@etus/bhono-app 0.1.5 → 0.1.7

package/templates/base/src/server/services/accounts.ts

@@ -1,11 +1,10 @@
 // src/services/accounts.ts
-import { eq, and, isNull, isNotNull, sql } from 'drizzle-orm'
-import type { Database } from '../db/client'
-import { accounts, userAccounts, type AccountRecord } from '../db/schema'
+import type { AccountRecord } from '../db/records'
 import { auditedInsert, auditedUpdate, auditedDelete } from '../lib/audited-db'
 import { createPaginationMeta, calculateOffset } from '../lib/pagination'
 import { NotFoundError, ConflictError, ForbiddenError } from '../lib/errors'
 import type { ServiceContext, PaginationQuery, PaginatedResponse, Account } from '../types'
+import { queryAll, queryOne, toStringValue, toNullableString, type SqlRow, type SqlParams } from '../db/sql'
 
 interface CreateAccountInput {
   name: string
@@ -19,251 +18,277 @@ interface UpdateAccountInput {
   domain?: string
 }
 
-export const accountsService = {
-  async findAll(
-    db: Database,
-    ctx: ServiceContext,
-    pagination: PaginationQuery
-  ): Promise<PaginatedResponse<Account>> {
-    const offset = calculateOffset(pagination.page, pagination.limit)
-    const conditions = [isNull(accounts.deletedAt)]
-
-    // Non-super-admin sees only their accounts
-    if (!ctx.user.isSuperAdmin) {
-      const accountIdsForUser = db
-        .select({ accountId: userAccounts.accountId })
-        .from(userAccounts)
-        .where(eq(userAccounts.userId, ctx.user.id))
 
-      conditions.push(sql`${accounts.id} IN ${accountIdsForUser}`)
-    }
+const ACCOUNT_SELECT_COLUMNS = `
+  id,
+  name,
+  description,
+  domain,
+  created_at as createdAt,
+  updated_at as updatedAt,
+  deleted_at as deletedAt
+`
+
+
+function mapAccountRow(row: SqlRow): AccountRecord {
+  const createdAt = row.createdAt ?? row.created_at
+  const updatedAt = row.updatedAt ?? row.updated_at
+  const deletedAt = row.deletedAt ?? row.deleted_at
+
+  return {
+    id: toStringValue(row.id),
+    name: toStringValue(row.name),
+    description: toNullableString(row.description),
+    domain: toNullableString(row.domain),
+    createdAt: toStringValue(createdAt),
+    updatedAt: toStringValue(updatedAt),
+    deletedAt: toNullableString(deletedAt),
+  }
+}
 
-    // Add search filter
-    if (pagination.query) {
-      conditions.push(
-        sql`(${accounts.name} LIKE ${'%' + pagination.query + '%'} OR ${accounts.domain} LIKE ${'%' + pagination.query + '%'})`
-      )
-    }
+function toAccount(record: AccountRecord): Account {
+  return {
+    id: record.id,
+    name: record.name,
+    description: record.description,
+    domain: record.domain,
+    createdAt: record.createdAt,
+    updatedAt: record.updatedAt,
+    deletedAt: record.deletedAt,
+  }
+}
 
