npm - @heyhru/business-dms-approval - Versions diffs - 0.11.0 → 0.11.2 - Mend

@heyhru/business-dms-approval 0.11.0 → 0.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,275 +1,22 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-// src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  approvalApprove: () => approvalApprove,
-  approvalCreate: () => approvalCreate,
-  approvalExecute: () => approvalExecute,
-  approvalGet: () => approvalGet,
-  approvalList: () => approvalList,
-  approvalReject: () => approvalReject,
-  getApprovalById: () => getApprovalById,
-  setExecuteResult: () => setExecuteResult,
-  setExecuting: () => setExecuting
-});
-module.exports = __toCommonJS(index_exports);
-// src/approvals.service.ts
-var import_business_dms_datasource = require("@heyhru/business-dms-datasource");
-var import_business_dms_audit = require("@heyhru/business-dms-audit");
-// src/approvals.model.ts
-var import_server_plugin_pg = require("@heyhru/server-plugin-pg");
-// src/approvals.sql.ts
-var FIND_BY_ID = `
+"use strict";var y=Object.defineProperty;var j=Object.getOwnPropertyDescriptor;var M=Object.getOwnPropertyNames;var Q=Object.prototype.hasOwnProperty;var G=(t,e)=>{for(var r in e)y(t,r,{get:e[r],enumerable:!0})},H=(t,e,r,s)=>{if(e&&typeof e=="object"||typeof e=="function")for(let a of M(e))!Q.call(t,a)&&a!==r&&y(t,a,{get:()=>e[a],enumerable:!(s=j(e,a))||s.enumerable});return t};var X=t=>H(y({},"__esModule",{value:!0}),t);var k={};G(k,{approvalApprove:()=>L,approvalCreate:()=>O,approvalExecute:()=>B,approvalGet:()=>F,approvalList:()=>N,approvalReject:()=>U,getApprovalById:()=>c,setExecuteResult:()=>f,setExecuting:()=>v});module.exports=X(k);var l=require("@heyhru/business-dms-datasource"),I=require("@heyhru/business-dms-audit");var d=require("@heyhru/server-plugin-pg");var w=`
 SELECT *
 FROM approvals
-WHERE id = ?`;
-var CREATE = `
+WHERE id = ?`,A=`
 INSERT INTO approvals (data_source_id, db_name, sql_text, submitted_by, sql_type)
 VALUES (?, ?, ?, ?, ?)
-RETURNING *`;
-var UPDATE_REVIEW = () => `
+RETURNING *`,R=()=>`
 UPDATE approvals
 SET status = ?, reviewed_by = ?, reject_reason = ?, updated_at = NOW()
 WHERE id = ?
-RETURNING *`;
-var UPDATE_EXECUTING = () => `
+RETURNING *`,x=()=>`
 UPDATE approvals
 SET status = 'executing', updated_at = NOW()
-WHERE id = ?`;
-var UPDATE_RESULT = () => `
+WHERE id = ?`,_=()=>`
 UPDATE approvals
 SET status = ?, execute_result = ?, updated_at = NOW()
-WHERE id = ?`;
-// src/approvals.model.ts
-function buildWhereParams(filters) {
-  const clauses = [];
-  const params = [];
-  if (filters?.status) {
-    clauses.push("a.status = ?");
-    params.push(filters.status);
-  }
-  if (filters?.submittedBy) {
-    clauses.push("a.submitted_by = ?");
-    params.push(filters.submittedBy);
-  }
-  return { where: clauses.length ? " AND " + clauses.join(" AND ") : "", params };
-}
-async function countApprovals(filters) {
-  const { where, params } = buildWhereParams(filters);
-  const row = await (0, import_server_plugin_pg.getPgDb)().queryOne(
-    `SELECT COUNT(*) AS total FROM approvals a WHERE 1=1` + where,
-    params
-  );
-  return Number(row?.["total"] ?? 0);
-}
-async function listApprovals(filters) {
-  let query = `SELECT a.*, u.username AS submitter_name,
+WHERE id = ?`;function b(t){let e=[],r=[];return t?.status&&(e.push("a.status = ?"),r.push(t.status)),t?.submittedBy&&(e.push("a.submitted_by = ?"),r.push(t.submittedBy)),{where:e.length?" AND "+e.join(" AND "):"",params:r}}async function T(t){let{where:e,params:r}=b(t),s=await(0,d.getPgDb)().queryOne("SELECT COUNT(*) AS total FROM approvals a WHERE 1=1"+e,r);return Number(s?.total??0)}async function h(t){let e=`SELECT a.*, u.username AS submitter_name,
