@heyhru/app-dms-server 0.1.5 → 0.1.6

package/dist/index.js

@@ -1,5 +1,31 @@
-// src/index.ts
-import { createSqlite } from "@heyhru/server-util-sqlite";
+import "./chunk-QGM4M3NI.js";
+
+// src/db/index.ts
+var _db = null;
+var _driver = "sqlite";
+function parseDbDriver(url) {
+  if (url.startsWith("postgres://") || url.startsWith("postgresql://")) return "postgres";
+  return "sqlite";
+}
+async function createDmsDb(url) {
+  if (_db) throw new Error("DmsDb already initialized. Call close() first.");
+  _driver = parseDbDriver(url);
+  if (_driver === "postgres") {
+    const { createPgAdapter } = await import("./pg.adapter-BNI42SHT.js");
+    _db = createPgAdapter(url);
+  } else {
+    const { createSqliteAdapter } = await import("./sqlite.adapter-SCNLOKBD.js");
+    _db = createSqliteAdapter(url.replace("sqlite://", ""));
+  }
+  return _db;
+}
+function getDb() {
+  if (!_db) throw new Error("DmsDb not initialized. Call createDmsDb() first.");
+  return _db;
+}
+function getDriver() {
+  return _driver;
+}
 
 // src/app.ts
 import Fastify from "fastify";
@@ -85,8 +111,10 @@ import { hashPassword as hashPassword2, verifyPassword } from "@heyhru/server-ut
 // src/users/users.service.ts
 import { hashPassword } from "@heyhru/server-util-crypto";
 
-// src/users/users.model.ts
-import { getSqlite as getDb } from "@heyhru/server-util-sqlite";
+// src/db/dialect.ts
+function nowExpr() {
+  return getDriver() === "postgres" ? "NOW()" : "datetime('now')";
+}
 
 // src/users/users.sql.ts
 var LIST = `
@@ -105,9 +133,9 @@ var CREATE = `
 INSERT INTO users (username, email, password_hash, role)
 VALUES (?, ?, ?, ?)
 RETURNING id, username, email, role, created_at`;
-var UPDATE_PASSWORD = `
+var UPDATE_PASSWORD = () => `
 UPDATE users
-SET password_hash = ?, updated_at = datetime('now')
+SET password_hash = ?, updated_at = ${nowExpr()}
 WHERE id = ?`;
 var DELETE = `
 DELETE FROM users
@@ -115,18 +143,18 @@ WHERE id = ?`;
 
 // src/users/users.model.ts
 function listUsers() {
-  return getDb().prepare(LIST).all();
+  return getDb().query(LIST);
 }
 function getUserById(id) {
-  return getDb().prepare(FIND_BY_ID).get(id);
+  return getDb().queryOne(FIND_BY_ID, [id]);
 }
 function getUserByUsername(username) {
-  return getDb().prepare(FIND_BY_USERNAME).get(username);
+  return getDb().queryOne(FIND_BY_USERNAME, [username]);
 }
 function createUserRow(username, email, hash, role) {
-  return getDb().prepare(CREATE).get(username, email, hash, role);
+  return getDb().queryOne(CREATE, [username, email, hash, role]);
 }
-function updateUserRow(id, data) {
+async function updateUserRow(id, data) {
   const fields = [];
   const values = [];
   if (data.email) {
@@ -138,18 +166,18 @@ function updateUserRow(id, data) {
     values.push(data.role);
   }
   if (!fields.length) return getUserById(id);
-  fields.push("updated_at = datetime('now')");
+  fields.push(`updated_at = ${nowExpr()}`);
   values.push(id);
-  const bound = values;
-  return getDb().prepare(
-    `UPDATE users SET ${fields.join(", ")} WHERE id = ? RETURNING id, username, email, role, created_at`
-  ).get(...bound);
+  return getDb().queryOne(
+    `UPDATE users SET ${fields.join(", ")} WHERE id = ? RETURNING id, username, email, role, created_at`,
+    values
+  );
 }
 function deleteUser(id) {
-  return getDb().prepare(DELETE).run(id);
+  return getDb().run(DELETE, [id]);
 }
 function updatePasswordHash(id, hash) {
-  return getDb().prepare(UPDATE_PASSWORD).run(hash, id);
+  return getDb().run(UPDATE_PASSWORD(), [hash, id]);
 }
 
