npm - @etus/bhono-app - Versions diffs - 0.1.5 → 0.1.6 - Mend

@etus/bhono-app 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (269) hide show

package/templates/base/src/server/lib/audit.ts CHANGED Viewed

@@ -1,28 +1,57 @@
-import type { Database } from '../db/client'
-import { auditLogs } from '../db/schema'
+import { execute } from '../db/sql'
 import type { ServiceContext } from '../types'
 export type AuditAction = 'INSERT' | 'UPDATE' | 'DELETE' | 'LOGIN' | 'LOGOUT' | 'SIGNUP' | 'TOKEN_REFRESH' | 'LOGIN_FAILED'
+async function logAuditSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  entity: string,
+  entityId: string,
+  action: AuditAction,
+  changes: Record<string, unknown>
+): Promise<void> {
+  const id = crypto.randomUUID()
+  const changesJson = Object.keys(changes).length > 0 ? JSON.stringify(changes) : null
+  await execute(
+    db,
+    `INSERT INTO audit_logs (
+      id,
+      transaction_id,
+      account_id,
+      user_id,
+      entity,
+      entity_id,
+      action,
+      changes,
+      ip_address,
+      user_agent
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+    [
+      id,
+      ctx.transactionId ?? crypto.randomUUID(),
+      ctx.accountId,
+      ctx.user.id,
+      entity,
+      entityId,
+      action,
+      changesJson,
+      ctx.ip ?? null,
+      ctx.userAgent ?? null,
+    ]
+  )
+}
 export async function logAudit(
-  db: Database,
+  db: D1Database,
   ctx: ServiceContext,
   entity: string,
   entityId: string,
   action: AuditAction,
   changes: Record<string, unknown>
 ): Promise<void> {
-  await db.insert(auditLogs).values({
-    transactionId: ctx.transactionId ?? crypto.randomUUID(),
-    accountId: ctx.accountId,
-    userId: ctx.user.id,
-    entity,
-    entityId,
-    action,
-    changes,
-    ipAddress: ctx.ip ?? null,
-    userAgent: ctx.userAgent ?? null,
-  })
+  await logAuditSql(db, ctx, entity, entityId, action, changes)
 }
 export function createChangeDiff(
@@ -53,21 +82,40 @@ export interface AuthEventContext {
 export type AuthAction = 'LOGIN' | 'LOGOUT' | 'SIGNUP' | 'TOKEN_REFRESH' | 'LOGIN_FAILED'
 export async function logAuthEvent(
-  db: Database,
+  db: D1Database,
   ctx: AuthEventContext,
   action: AuthAction,
   userId: string | null,
   details: Record<string, unknown>
 ): Promise<void> {
-  await db.insert(auditLogs).values({
-    transactionId: ctx.transactionId ?? crypto.randomUUID(),
-    accountId: null, // Auth events are account-agnostic
-    userId,
-    entity: 'Auth',
-    entityId: userId ?? 'anonymous',
-    action,
-    changes: details,
-    ipAddress: ctx.ip ?? null,
-    userAgent: ctx.userAgent ?? null,
-  })
+  const id = crypto.randomUUID()
+  const changesJson = Object.keys(details).length > 0 ? JSON.stringify(details) : null
+  await execute(
+    db,
+    `INSERT INTO audit_logs (
+      id,
+      transaction_id,
+      account_id,
+      user_id,
+      entity,
+      entity_id,
+      action,
+      changes,
+      ip_address,
+      user_agent
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+    [
+      id,
+      ctx.transactionId ?? crypto.randomUUID(),
+      null,
+      userId,
+      'Auth',
+      userId ?? 'anonymous',
+      action,
+      changesJson,
+      ctx.ip ?? null,
+      ctx.userAgent ?? null,
+    ]
+  )
 }