        ds.name AS data_source_name, ds.type AS data_source_type
 FROM approvals a
 LEFT JOIN users u ON u.id = a.submitted_by
 LEFT JOIN data_sources ds ON ds.id = a.data_source_id
-WHERE 1=1`;
-  const { where, params } = buildWhereParams(filters);
-  query += where + " ORDER BY a.created_at DESC LIMIT ? OFFSET ?";
-  params.push(filters?.limit ?? 50, filters?.offset ?? 0);
-  return (0, import_server_plugin_pg.getPgDb)().query(query, params);
-}
-function getApprovalById(id) {
-  return (0, import_server_plugin_pg.getPgDb)().queryOne(FIND_BY_ID, [id]);
-}
-function insertApproval({ dataSourceId, dbName, sqlText, submittedBy, sqlType = "DML" }) {
-  return (0, import_server_plugin_pg.getPgDb)().queryOne(CREATE, [dataSourceId, dbName, sqlText, submittedBy, sqlType]);
-}
-function updateReview(id, status, reviewedBy, rejectReason) {
-  return (0, import_server_plugin_pg.getPgDb)().queryOne(UPDATE_REVIEW(), [status, reviewedBy, rejectReason, id]);
-}
-function setExecuting(id) {
-  return (0, import_server_plugin_pg.getPgDb)().run(UPDATE_EXECUTING(), [id]);
-}
-function setExecuteResult(id, status, result) {
-  return (0, import_server_plugin_pg.getPgDb)().run(UPDATE_RESULT(), [status, result, id]);
-}
-// src/approvals.service.ts
-async function approvalList(req, reply) {
-  const { status, mine, limit, offset } = req.body ?? {};
-  const ownOnly = req.user.role === "developer" || req.user.role === "maintainer" || String(mine) === "true";
-  const filters = {
-    status,
-    submittedBy: ownOnly ? req.user.id : void 0,
-    limit: limit ? Number(limit) : void 0,
-    offset: offset ? Number(offset) : void 0
-  };
-  const [rows, total] = await Promise.all([listApprovals(filters), countApprovals(filters)]);
-  return reply.send({ rows, total });
-}
-async function approvalGet(req, reply) {
-  const { id } = req.body ?? {};
-  const approval = await getApprovalById(id);
-  if (!approval) return reply.code(404).send({ error: "Not found" });
-  return reply.send(approval);
-}
-async function approvalCreate(req, reply) {
-  const { dataSourceId, database, sql, sqlType } = req.body ?? {};
-  if (!dataSourceId || !sql) {
-    return reply.code(400).send({ error: "Data source ID and SQL are required" });
-  }
-  const type = sqlType === "EXPORT" ? "EXPORT" : "DML";
-  const approval = await insertApproval({
-    dataSourceId,
-    dbName: database ?? null,
-    sqlText: sql,
-    submittedBy: req.user.id,
-    sqlType: type
-  });
-  req.log.info("Approval submitted (user=%s, type=%s)", req.user.id, type);
-  return reply.code(201).send(approval);
-}
-async function reviewApproval(id, reviewerId, decision, rejectReason) {
-  const approval = await getApprovalById(id);
-  if (!approval || approval["status"] !== "pending") {
-    throw new Error("Approval not found or not in pending status");
-  }
-  if (approval["submitted_by"] === reviewerId) {
-    throw new Error("Cannot approve your own submission");
-  }
-  return updateReview(id, decision, reviewerId, rejectReason ?? null);
-}
-async function approvalApprove(req, reply) {
-  const { id } = req.body ?? {};
-  try {
-    const result = await reviewApproval(id, req.user.id, "approved");
-    req.log.info("Approval approved (id=%s, reviewer=%s)", id, req.user.id);
-    return reply.send(result);