 // src/users/users.service.ts
@@ -159,30 +187,30 @@ function getUserByUsername2(username) {
 function updateUserPassword(id, hash) {
   return updatePasswordHash(id, hash);
 }
-function userList(_req, reply) {
-  return reply.send(listUsers());
+async function userList(_req, reply) {
+  return reply.send(await listUsers());
 }
-function userGet(req, reply) {
+async function userGet(req, reply) {
   const { id } = req.body ?? {};
-  const user = getUserById(id);
+  const user = await getUserById(id);
   if (!user) return reply.code(404).send({ error: "\u672A\u627E\u5230" });
   return reply.send(user);
 }
 async function userCreate(req, reply) {
   const body = req.body ?? {};
   const hash = await hashPassword(body.password);
-  const user = createUserRow(body.username, body.email, hash, body.role);
+  const user = await createUserRow(body.username, body.email, hash, body.role);
   return reply.code(201).send(user);
 }
-function userUpdate(req, reply) {
+async function userUpdate(req, reply) {
   const { id, ...rest } = req.body ?? {};
-  const user = updateUserRow(id, rest);
+  const user = await updateUserRow(id, rest);
   if (!user) return reply.code(404).send({ error: "\u672A\u627E\u5230" });
   return reply.send(user);
 }
-function userDelete(req, reply) {
+async function userDelete(req, reply) {
   const { id } = req.body ?? {};
-  deleteUser(id);
+  await deleteUser(id);
   return reply.code(204).send();
 }
 
@@ -192,7 +220,7 @@ async function authLogin(req, reply) {
   if (!username || !password) {
     return reply.code(400).send({ error: "\u7528\u6237\u540D\u548C\u5BC6\u7801\u4E0D\u80FD\u4E3A\u7A7A" });
   }
-  const user = getUserByUsername2(username);
+  const user = await getUserByUsername2(username);
   if (!user || !await verifyPassword(password, user.password_hash)) {
     logger.warn("Login failed for user: %s", username);
     return reply.code(401).send({ error: "\u7528\u6237\u540D\u6216\u5BC6\u7801\u9519\u8BEF" });
@@ -214,12 +242,12 @@ async function authChangePassword(req, reply) {
   if (!currentPassword || !newPassword) {
     return reply.code(400).send({ error: "\u5F53\u524D\u5BC6\u7801\u548C\u65B0\u5BC6\u7801\u4E0D\u80FD\u4E3A\u7A7A" });
   }
-  const user = getUserByUsername2(req.user.username);
+  const user = await getUserByUsername2(req.user.username);
   if (!user || !await verifyPassword(currentPassword, user.password_hash)) {
     return reply.code(400).send({ error: "\u5F53\u524D\u5BC6\u7801\u4E0D\u6B63\u786E" });
   }
   const hash = await hashPassword2(newPassword);
-  updateUserPassword(user.id, hash);
+  await updateUserPassword(user.id, hash);
   logger.info("Password changed for user: %s", req.user.username);
   return reply.send({ ok: true });
 }
@@ -246,16 +274,13 @@ import { encrypt, decrypt } from "@heyhru/server-util-crypto";
 import { createPool as createMysqlPool } from "@heyhru/server-util-mysql";
 import { createPool as createPgPool } from "@heyhru/server-util-pg";
 
-// src/datasources/datasources.model.ts
-import { getSqlite as getDb2 } from "@heyhru/server-util-sqlite";
-
 // src/datasources/datasources.sql.ts
 var LIST2 = `
-SELECT id, name, type, host, port, database, username, pool_min, pool_max, created_by, created_at
+SELECT id, name, type, host, port, database, username, ssl, pool_min, pool_max, created_by, created_at
 FROM data_sources
 ORDER BY created_at DESC`;
 var FIND_BY_ID2 = `
-SELECT id, name, type, host, port, database, username, pool_min, pool_max, created_by, created_at
+SELECT id, name, type, host, port, database, username, ssl, pool_min, pool_max, created_by, created_at
 FROM data_sources
 WHERE id = ?`;
 var FIND_WITH_PASSWORD = `
@@ -263,26 +288,26 @@ SELECT *
 FROM data_sources
 WHERE id = ?`;
 var CREATE2 = `
-INSERT INTO data_sources (name, type, host, port, database, username, password_encrypted, pool_min, pool_max, created_by)
-VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-RETURNING id, name, type, host, port, database, username, pool_min, pool_max, created_by, created_at`;
-var UPDATE_FIELDS = ["name", "type", "host", "port", "database", "username", "pool_min", "pool_max"];
+INSERT INTO data_sources (name, type, host, port, database, username, password_encrypted, ssl, pool_min, pool_max, created_by)
+VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+RETURNING id, name, type, host, port, database, username, ssl, pool_min, pool_max, created_by, created_at`;
+var UPDATE_FIELDS = ["name", "type", "host", "port", "database", "username", "ssl", "pool_min", "pool_max"];
 var DELETE2 = `
 DELETE FROM data_sources
 WHERE id = ?`;
 