package/templates/base/src/server/lib/audited-db.ts CHANGED Viewed

@@ -1,9 +1,7 @@
 // src/server/lib/audited-db.ts
-import { type SQL, getTableName as drizzleGetTableName, is, Table } from 'drizzle-orm'
-import type { SQLiteTable } from 'drizzle-orm/sqlite-core'
-import type { Database } from '../db/client'
 import type { ServiceContext } from '../types'
 import { logAudit, createChangeDiff } from './audit'
+import { execute, queryAll, type SqlParams } from '../db/sql'
 /**
  * Base interface for auditable records - requires an id field
@@ -12,106 +10,243 @@ interface AuditableRecord {
   id: string
 }
-/**
- * Get the table name from a Drizzle table definition
- */
-function getTableName(table: SQLiteTable): string {
-  if (is(table, Table)) {
-    return drizzleGetTableName(table)
+export interface SqlWhereClause {
+  clause: string
+  params?: SqlParams
+}
+export interface SqlAuditOptions {
+  primaryKey?: string
+  columnMap?: Record<string, string>
+  now?: () => string
+}
+export interface SqlDeleteOptions extends SqlAuditOptions {
+  softDeleteColumns?: {
+    deletedAt?: string
+    deletedById?: string
+    updatedAt?: string
+    updatedById?: string
   }
-  return 'unknown'
 }
-/**
- * Insert with automatic audit logging
- * Returns the inserted records (same as .returning())
- */
-export async function auditedInsert<TRecord extends AuditableRecord>(
-  db: Database,
-  ctx: ServiceContext,
-  table: SQLiteTable,
-  values: Record<string, unknown> | Record<string, unknown>[]
-): Promise<TRecord[]> {
-  const tableName = getTableName(table)
+const DEFAULT_SOFT_DELETE_COLUMNS = {
+  deletedAt: 'deleted_at',
+  deletedById: 'deleted_by_id',
+  updatedAt: 'updated_at',
+  updatedById: 'updated_by_id',
+}
+function mapValues(values: Record<string, unknown>, columnMap?: Record<string, string>): Record<string, unknown> {
+  if (!columnMap) {
+    return values
+  }
+  const mapped: Record<string, unknown> = {}
+  for (const [key, value] of Object.entries(values)) {
+    const column = columnMap[key] ?? key
+    mapped[column] = value
+  }
+  return mapped
+}
+function normalizeRows(
+  values: Record<string, unknown> | Record<string, unknown>[],
+  columnMap?: Record<string, string>
+): { columns: string[]; rows: Record<string, unknown>[] } {
   const valuesArray = Array.isArray(values) ? values : [values]
+  const mapped = valuesArray.map((value) => mapValues(value, columnMap))
-  const results = await db
-    .insert(table)
-    .values(valuesArray)
-    .returning()
+  const columnSet = new Set<string>()
+  for (const row of mapped) {
+    for (const key of Object.keys(row)) {
+      columnSet.add(key)
+    }
+  }
+  const columns = Array.from(columnSet)
+  if (columns.length === 0) {
+    throw new Error('No columns provided for SQL operation')
+  }
+  const rows = mapped.map((row) => {
+    const normalized: Record<string, unknown> = {}
+    for (const column of columns) {
+      normalized[column] = row[column] ?? null
+    }
+    return normalized
+  })
+  return { columns, rows }
+}
+function buildInsertSql(tableName: string, columns: string[], rowCount: number): string {
+  const columnList = columns.join(', ')
+  const rowPlaceholders = `(${columns.map(() => '?').join(', ')})`
+  const valuesPlaceholders = Array.from({ length: rowCount }, () => rowPlaceholders).join(', ')
+  return `INSERT INTO ${tableName} (${columnList}) VALUES ${valuesPlaceholders} RETURNING *`
+}
+async function auditedInsertSql<TRecord extends AuditableRecord>(
+  db: D1Database,
+  ctx: ServiceContext,
+  tableName: string,
+  values: Record<string, unknown> | Record<string, unknown>[],
+  options?: SqlAuditOptions
+): Promise<TRecord[]> {
+  const { columns, rows } = normalizeRows(values, options?.columnMap)
+  const sql = buildInsertSql(tableName, columns, rows.length)
+  const params = rows.flatMap((row) => columns.map((column) => row[column]))
+  const results = await queryAll<Record<string, unknown>>(db, sql, params)
-  // Log audit for each inserted record
   for (const record of results) {
-    const typedRecord = record as unknown as TRecord
-    await logAudit(
-      db,
-      ctx,
-      tableName,
-      typedRecord.id,
-      'INSERT',
-      record as Record<string, unknown>
-    )
+    const entityId = String(record[options?.primaryKey ?? 'id'] ?? '')
+    await logAudit(db, ctx, tableName, entityId, 'INSERT', record)
   }
-  return results as unknown as TRecord[]
+  return results as TRecord[]
 }
-/**
- * Update with automatic audit logging (includes diff of changes)
- * Returns the updated records (same as .returning())
- */
-export async function auditedUpdate<TRecord extends AuditableRecord>(
-  db: Database,
+async function auditedUpdateSql<TRecord extends AuditableRecord>(
+  db: D1Database,
   ctx: ServiceContext,
-  table: SQLiteTable,
+  tableName: string,
   values: Record<string, unknown>,
-  where: SQL
+  where: SqlWhereClause,
+  options?: SqlAuditOptions
 ): Promise<TRecord[]> {
-  const tableName = getTableName(table)
-  // Get old data first for diff
-  const oldRecords = await db
-    .select()
-    .from(table)
-    .where(where)
-    .limit(100) // Safety limit
-  const results = await db
-    .update(table)
-    .set(values)
-    .where(where)
-    .returning()
-  // Log audit for each updated record with diff
-  for (let i = 0; i < results.length; i++) {
-    const oldData = (oldRecords[i] ?? {}) as Record<string, unknown>
-    const newData = results[i] as unknown as TRecord
-    const diff = createChangeDiff(
-      oldData,
