fix: ensure idempotency by removing existing restore token before regeneration

backup/restore_to_primary.sh

@@ -198,10 +198,19 @@ fi
 # Old tokens from the dump may conflict or be stale. Generate a fresh one.
 # ---------------------------------------------------------------------------
 log_step 8 "Regenerating API token..."
+RESTORE_TOKEN_NAME="migration-token-restored"
+
+# Idempotency: remove any previously generated restore token with the same name.
+# Gitea returns 409 if we try to create a duplicate token name.
+curl -sf -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" \
+  -X DELETE \
+  "${GITEA_INTERNAL_URL}/api/v1/users/${GITEA_ADMIN_USER}/tokens/${RESTORE_TOKEN_NAME}" \
+  -o /dev/null 2>/dev/null || true
+
 TOKEN_RESPONSE=$(curl -sf -u "${GITEA_ADMIN_USER}:${GITEA_ADMIN_PASSWORD}" \
   -X POST \
   -H "Content-Type: application/json" \
-  -d '{"name":"migration-token-restored","scopes":["all"]}' \
+  -d "{\"name\":\"${RESTORE_TOKEN_NAME}\",\"scopes\":[\"all\"]}" \
   "${GITEA_INTERNAL_URL}/api/v1/users/${GITEA_ADMIN_USER}/tokens")
 
 NEW_TOKEN=$(printf '%s' "$TOKEN_RESPONSE" | jq -r '.sha1')