 // src/datasources/datasources.model.ts
 function listDataSources() {
-  return getDb2().prepare(LIST2).all();
+  return getDb().query(LIST2);
 }
 function getDataSourceById(id) {
-  return getDb2().prepare(FIND_BY_ID2).get(id);
+  return getDb().queryOne(FIND_BY_ID2, [id]);
 }
 function getDataSourceRow(id) {
-  return getDb2().prepare(FIND_WITH_PASSWORD).get(id);
+  return getDb().queryOne(FIND_WITH_PASSWORD, [id]);
 }
 function insertDataSource(data, encryptedPassword, createdBy) {
-  return getDb2().prepare(CREATE2).get(
+  return getDb().queryOne(CREATE2, [
     data.name,
     data.type,
     data.host,
@@ -290,12 +315,13 @@ function insertDataSource(data, encryptedPassword, createdBy) {
     data.database,
     data.username,
     encryptedPassword,
+    data.ssl,
     data.pool_min,
     data.pool_max,
     createdBy
-  );
+  ]);
 }
-function updateDataSource(id, data, encryptedPassword) {
+async function updateDataSource(id, data, encryptedPassword) {
   const fields = [];
   const values = [];
   for (const key of UPDATE_FIELDS) {
@@ -310,13 +336,13 @@ function updateDataSource(id, data, encryptedPassword) {
   }
   if (!fields.length) return getDataSourceById(id);
   values.push(id);
-  const bound = values;
-  return getDb2().prepare(
-    `UPDATE data_sources SET ${fields.join(", ")} WHERE id = ? RETURNING id, name, type, host, port, database, username, pool_min, pool_max, created_by, created_at`
-  ).get(...bound);
+  return getDb().queryOne(
+    `UPDATE data_sources SET ${fields.join(", ")} WHERE id = ? RETURNING id, name, type, host, port, database, username, ssl, pool_min, pool_max, created_by, created_at`,
+    values
+  );
 }
 function removeDataSource(id) {
-  return getDb2().prepare(DELETE2).run(id);
+  return getDb().run(DELETE2, [id]);
 }
 