-  } catch (err) {
-    req.log.warn(err, "Approve failed (id=%s, reviewer=%s)", id, req.user.id);
-    return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
-  }
-}
-async function approvalReject(req, reply) {
-  const { id, reason } = req.body ?? {};
-  try {
-    const result = await reviewApproval(id, req.user.id, "rejected", reason);
-    req.log.info("Approval rejected (id=%s, reviewer=%s)", id, req.user.id);
-    return reply.send(result);
-  } catch (err) {
-    req.log.warn(err, "Reject failed (id=%s, reviewer=%s)", id, req.user.id);
-    return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
-  }
-}
-function approvalExecute(encryptionKey) {
-  return async (req, reply) => {
-    const { id } = req.body ?? {};
-    const ip = req.headers["x-forwarded-for"] ?? req.headers["x-real-ip"] ?? "unknown";
-    try {
-      const result = await doExecuteApproval({ id, userId: req.user.id, ip, encryptionKey }, req.log);
-      return reply.send(result);
-    } catch (err) {
-      req.log.error(err, "Execute approval failed (id=%s, user=%s)", id, req.user.id);
-      return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
-    }
-  };
-}
-function splitStatements(sql) {
-  const statements = [];
-  let current = "";
-  let inSingle = false;
-  let inDouble = false;
-  for (let i = 0; i < sql.length; i++) {
-    const ch = sql[i];
-    const prev = sql[i - 1];
-    if (ch === "'" && !inDouble && prev !== "\\") {
-      inSingle = !inSingle;
-    } else if (ch === '"' && !inSingle && prev !== "\\") {
-      inDouble = !inDouble;
-    }
-    if (ch === ";" && !inSingle && !inDouble) {
-      const trimmed2 = current.trim();
-      if (trimmed2) statements.push(trimmed2);
-      current = "";
-    } else {
-      current += ch;
-    }
-  }
-  const trimmed = current.trim();
-  if (trimmed) statements.push(trimmed);
-  return statements;
-}
-async function doExecuteApproval({ id, userId, ip, encryptionKey }, log) {
-  const approval = await getApprovalById(id);
-  if (!approval || !["approved", "execute_failed"].includes(approval["status"])) {
-    throw new Error("Approval not found or not approved");
-  }
-  await setExecuting(id);
-  try {
-    const dataSourceId = approval["data_source_id"];
-    const dbName = approval["db_name"];
-    const pool = dbName ? await (0, import_business_dms_datasource.getPoolForDatabase)(dataSourceId, dbName, encryptionKey) : await (async () => {
-      const ds = await (0, import_business_dms_datasource.getDataSourceWithPassword)(dataSourceId, encryptionKey);
-      if (!ds) throw new Error("Data source not found");
-      return (0, import_business_dms_datasource.getPool)({ ...ds, database: ds.database ?? "" });
-    })();
-    if (!pool) throw new Error("Data source not found");
-    const sqlText = approval["sql_text"];
-    const statements = splitStatements(sqlText);
-    let result;
-    if (statements.length <= 1) {
-      const rows = await pool.execute(sqlText);
-      result = `${rows.length} rows affected`;
-    } else {
-      const results = await pool.executeInTransaction(statements);
-      const details = results.map((r) => `${r.rowCount} rows`).join(", ");
-      result = `${statements.length} statements executed (${details})`;
-    }
-    await setExecuteResult(id, "executed", result);
-    log.info("Approval executed (id=%s, user=%s, stmts=%d)", id, userId, statements.length);
-    await (0, import_business_dms_audit.writeAuditLog)({
-      userId,
-      dataSourceId,
