +01:00			`func Checkpoint() error {`
			`// Update WAL`
			`err := db.Exec("PRAGMA wal_checkpoint;").Error`
			`if err != nil {`
			`return err`
			`}`
			`return nil`
			`}`
fix(import): prevent sqlite disk I/O error by validating temp DB then swapping 2025-10-14 22:03:17 +02:00
			`// ValidateSQLiteDB opens the provided sqlite DB path with a throw-away connection`
			`// and runs a PRAGMA integrity_check to ensure the file is structurally sound.`
			`// It does not mutate global state or run migrations.`
			`func ValidateSQLiteDB(dbPath string) error {`
			`if _, err := os.Stat(dbPath); err != nil { // file must exist`
			`return err`
			`}`
			`gdb, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{Logger: logger.Discard})`
			`if err != nil {`
			`return err`
			`}`
			`sqlDB, err := gdb.DB()`
			`if err != nil {`
			`return err`
			`}`
			`defer sqlDB.Close()`
			`var res string`
			`if err := gdb.Raw("PRAGMA integrity_check;").Scan(&res).Error; err != nil {`
			`return err`
			`}`
			`if res != "ok" {`
			`return errors.New("sqlite integrity check failed: " + res)`
			`}`
			`return nil`
			`}`