 // src/datasources/datasources.service.ts
@@ -341,14 +367,15 @@ function getPool(ds) {
     username: ds.username,
     password: ds.password,
     poolMin: ds.pool_min,
-    poolMax: ds.pool_max
+    poolMax: ds.pool_max,
+    ssl: ds.ssl
   });
   pools.set(key, pool);
   logger.info("Connection pool created (ds=%s, db=%s, type=%s)", ds.id, ds.database, ds.type);
   return pool;
 }
-function getPoolForDatabase(dataSourceId, database) {
-  const ds = getDataSourceWithPassword(dataSourceId);
+async function getPoolForDatabase(dataSourceId, database) {
+  const ds = await getDataSourceWithPassword(dataSourceId);
   if (!ds) return null;
   return getPool({ ...ds, database });
 }
@@ -362,8 +389,8 @@ async function destroyPool(id) {
     }
   }
 }
-function getDataSourceWithPassword(id) {
-  const row = getDataSourceRow(id);
+async function getDataSourceWithPassword(id) {
+  const row = await getDataSourceRow(id);
   if (!row) return null;
   return {
     id: row.id,
@@ -373,23 +400,24 @@ function getDataSourceWithPassword(id) {
     database: row.database ?? null,
     username: row.username,
     password: decrypt(row.password_encrypted, config.encryptionKey),
+    ssl: row.ssl,
     pool_min: row.pool_min,
     pool_max: row.pool_max
   };
 }
-function datasourceList(_req, reply) {
-  return reply.send(listDataSources());
+async function datasourceList(_req, reply) {
+  return reply.send(await listDataSources());
 }
-function datasourceGet(req, reply) {
+async function datasourceGet(req, reply) {
   const { id } = req.body ?? {};
-  const ds = getDataSourceById(id);
+  const ds = await getDataSourceById(id);
   if (!ds) return reply.code(404).send({ error: "\u672A\u627E\u5230" });
   return reply.send(ds);
 }
-function datasourceCreate(req, reply) {
+async function datasourceCreate(req, reply) {
   const body = req.body ?? {};
-  const ds = insertDataSource(
-    { ...body, pool_min: body.pool_min ?? 1, pool_max: body.pool_max ?? 10 },
+  const ds = await insertDataSource(
+    { ...body, ssl: body.ssl ?? false, pool_min: body.pool_min ?? 1, pool_max: body.pool_max ?? 10 },
     encrypt(body.password, config.encryptionKey),
     req.user.id
   );
@@ -397,17 +425,17 @@ function datasourceCreate(req, reply) {
 }
 async function datasourceUpdate(req, reply) {
   const { id, password, ...rest } = req.body ?? {};
-  const existing = getDataSourceById(id);
+  const existing = await getDataSourceById(id);
   if (!existing) return reply.code(404).send({ error: "\u672A\u627E\u5230" });
   const encryptedPassword = password ? encrypt(password, config.encryptionKey) : void 0;
   await destroyPool(id);
-  const ds = updateDataSource(id, rest, encryptedPassword);
+  const ds = await updateDataSource(id, rest, encryptedPassword);
   return reply.send(ds);
 }
 async function datasourceDelete(req, reply) {
   const { id } = req.body ?? {};
   await destroyPool(id);
-  removeDataSource(id);
+  await removeDataSource(id);
   return reply.code(204).send();
 }
 
@@ -423,9 +451,6 @@ function datasourceController(app) {
 // src/sql/sql.service.ts
 import NodeSqlParser from "node-sql-parser";
 
-// src/audit/audit.model.ts
-import { getSqlite as getDb3 } from "@heyhru/server-util-sqlite";
-
 // src/audit/audit.sql.ts
 var INSERT = `
 INSERT INTO audit_logs (user_id, data_source_id, action, sql_text, result_summary, ip_address)
@@ -438,16 +463,16 @@ WHERE 1=1`;
 
 // src/audit/audit.model.ts
 function insertAuditLog(entry) {
-  return getDb3().prepare(INSERT).run(
+  return getDb().run(INSERT, [
     entry.userId,
     entry.dataSourceId ?? null,
     entry.action,
     entry.sqlText ?? null,
     entry.resultSummary ?? null,
     entry.ipAddress ?? null
-  );
+  ]);
 }
-function queryAuditLogs(filters) {
+async function queryAuditLogs(filters) {
   let query = LIST3;
   const params = [];
   if (filters?.userId) {
@@ -460,8 +485,7 @@ function queryAuditLogs(filters) {
   }
   query += " ORDER BY al.created_at DESC LIMIT ? OFFSET ?";
   params.push(filters?.limit ?? 50, filters?.offset ?? 0);
-  const bound = params;
-  return getDb3().prepare(query).all(...bound);
+  return getDb().query(query, params);
 }
 