-    // Get count
-    const countResults = await db
-      .select({ count: sql<number>`count(*)` })
-      .from(accounts)
-      .where(and(...conditions))
-
-    const totalItems = countResults.at(0)?.count ?? 0
-
-    // Get data
-    const data = await db
-      .select()
-      .from(accounts)
-      .where(and(...conditions))
-      .limit(pagination.limit)
-      .offset(offset)
-      .orderBy(sql`${accounts.createdAt} DESC`)
-
-    return {
-      data: data.map((a) => ({
-        id: a.id,
-        name: a.name,
-        description: a.description,
-        domain: a.domain,
-        createdAt: a.createdAt,
-        updatedAt: a.updatedAt,
-        deletedAt: a.deletedAt,
-      })),
-      meta: createPaginationMeta(totalItems, pagination.page, pagination.limit),
-    }
-  },
+async function findAllSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  pagination: PaginationQuery
+): Promise<PaginatedResponse<Account>> {
+  const offset = calculateOffset(pagination.page, pagination.limit)
+  const whereClauses: string[] = ['a.deleted_at IS NULL']
+  const params: SqlParams = []
+
+  if (!ctx.user.isSuperAdmin) {
+    whereClauses.push('a.id IN (SELECT account_id FROM user_accounts WHERE user_id = ?)')
+    params.push(ctx.user.id)
+  }
+
+  if (pagination.query) {
+    whereClauses.push('(a.name LIKE ? OR a.domain LIKE ?)')
+    const like = `%${pagination.query}%`
+    params.push(like, like)
+  }
+
+  const whereSql = whereClauses.length > 0 ? `WHERE ${whereClauses.join(' AND ')}` : ''
+
+  const countRow = await queryOne<{ count: number }>(
+    db,
+    `SELECT count(*) as count FROM accounts a ${whereSql}`,
+    params
+  )
+  const totalItems = countRow?.count ?? 0
+
+  const rows = await queryAll(
+    db,
+    `SELECT ${ACCOUNT_SELECT_COLUMNS}
+     FROM accounts a
+     ${whereSql}
+     ORDER BY a.created_at DESC
+     LIMIT ? OFFSET ?`,
+    [...params, pagination.limit, offset]
+  )
+
+  return {
+    data: rows.map((row) => toAccount(mapAccountRow(row))),
+    meta: createPaginationMeta(totalItems, pagination.page, pagination.limit),
+  }
+}
 
-  async findById(db: Database, ctx: ServiceContext, id: string): Promise<Account> {
-    const accountResults = await db
-      .select()
-      .from(accounts)
-      .where(and(eq(accounts.id, id), isNull(accounts.deletedAt)))
-      .limit(1)
+async function findByIdSql(db: D1Database, ctx: ServiceContext, id: string): Promise<Account> {
+  const row = await queryOne(
+    db,
+    `SELECT ${ACCOUNT_SELECT_COLUMNS}
+     FROM accounts a
+     WHERE a.id = ? AND a.deleted_at IS NULL
+     LIMIT 1`,
+    [id]
+  )
+
+  if (!row) {
+    throw new NotFoundError('Account')
+  }
+
+  if (!ctx.user.isSuperAdmin) {
+    const membership = await queryOne(
+      db,
+      `SELECT 1 as ok FROM user_accounts WHERE user_id = ? AND account_id = ? LIMIT 1`,
+      [ctx.user.id, id]
+    )
 
-    const accountRecord = accountResults.at(0)
-    if (!accountRecord) {
+    if (!membership) {
       throw new NotFoundError('Account')
     }
+  }
 
-    // Check access for non-super-admin
-    if (!ctx.user.isSuperAdmin) {
-      const membershipResults = await db
-        .select()
-        .from(userAccounts)
-        .where(
-          and(
-            eq(userAccounts.userId, ctx.user.id),
-            eq(userAccounts.accountId, id)
-          )
-        )
-        .limit(1)
-
-      const membership = membershipResults.at(0)
-      if (!membership) {
-        throw new NotFoundError('Account')
-      }
-    }
-
-    return {
-      id: accountRecord.id,
-      name: accountRecord.name,
-      description: accountRecord.description,
-      domain: accountRecord.domain,
-      createdAt: accountRecord.createdAt,
-      updatedAt: accountRecord.updatedAt,
-      deletedAt: accountRecord.deletedAt,
-    }
-  },
-
-  async create(db: Database, ctx: ServiceContext, input: CreateAccountInput): Promise<Account> {
-    // Only super-admin can create accounts
-    if (!ctx.user.isSuperAdmin) {
-      throw new ForbiddenError('Only super-admin can create accounts')
-    }
-
-    // Check domain uniqueness if provided
-    if (input.domain) {
-      const existingResults = await db
-        .select()
-        .from(accounts)
-        .where(eq(accounts.domain, input.domain))
-        .limit(1)
-
-      if (existingResults.at(0)) {
-        throw new ConflictError('Account with this domain already exists')
-      }
-    }
+  return toAccount(mapAccountRow(row))
+}
 