-      newData as Record<string, unknown>
+  const mappedValues = mapValues(values, options?.columnMap)
+  const columns = Object.keys(mappedValues)
+  if (columns.length === 0) {
+    throw new Error('No columns provided for SQL update')
+  }
+  const whereClause = where.clause.trim()
+  if (!whereClause) {
+    throw new Error('Missing SQL where clause for auditedUpdate')
+  }
+  const oldRecords = await queryAll<Record<string, unknown>>(
+    db,
+    `SELECT * FROM ${tableName} WHERE ${whereClause} LIMIT 100`,
+    where.params
+  )
+  const setClause = columns.map((column) => `${column} = ?`).join(', ')
+  const params = columns.map((column) => mappedValues[column]).concat(where.params ?? [])
+  let results: Record<string, unknown>[] = []
+  try {
+    results = await queryAll<Record<string, unknown>>(
+      db,
+      `UPDATE ${tableName} SET ${setClause} WHERE ${whereClause} RETURNING *`,
+      params
     )
+  } catch {
+    await execute(db, `UPDATE ${tableName} SET ${setClause} WHERE ${whereClause}`, params)
+    results = await queryAll<Record<string, unknown>>(
+      db,
+      `SELECT * FROM ${tableName} WHERE ${whereClause} LIMIT 100`,
+      where.params
+    )
+  }
+  const primaryKey = options?.primaryKey ?? 'id'
+  const oldById = new Map<string, Record<string, unknown>>()
+  for (const record of oldRecords) {
+    const id = String(record[primaryKey] ?? '')
+    oldById.set(id, record)
+  }
+  for (const record of results) {
+    const entityId = String(record[primaryKey] ?? '')
+    const oldData = oldById.get(entityId) ?? {}
+    const diff = createChangeDiff(oldData, record)
+    await logAudit(db, ctx, tableName, entityId, 'UPDATE', diff)
+  }
+  return results as TRecord[]
+}
-    await logAudit(
+async function auditedDeleteSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  tableName: string,
+  where: SqlWhereClause,
+  options?: SqlDeleteOptions
+): Promise<void> {
+  const whereClause = where.clause.trim()
+  if (!whereClause) {
+    throw new Error('Missing SQL where clause for auditedDelete')
+  }
+  const now = options?.now ?? (() => new Date().toISOString())
+  const timestamp = now()
+  const columns = {
+    ...DEFAULT_SOFT_DELETE_COLUMNS,
+    ...options?.softDeleteColumns,
+  }
+  const setColumns: Array<[string, unknown]> = [
+    [columns.deletedAt, timestamp],
+    [columns.deletedById, ctx.user.id],
+    [columns.updatedAt, timestamp],
+    [columns.updatedById, ctx.user.id],
+  ]
+  const setClause = setColumns.map(([column]) => `${column} = ?`).join(', ')
+  const params = setColumns.map(([, value]) => value).concat(where.params ?? [])
+  let results: Record<string, unknown>[] = []
+  try {
+    results = await queryAll<Record<string, unknown>>(
       db,
-      ctx,
-      tableName,
-      newData.id,
-      'UPDATE',
-      diff
+      `UPDATE ${tableName} SET ${setClause} WHERE ${whereClause} RETURNING *`,
+      params
+    )
+  } catch {
+    await execute(db, `UPDATE ${tableName} SET ${setClause} WHERE ${whereClause}`, params)
+    results = await queryAll<Record<string, unknown>>(
+      db,
+      `SELECT * FROM ${tableName} WHERE ${whereClause} LIMIT 100`,
+      where.params
     )
   }
-  return results as unknown as TRecord[]
+  const primaryKey = options?.primaryKey ?? 'id'
+  for (const record of results) {
+    const entityId = String(record[primaryKey] ?? '')
+    await logAudit(db, ctx, tableName, entityId, 'DELETE', { deleted: true })
+  }
 }
 /**
- * Interface for soft-deletable tables with required audit fields
+ * Insert with automatic audit logging
+ * Returns the inserted records (same as .returning())
  */
-interface SoftDeletableFields {
-  deletedAt: string | null
-  deletedById: string | null
-  updatedAt: string
-  updatedById: string | null
+export async function auditedInsert<TRecord extends AuditableRecord>(
+  db: D1Database,
+  ctx: ServiceContext,
+  table: string,
+  values: Record<string, unknown> | Record<string, unknown>[],
+  options?: SqlAuditOptions
+): Promise<TRecord[]> {
+  return auditedInsertSql(db, ctx, table, values, options)
+}
+/**
+ * Update with automatic audit logging (includes diff of changes)
+ * Returns the updated records (same as .returning())
+ */
+export async function auditedUpdate<TRecord extends AuditableRecord>(
+  db: D1Database,
+  ctx: ServiceContext,
+  table: string,
+  values: Record<string, unknown>,
+  where: SqlWhereClause,
+  options?: SqlAuditOptions
+): Promise<TRecord[]> {
+  return auditedUpdateSql(db, ctx, table, values, where, options)
 }
 /**
@@ -119,36 +254,11 @@ interface SoftDeletableFields {
  * Sets deletedAt and deletedById fields
  */
 export async function auditedDelete(
-  db: Database,
+  db: D1Database,
   ctx: ServiceContext,
-  table: SQLiteTable,
-  where: SQL
+  table: string,
+  where: SqlWhereClause,
+  options?: SqlDeleteOptions
 ): Promise<void> {
-  const tableName = getTableName(table)
-  const softDeleteValues: SoftDeletableFields = {
-    deletedAt: new Date().toISOString(),
-    deletedById: ctx.user.id,
-    updatedAt: new Date().toISOString(),
-    updatedById: ctx.user.id,
-  }
-  const results = await db
-    .update(table)
-    .set(softDeleteValues)
-    .where(where)
-    .returning()
-  // Log audit for each deleted record
-  for (const record of results) {
-    const typedRecord = record as unknown as AuditableRecord
-    await logAudit(
-      db,
-      ctx,
-      tableName,
-      typedRecord.id,
-      'DELETE',
-      { deleted: true }
-    )
-  }
+  await auditedDeleteSql(db, ctx, table, where, options)
 }