 // src/audit/audit.service.ts
@@ -516,8 +540,8 @@ async function sqlExecute({ dataSourceId, database, sql, userId, ip }) {
   if (category !== "select") {
     throw new Error("\u4EC5\u5141\u8BB8\u76F4\u63A5\u6267\u884C SELECT \u8BED\u53E5");
   }
-  const pool = database ? getPoolForDatabase(dataSourceId, database) : (() => {
-    const ds = getDataSourceWithPassword(dataSourceId);
+  const pool = database ? await getPoolForDatabase(dataSourceId, database) : await (async () => {
+    const ds = await getDataSourceWithPassword(dataSourceId);
     return ds ? getPool(ds) : null;
   })();
   if (!pool) throw new Error("\u6570\u636E\u6E90\u672A\u627E\u5230");
@@ -532,46 +556,48 @@ async function sqlExecute({ dataSourceId, database, sql, userId, ip }) {
   });
   return rows;
 }
-function postSqlDatabases(req, reply) {
+async function postSqlDatabases(req, reply) {
   const { dataSourceId } = req.body ?? {};
   if (!dataSourceId) {
     return reply.code(400).send({ error: "\u6570\u636E\u6E90 ID \u4E0D\u80FD\u4E3A\u7A7A" });
   }
-  const ds = getDataSourceWithPassword(dataSourceId);
+  const ds = await getDataSourceWithPassword(dataSourceId);
   if (!ds) return reply.code(404).send({ error: "\u6570\u636E\u6E90\u672A\u627E\u5230" });
   const pool = getPool({
     ...ds,
     database: ds.database ?? (ds.type === "postgres" ? "postgres" : "")
   });
   const sql = ds.type === "mysql" ? "SHOW DATABASES" : "SELECT datname FROM pg_database WHERE datistemplate = false ORDER BY datname";
-  return pool.execute(sql).then((rows) => {
+  try {
+    const rows = await pool.execute(sql);
     const names = rows.map(
       (r) => Object.values(r)[0]
     );
     return reply.send(names);
-  }).catch((err) => {
+  } catch (err) {
     logger.error(err, "Failed to list databases (ds=%s)", dataSourceId);
     return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
-  });
+  }
 }
-function postSqlTables(req, reply) {
+async function postSqlTables(req, reply) {
   const { dataSourceId, database } = req.body ?? {};
   if (!dataSourceId || !database) {
     return reply.code(400).send({ error: "\u6570\u636E\u6E90 ID \u548C\u6570\u636E\u5E93\u540D\u4E0D\u80FD\u4E3A\u7A7A" });
   }
-  const pool = getPoolForDatabase(dataSourceId, database);
+  const pool = await getPoolForDatabase(dataSourceId, database);
   if (!pool) return reply.code(404).send({ error: "\u6570\u636E\u6E90\u672A\u627E\u5230" });
-  const ds = getDataSourceWithPassword(dataSourceId);
+  const ds = await getDataSourceWithPassword(dataSourceId);
   const sql = ds.type === "mysql" ? `SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA = '${database}' ORDER BY TABLE_NAME` : "SELECT tablename FROM pg_tables WHERE schemaname = 'public' ORDER BY tablename";
-  return pool.execute(sql).then((rows) => {
+  try {
+    const rows = await pool.execute(sql);
     const names = rows.map(
       (r) => Object.values(r)[0]
     );
     return reply.send(names);
-  }).catch((err) => {
+  } catch (err) {
     logger.error(err, "Failed to list tables (ds=%s, db=%s)", dataSourceId, database);
     return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
-  });
+  }
 }
 
 // src/sql/sql.controller.ts
@@ -582,9 +608,6 @@ function sqlController(app) {
   app.post("/sql/tables", postSqlTables);
 }
 
-// src/approvals/approvals.model.ts
-import { getSqlite as getDb4 } from "@heyhru/server-util-sqlite";
-
 // src/approvals/approvals.sql.ts
 var FIND_BY_ID3 = `
 SELECT *
@@ -594,22 +617,22 @@ var CREATE3 = `
 INSERT INTO approvals (data_source_id, sql_text, submitted_by)
 VALUES (?, ?, ?)
 RETURNING *`;
-var UPDATE_REVIEW = `
+var UPDATE_REVIEW = () => `
 UPDATE approvals
-SET status = ?, reviewed_by = ?, reject_reason = ?, updated_at = datetime('now')
+SET status = ?, reviewed_by = ?, reject_reason = ?, updated_at = ${nowExpr()}
 WHERE id = ?
 RETURNING *`;
-var UPDATE_EXECUTING = `
+var UPDATE_EXECUTING = () => `
 UPDATE approvals
-SET status = 'executing', updated_at = datetime('now')
+SET status = 'executing', updated_at = ${nowExpr()}
 WHERE id = ?`;
-var UPDATE_RESULT = `
+var UPDATE_RESULT = () => `
 UPDATE approvals
-SET status = ?, execute_result = ?, updated_at = datetime('now')
+SET status = ?, execute_result = ?, updated_at = ${nowExpr()}
 WHERE id = ?`;
 
