feat(backup): additional options for database backups

[paulwer]

What is this PR about?

Adds a new optional field additionalOptions that allows users to pass extra arguments to the dump commands for databases.

We also have created a fix for successfully running dokploy:setup on windows systems

Checklist

Before submitting this PR, please make sure that:

• You created a dedicated branch based on the canary branch.
• You have read the suggestions in the CONTRIBUTING.md file https://github.com/Dokploy/dokploy/blob/canary/CONTRIBUTING.md#pull-request
• You have tested this PR in your local instance.

Issues related (if applicable)

closes #3191

Screenshots (if applicable)

Notes

@Siumauricio I tested the ui/api changes for creating / restoring backups, which works fine, but I was not able to test backup jobs for all databases. please validate while reviewing this PR please :)

Please also write suggestion/feedback for UI-Component created by me for ArrayLists, if it matches your style-guide or do necessary changes yourself :)

We also have created a fix for successfully running dokploy:setup on windows systems.

Greptile Summary

Adds additionalOptions field to database backup/restore operations, allowing users to pass custom arguments to dump/restore commands. The implementation includes proper input sanitization via normalizeBackUpInput/normalizeRestoreInput functions that strip unsafe characters. Also includes a Windows compatibility fix for the setup script and a new InputArray UI component for managing string arrays.

• Added additionalOptions field to backup schema with JSONB array storage
• Implemented input normalization that removes shell metacharacters from user-provided options
• Integrated additionalOptions into all backup commands (postgres, mysql, mariadb, mongo)
• Added restore command support for additional options across all database types
• Created reusable InputArray React component for array input management
• Fixed Windows setup timing issue with 5-second delay before exit
• Database migration adds new column with proper default value

Confidence Score: 3/5

• This PR has several shell injection vulnerabilities in restore commands that need to be fixed before merging
• The backup commands are properly secured with input sanitization, but the restore commands have a critical flaw where single-quote wrapping is used within double-quoted sh -c contexts, making them vulnerable to shell injection. The setup.ts change adds an unexplained 5-second delay. The UI components and schema changes look good.
• Pay close attention to packages/server/src/utils/restore/utils.ts (shell injection vulnerabilities) and apps/dokploy/setup.ts (unexplained delay)

_{Last reviewed commit: 52576aa}

[michakfromparis]

Yes. I second that. This is key to restore a db with acl or RLS. Totally necessary for logto for example

[paulwer]

@Siumauricio I am very sorry, but I am not able to do testing right now and for the next few weeks.
Would it be possible to overhand you the current status, as I am likly not able to work on this for the next 2 weeks.

[greptile-apps]

_{16 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

apps/dokploy/setup.ts
5-second delay never executes on success

The sleep 5 was moved from the shell command (package.json) into the Node.js script, but exit(0) on line 34 terminates the process before reaching the setTimeout on line 39. The delay only runs when an error occurs (when the catch block completes without exiting).

The original sleep 5 in package.json was placed between setup.ts and migration:run to ensure services like Postgres are ready. With this change, on a successful setup, the migration runs immediately after setup completes with no delay, which may cause the migration to fail if Postgres hasn't finished initializing.

To fix, either move the delay before exit(0):

		console.log("Dokploy setup completed");
		await new Promise<void>((res) => setTimeout(() => res(), 5000));
		exit(0);
	} catch (e) {
		console.error("Error in dokploy setup", e);
	}

[paulwer]

@greptile-apps please review again (if thats possible 🙈)

@Siumauricio I applied all changes suggested by the AI, so i think its ready for review again :)

I've added normalization also for all existing command. please check if that suites your code style and if you want to implement it like this.

[greptile-apps]

_{16 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}