package/templates/base/src/server/lib/transaction.ts CHANGED Viewed

@@ -1,24 +1,18 @@
-import type { Database } from '../db/client'
-type Transaction = Parameters<Parameters<Database['transaction']>[0]>[0]
+// src/server/lib/transaction.ts
 /**
- * Execute a callback within a database transaction.
- * - Callback succeeds → automatic commit
- * - Callback throws → automatic rollback
+ * Execute a callback within a database unit of work.
  *
- * @example
- * const result = await withTransaction(db, async (tx) => {
- *   const [account] = await tx.insert(accounts).values({ name: 'Acme' }).returning()
- *   const [user] = await tx.insert(users).values({ email: 'admin@acme.com' }).returning()
- *   return { account, user }
- * })
+ * Cloudflare D1 does not expose full transaction callbacks in the Worker runtime.
+ * This helper forwards the D1 database instance to the callback.
+ * If you need transactional guarantees, use explicit SQL (BEGIN/COMMIT) or
+ * D1 batch operations in the calling code.
  */
 export async function withTransaction<T>(
-  db: Database,
-  callback: (tx: Transaction) => Promise<T>
+  db: D1Database,
+  callback: (tx: D1Database) => Promise<T>
 ): Promise<T> {
-  return db.transaction(callback)
+  return callback(db)
 }
-export type { Transaction }
+export type Transaction = D1Database

package/templates/base/src/server/middleware/account.ts CHANGED Viewed

@@ -1,10 +1,9 @@
 // src/middleware/account.ts
 import { createMiddleware } from 'hono/factory'
 import { HTTPException } from 'hono/http-exception'
-import { userAccounts } from '../db/schema'
-import { eq, and } from 'drizzle-orm'
 import type { HonoEnv } from '../types'
 import type { Role } from '../auth/roles'
+import { queryOne } from '../db/sql'
 export const accountMiddleware = createMiddleware<HonoEnv>(async (c, next) => {
   // Check account-id header (required)
@@ -36,21 +35,15 @@ export const accountMiddleware = createMiddleware<HonoEnv>(async (c, next) => {
   // Check user-account membership in database
   const db = c.get('db')
-  if (!db) {
+  const accountDb = c.env.DB ?? db
+  if (!accountDb) {
     throw new HTTPException(500, { message: 'Database not initialized' })
   }
-  const membershipResults = await db
-    .select()
-    .from(userAccounts)
-    .where(
-      and(
-        eq(userAccounts.userId, user.id),
-        eq(userAccounts.accountId, accountId)
-      )
-    )
-    .limit(1)
-  const membership = membershipResults.at(0)
+  const membership = await queryOne<{ role: Role }>(
+    accountDb,
+    `SELECT role FROM user_accounts WHERE user_id = ? AND account_id = ? LIMIT 1`,
+    [user.id, accountId]
+  )
   if (!membership) {
     throw new HTTPException(403, {
       message: 'Forbidden: User does not have access to this account',