 // src/approvals/approvals.model.ts
-function listApprovals(filters) {
+async function listApprovals(filters) {
   let query = "SELECT * FROM approvals WHERE 1=1";
   const params = [];
   if (filters?.status) {
@@ -621,52 +644,51 @@ function listApprovals(filters) {
     params.push(filters.submittedBy);
   }
   query += " ORDER BY created_at DESC";
-  const bound = params;
-  return getDb4().prepare(query).all(...bound);
+  return getDb().query(query, params);
 }
 function getApprovalById(id) {
-  return getDb4().prepare(FIND_BY_ID3).get(id);
+  return getDb().queryOne(FIND_BY_ID3, [id]);
 }
 function insertApproval(dataSourceId, sqlText, submittedBy) {
-  return getDb4().prepare(CREATE3).get(dataSourceId, sqlText, submittedBy);
+  return getDb().queryOne(CREATE3, [dataSourceId, sqlText, submittedBy]);
 }
 function updateReview(id, status, reviewedBy, rejectReason) {
-  return getDb4().prepare(UPDATE_REVIEW).get(status, reviewedBy, rejectReason, id);
+  return getDb().queryOne(UPDATE_REVIEW(), [status, reviewedBy, rejectReason, id]);
 }
 function setExecuting(id) {
-  return getDb4().prepare(UPDATE_EXECUTING).run(id);
+  return getDb().run(UPDATE_EXECUTING(), [id]);
 }
 function setExecuteResult(id, status, result) {
-  return getDb4().prepare(UPDATE_RESULT).run(status, result, id);
+  return getDb().run(UPDATE_RESULT(), [status, result, id]);
 }
 
 // src/approvals/approvals.service.ts
-function approvalList(req, reply) {
+async function approvalList(req, reply) {
   const { status, mine } = req.body ?? {};
   return reply.send(
-    listApprovals({
+    await listApprovals({
       status,
       submittedBy: mine === "true" ? req.user.id : void 0
     })
   );
 }
-function approvalGet(req, reply) {
+async function approvalGet(req, reply) {
   const { id } = req.body ?? {};
-  const approval = getApprovalById(id);
+  const approval = await getApprovalById(id);
   if (!approval) return reply.code(404).send({ error: "\u672A\u627E\u5230" });
   return reply.send(approval);
 }
-function approvalCreate(req, reply) {
+async function approvalCreate(req, reply) {
   const { dataSourceId, sql } = req.body ?? {};
   if (!dataSourceId || !sql) {
     return reply.code(400).send({ error: "\u6570\u636E\u6E90 ID \u548C SQL \u4E0D\u80FD\u4E3A\u7A7A" });
   }
-  const approval = insertApproval(dataSourceId, sql, req.user.id);
+  const approval = await insertApproval(dataSourceId, sql, req.user.id);
   logger.info("Approval submitted (user=%s)", req.user.id);
   return reply.code(201).send(approval);
 }
-function reviewApproval(id, reviewerId, decision, rejectReason) {
-  const approval = getApprovalById(id);
+async function reviewApproval(id, reviewerId, decision, rejectReason) {
+  const approval = await getApprovalById(id);
   if (!approval || approval["status"] !== "pending") {
     throw new Error("\u5BA1\u6279\u8BB0\u5F55\u4E0D\u5B58\u5728\u6216\u4E0D\u5728\u5F85\u5BA1\u6279\u72B6\u6001");
   }
@@ -675,10 +697,10 @@ function reviewApproval(id, reviewerId, decision, rejectReason) {
   }
   return updateReview(id, decision, reviewerId, rejectReason ?? null);
 }
-function approvalApprove(req, reply) {
+async function approvalApprove(req, reply) {
   const { id } = req.body ?? {};
   try {
-    const result = reviewApproval(id, req.user.id, "approved");
+    const result = await reviewApproval(id, req.user.id, "approved");
     logger.info("Approval approved (id=%s, reviewer=%s)", id, req.user.id);
     return reply.send(result);
   } catch (err) {
@@ -686,10 +708,10 @@ function approvalApprove(req, reply) {
     return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
   }
 }
-function approvalReject(req, reply) {
+async function approvalReject(req, reply) {
   const { id, reason } = req.body ?? {};
   try {
-    const result = reviewApproval(id, req.user.id, "rejected", reason);
+    const result = await reviewApproval(id, req.user.id, "rejected", reason);
     logger.info("Approval rejected (id=%s, reviewer=%s)", id, req.user.id);
     return reply.send(result);
   } catch (err) {
@@ -709,18 +731,18 @@ async function approvalExecute(req, reply) {
   }
 }
 async function doExecuteApproval(id, userId, ip) {
-  const approval = getApprovalById(id);
+  const approval = await getApprovalById(id);
   if (!approval || approval["status"] !== "approved") {
     throw new Error("\u5BA1\u6279\u8BB0\u5F55\u4E0D\u5B58\u5728\u6216\u672A\u901A\u8FC7\u5BA1\u6279");
   }
-  setExecuting(id);
+  await setExecuting(id);
   try {
-    const ds = getDataSourceWithPassword(approval["data_source_id"]);
+    const ds = await getDataSourceWithPassword(approval["data_source_id"]);
     if (!ds) throw new Error("\u6570\u636E\u6E90\u672A\u627E\u5230");
     const pool = getPool(ds);
     const rows = await pool.execute(approval["sql_text"]);
     const result = `${rows.length} rows affected`;
-    setExecuteResult(id, "executed", result);
+    await setExecuteResult(id, "executed", result);
     logger.info("Approval executed (id=%s, user=%s)", id, userId);
     await writeAuditLog({
       userId,
@@ -733,7 +755,7 @@ async function doExecuteApproval(id, userId, ip) {
     return getApprovalById(id);
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    setExecuteResult(id, "execute_failed", message);
+    await setExecuteResult(id, "execute_failed", message);
     logger.error(err, "Approval execute_failed (id=%s)", id);
     throw err;
   }
@@ -774,38 +796,39 @@ async function buildApp() {
   return app;
 }
 