-    // Create account with audit
-    const insertResults = await auditedInsert<AccountRecord>(
+async function createSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  input: CreateAccountInput
+): Promise<Account> {
+  if (!ctx.user.isSuperAdmin) {
+    throw new ForbiddenError('Only super-admin can create accounts')
+  }
+
+  if (input.domain) {
+    const existing = await queryOne(
       db,
-      ctx,
-      accounts,
-      {
-        name: input.name,
-        description: input.description ?? null,
-        domain: input.domain ?? null,
-      }
+      `SELECT 1 as ok FROM accounts WHERE domain = ? LIMIT 1`,
+      [input.domain]
     )
 
-    const accountRecord: AccountRecord | undefined = insertResults.at(0)
-    if (!accountRecord) {
-      throw new Error('Failed to create account')
+    if (existing) {
+      throw new ConflictError('Account with this domain already exists')
     }
+  }
 
-    return {
-      id: accountRecord.id,
-      name: accountRecord.name,
-      description: accountRecord.description,
-      domain: accountRecord.domain,
-      createdAt: accountRecord.createdAt,
-      updatedAt: accountRecord.updatedAt,
-      deletedAt: accountRecord.deletedAt,
-    }
-  },
+  const insertResults = await auditedInsert<AccountRecord>(db, ctx, 'accounts', {
+    name: input.name,
+    description: input.description ?? null,
+    domain: input.domain ?? null,
+  })
 
-  async update(db: Database, ctx: ServiceContext, id: string, input: UpdateAccountInput): Promise<Account> {
-    await this.findById(db, ctx, id)
+  const accountRecord = insertResults.at(0)
+  if (!accountRecord) {
+    throw new Error('Failed to create account')
+  }
 
-    // Check domain uniqueness if changing
-    if (input.domain) {
-      const existingResults = await db
-        .select()
-        .from(accounts)
-        .where(and(eq(accounts.domain, input.domain), sql`${accounts.id} != ${id}`))
-        .limit(1)
+  return toAccount(mapAccountRow(accountRecord as unknown as SqlRow))
+}
 
-      if (existingResults.at(0)) {
-        throw new ConflictError('Account with this domain already exists')
-      }
-    }
+async function updateSql(
+  db: D1Database,
+  ctx: ServiceContext,
+  id: string,
+  input: UpdateAccountInput
+): Promise<Account> {
+  if (!ctx.user.isSuperAdmin) {
+    throw new ForbiddenError('Only super-admin can update accounts')
+  }
 
-    // Update account with audit
-    const updateResults = await auditedUpdate<AccountRecord>(
+  await findByIdSql(db, ctx, id)
+
+  if (input.domain) {
+    const existing = await queryOne(
       db,
-      ctx,
-      accounts,
-      {
-        ...input,
-        updatedAt: new Date().toISOString(),
-      },
-      eq(accounts.id, id)
+      `SELECT 1 as ok FROM accounts WHERE domain = ? AND id != ? LIMIT 1`,
+      [input.domain, id]
     )
 
-    const accountRecord: AccountRecord | undefined = updateResults.at(0)
-    if (!accountRecord) {
-      throw new Error('Failed to update account')
+    if (existing) {
+      throw new ConflictError('Account with this domain already exists')
     }
+  }
+
+  const updates: Record<string, unknown> = {
+    updated_at: new Date().toISOString(),
+  }
+
+  if (input.name !== undefined) updates.name = input.name
+  if (input.description !== undefined) updates.description = input.description ?? null
+  if (input.domain !== undefined) updates.domain = input.domain ?? null
+
+  const updateResults = await auditedUpdate<AccountRecord>(
+    db,
+    ctx,
+    'accounts',
+    updates,
+    { clause: 'id = ?', params: [id] }
+  )
+
+  const accountRecord = updateResults.at(0)
+  if (!accountRecord) {
+    throw new Error('Failed to update account')
+  }
+
+  return toAccount(mapAccountRow(accountRecord as unknown as SqlRow))
+}
 
-    return {
-      id: accountRecord.id,
-      name: accountRecord.name,
-      description: accountRecord.description,
-      domain: accountRecord.domain,
-      createdAt: accountRecord.createdAt,
-      updatedAt: accountRecord.updatedAt,
-      deletedAt: accountRecord.deletedAt,
-    }
-  },
+async function deleteSql(db: D1Database, ctx: ServiceContext, id: string): Promise<void> {
+  if (!ctx.user.isSuperAdmin) {
+    throw new ForbiddenError('Only super-admin can delete accounts')
+  }
 