-// src/migrate/runner.ts
-import { getSqlite as getDb5 } from "@heyhru/server-util-sqlite";
-
 // src/migrate/migrations.ts
+var idCol = (driver) => driver === "postgres" ? "id UUID PRIMARY KEY DEFAULT gen_random_uuid()" : "id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16))))";
+var tsCol = (name, driver) => driver === "postgres" ? `${name} TIMESTAMPTZ NOT NULL DEFAULT NOW()` : `${name} TEXT NOT NULL DEFAULT (datetime('now'))`;
+var fkNotNull = (name, ref, driver) => driver === "postgres" ? `${name} UUID NOT NULL REFERENCES ${ref}(id)` : `${name} TEXT NOT NULL REFERENCES ${ref}(id)`;
+var fkNullable = (name, ref, driver) => driver === "postgres" ? `${name} UUID REFERENCES ${ref}(id)` : `${name} TEXT REFERENCES ${ref}(id)`;
 var migrations = [
   {
     name: "001_users.sql",
-    sql: `
+    sql: (d) => `
 CREATE TABLE IF NOT EXISTS users (
-  id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
+  ${idCol(d)},
   username TEXT NOT NULL UNIQUE,
   email TEXT NOT NULL UNIQUE,
   password_hash TEXT NOT NULL,
   role TEXT NOT NULL CHECK (role IN ('admin', 'maintainer', 'developer', 'viewer')),
-  created_at TEXT NOT NULL DEFAULT (datetime('now')),
-  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+  ${tsCol("created_at", d)},
+  ${tsCol("updated_at", d)}
 );
 
-INSERT OR IGNORE INTO users (id, username, email, password_hash, role)
+INSERT ${d === "postgres" ? "" : "OR IGNORE "}INTO users (id, username, email, password_hash, role)
 VALUES (
   'admin-seed-id-0000000000000000',
   'admin',
   'admin@example.com',
   '178c20236d9629bffcb301f57d1b8383:40c49d6500a8f322754ac0cd2d5c9dea019a4c14feef60e436d767cc2dd44bc1eeee7ef16f1bd768260aeec4025e06c479c4c367537899002ec89962382a3104',
   'admin'
-);`
+)${d === "postgres" ? " ON CONFLICT (id) DO NOTHING" : ""};`
   },
   {
     name: "002_data_sources.sql",
-    sql: `
+    sql: (d) => `
 CREATE TABLE IF NOT EXISTS data_sources (
-  id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
+  ${idCol(d)},
   name TEXT NOT NULL UNIQUE,
   type TEXT NOT NULL CHECK (type IN ('mysql', 'postgres')),
   host TEXT NOT NULL,
@@ -813,77 +836,84 @@ CREATE TABLE IF NOT EXISTS data_sources (
   database TEXT,
   username TEXT NOT NULL,
   password_encrypted TEXT NOT NULL,
+  ssl BOOLEAN NOT NULL DEFAULT FALSE,
   pool_min INTEGER NOT NULL DEFAULT 1,
   pool_max INTEGER NOT NULL DEFAULT 10,
-  created_by TEXT NOT NULL REFERENCES users(id),
-  created_at TEXT NOT NULL DEFAULT (datetime('now')),
-  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+  ${fkNotNull("created_by", "users", d)},
+  ${tsCol("created_at", d)},
+  ${tsCol("updated_at", d)}
 );`
   },
   {
     name: "003_audit_logs.sql",
-    sql: `
+    sql: (d) => `
 CREATE TABLE IF NOT EXISTS audit_logs (
-  id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
-  user_id TEXT NOT NULL REFERENCES users(id),
-  data_source_id TEXT REFERENCES data_sources(id),
+  ${idCol(d)},
+  ${fkNotNull("user_id", "users", d)},
+  ${fkNullable("data_source_id", "data_sources", d)},
   action TEXT NOT NULL,
   sql_text TEXT,
   result_summary TEXT,
   ip_address TEXT,
-  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+  ${tsCol("created_at", d)}
 );
 
 CREATE INDEX IF NOT EXISTS idx_audit_logs_user_id ON audit_logs(user_id);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_data_source_id ON audit_logs(data_source_id);
 CREATE INDEX IF NOT EXISTS idx_audit_logs_created_at ON audit_logs(created_at);`
   },
   {
     name: "004_approvals.sql",
-    sql: `
+    sql: (d) => `
 CREATE TABLE IF NOT EXISTS approvals (
-  id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
-  data_source_id TEXT NOT NULL REFERENCES data_sources(id),
-  submitted_by TEXT NOT NULL REFERENCES users(id),
-  reviewed_by TEXT REFERENCES users(id),
+  ${idCol(d)},
+  ${fkNotNull("data_source_id", "data_sources", d)},
+  ${fkNotNull("submitted_by", "users", d)},
+  ${fkNullable("reviewed_by", "users", d)},
   sql_text TEXT NOT NULL,
   status TEXT NOT NULL DEFAULT 'pending'
     CHECK (status IN ('pending', 'approved', 'rejected', 'executing', 'executed', 'execute_failed')),
   reject_reason TEXT,
   execute_result TEXT,
-  created_at TEXT NOT NULL DEFAULT (datetime('now')),
-  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+  ${tsCol("created_at", d)},
+  ${tsCol("updated_at", d)}
 );
 
 CREATE INDEX IF NOT EXISTS idx_approvals_status ON approvals(status);
 CREATE INDEX IF NOT EXISTS idx_approvals_submitted_by ON approvals(submitted_by);`
+  },
+  {
+    name: "005_data_sources_add_ssl.sql",
+    sql: () => `
+ALTER TABLE data_sources ADD COLUMN ssl BOOLEAN NOT NULL DEFAULT FALSE;`
   }
 ];
 
 // src/migrate/runner.ts
-function runMigrations() {
-  const db = getDb5();
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS _migrations (
-      name TEXT PRIMARY KEY,
-      applied_at TEXT NOT NULL DEFAULT (datetime('now'))
-    )
-  `);
-  const applied = new Set(
-    db.prepare("SELECT name FROM _migrations").all().map((r) => r.name)
-  );
+async function runMigrations() {
+  const db = getDb();
+  const driver = getDriver();
+  const createMigrationTable = driver === "postgres" ? `CREATE TABLE IF NOT EXISTS _migrations (
+           name TEXT PRIMARY KEY,
+           applied_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+         )` : `CREATE TABLE IF NOT EXISTS _migrations (
+           name TEXT PRIMARY KEY,
+           applied_at TEXT NOT NULL DEFAULT (datetime('now'))
+         )`;
+  await db.exec(createMigrationTable);
+  const rows = await db.query("SELECT name FROM _migrations");
+  const applied = new Set(rows.map((r) => r.name));
   for (const migration of migrations) {
     if (applied.has(migration.name)) continue;
-    db.exec(migration.sql);
-    db.prepare("INSERT INTO _migrations (name) VALUES (?)").run(
-      migration.name
-    );
+    await db.exec(migration.sql(driver));
+    await db.run("INSERT INTO _migrations (name) VALUES (?)", [migration.name]);
     logger.info("Migration applied: %s", migration.name);
   }
 }
 
 // src/index.ts
 async function main() {
-  createSqlite({ path: config.dbUrl.replace("sqlite://", "") });
+  await createDmsDb(config.dbUrl);
   await runMigrations();
   const app = await buildApp();
   await app.listen({ port: config.port, host: "0.0.0.0" });