-  async delete(db: Database, ctx: ServiceContext, id: string): Promise<void> {
-    // Only super-admin can delete accounts
-    if (!ctx.user.isSuperAdmin) {
-      throw new ForbiddenError('Only super-admin can delete accounts')
-    }
+  await findByIdSql(db, ctx, id)
+  await auditedDelete(db, ctx, 'accounts', { clause: 'id = ?', params: [id] })
+}
 
-    await this.findById(db, ctx, id)
+async function restoreSql(db: D1Database, ctx: ServiceContext, id: string): Promise<Account> {
+  if (!ctx.user.isSuperAdmin) {
+    throw new ForbiddenError('Only super-admin can restore accounts')
+  }
+
+  const row = await queryOne(
+    db,
+    `SELECT ${ACCOUNT_SELECT_COLUMNS}
+     FROM accounts a
+     WHERE a.id = ? AND a.deleted_at IS NOT NULL
+     LIMIT 1`,
+    [id]
+  )
+
+  if (!row) {
+    throw new NotFoundError('Account not found or not deleted')
+  }
+
+  const restoreResults = await auditedUpdate<AccountRecord>(
+    db,
+    ctx,
+    'accounts',
+    { deleted_at: null },
+    { clause: 'id = ?', params: [id] }
+  )
+
+  const restored = restoreResults.at(0)
+  if (!restored) {
+    throw new NotFoundError('Failed to restore account')
+  }
+
+  return toAccount(mapAccountRow(restored as unknown as SqlRow))
+}
 
-    // Soft delete with audit
-    await auditedDelete(db, ctx, accounts, eq(accounts.id, id))
+export const accountsService = {
+  async findAll(
+    db: D1Database,
+    ctx: ServiceContext,
+    pagination: PaginationQuery
+  ): Promise<PaginatedResponse<Account>> {
+    return findAllSql(db, ctx, pagination)
   },
 
-  async restore(db: Database, ctx: ServiceContext, id: string): Promise<Account> {
-    // Only super-admin can restore accounts
-    if (!ctx.user.isSuperAdmin) {
-      throw new ForbiddenError('Only super-admin can restore accounts')
-    }
+  async findById(db: D1Database, ctx: ServiceContext, id: string): Promise<Account> {
+    return findByIdSql(db, ctx, id)
+  },
 
-    // Find deleted record
-    const recordResults = await db
-      .select()
-      .from(accounts)
-      .where(and(
-        eq(accounts.id, id),
-        isNotNull(accounts.deletedAt)
-      ))
-      .limit(1)
-
-    const record = recordResults.at(0)
-    if (!record) {
-      throw new NotFoundError('Account not found or not deleted')
-    }
+  async create(db: D1Database, ctx: ServiceContext, input: CreateAccountInput): Promise<Account> {
+    return createSql(db, ctx, input)
+  },
 
-    // Restore account
-    const restoreResults = await auditedUpdate<AccountRecord>(
-      db,
-      ctx,
-      accounts,
-      { deletedAt: null },
-      eq(accounts.id, id)
-    )
+  async update(
+    db: D1Database,
+    ctx: ServiceContext,
+    id: string,
+    input: UpdateAccountInput
+  ): Promise<Account> {
+    return updateSql(db, ctx, id, input)
+  },
 
-    const restored: AccountRecord | undefined = restoreResults.at(0)
-    if (!restored) {
-      throw new NotFoundError('Failed to restore account')
-    }
+  async delete(db: D1Database, ctx: ServiceContext, id: string): Promise<void> {
+    await deleteSql(db, ctx, id)
+  },
 
-    return {
-      id: restored.id,
-      name: restored.name,
-      description: restored.description,
-      domain: restored.domain,
-      createdAt: restored.createdAt,
-      updatedAt: restored.updatedAt,
-      deletedAt: restored.deletedAt,
-    }
+  async restore(db: D1Database, ctx: ServiceContext, id: string): Promise<Account> {
+    return restoreSql(db, ctx, id)
   },
 }