-      action: "DML_EXECUTE",
-      sqlText,
-      resultSummary: result,
-      ipAddress: ip
-    });
-    return getApprovalById(id);
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    await setExecuteResult(id, "execute_failed", message);
-    log.error(err, "Approval execute_failed (id=%s)", id);
-    throw err;
-  }
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  approvalApprove,
-  approvalCreate,
-  approvalExecute,
-  approvalGet,
-  approvalList,
-  approvalReject,
-  getApprovalById,
-  setExecuteResult,
-  setExecuting
-});
+WHERE 1=1`,{where:r,params:s}=b(t);return e+=r+" ORDER BY a.created_at DESC LIMIT ? OFFSET ?",s.push(t?.limit??50,t?.offset??0),(0,d.getPgDb)().query(e,s)}function c(t){return(0,d.getPgDb)().queryOne(w,[t])}function S({dataSourceId:t,dbName:e,sqlText:r,submittedBy:s,sqlType:a="DML"}){return(0,d.getPgDb)().queryOne(A,[t,e,r,s,a])}function D(t,e,r,s){return(0,d.getPgDb)().queryOne(R(),[e,r,s,t])}function v(t){return(0,d.getPgDb)().run(x(),[t])}function f(t,e,r){return(0,d.getPgDb)().run(_(),[e,r,t])}async function N(t,e){let{status:r,mine:s,limit:a,offset:n}=t.body??{},o=t.user.role==="developer"||t.user.role==="maintainer"||String(s)==="true",i={status:r,submittedBy:o?t.user.id:void 0,limit:a?Number(a):void 0,offset:n?Number(n):void 0},[u,p]=await Promise.all([h(i),T(i)]);return e.send({rows:u,total:p})}async function F(t,e){let{id:r}=t.body??{},s=await c(r);return s?e.send(s):e.code(404).send({error:"Not found"})}async function O(t,e){let{dataSourceId:r,database:s,sql:a,sqlType:n}=t.body??{};if(!r||!a)return e.code(400).send({error:"Data source ID and SQL are required"});let o=n==="EXPORT"?"EXPORT":"DML",i=await S({dataSourceId:r,dbName:s??null,sqlText:a,submittedBy:t.user.id,sqlType:o});return t.log.info("Approval submitted (user=%s, type=%s)",t.user.id,o),e.code(201).send(i)}async function P(t,e,r,s){let a=await c(t);if(!a||a.status!=="pending")throw new Error("Approval not found or not in pending status");if(a.submitted_by===e)throw new Error("Cannot approve your own submission");return D(t,r,e,s??null)}async function L(t,e){let{id:r}=t.body??{};try{let s=await P(r,t.user.id,"approved");return t.log.info("Approval approved (id=%s, reviewer=%s)",r,t.user.id),e.send(s)}catch(s){return t.log.warn(s,"Approve failed (id=%s, reviewer=%s)",r,t.user.id),e.code(400).send({error:s instanceof Error?s.message:String(s)})}}async function U(t,e){let{id:r,reason:s}=t.body??{};try{let a=await P(r,t.user.id,"rejected",s);return t.log.info("Approval rejected (id=%s, reviewer=%s)",r,t.user.id),e.send(a)}catch(a){return t.log.warn(a,"Reject failed (id=%s, reviewer=%s)",r,t.user.id),e.code(400).send({error:a instanceof Error?a.message:String(a)})}}function B(t){return async(e,r)=>{let{id:s}=e.body??{},a=e.headers["x-forwarded-for"]??e.headers["x-real-ip"]??"unknown";try{let n=await Y({id:s,userId:e.user.id,ip:a,encryptionKey:t},e.log);return r.send(n)}catch(n){return e.log.error(n,"Execute approval failed (id=%s, user=%s)",s,e.user.id),r.code(400).send({error:n instanceof Error?n.message:String(n)})}}}function V(t){let e=[],r="",s=!1,a=!1;for(let o=0;o<t.length;o++){let i=t[o],u=t[o-1];if(i==="'"&&!a&&u!=="\\"?s=!s:i==='"'&&!s&&u!=="\\"&&(a=!a),i===";"&&!s&&!a){let p=r.trim();p&&e.push(p),r=""}else r+=i}let n=r.trim();return n&&e.push(n),e}async function Y({id:t,userId:e,ip:r,encryptionKey:s},a){let n=await c(t);if(!n||!["approved","execute_failed"].includes(n.status))throw new Error("Approval not found or not approved");await v(t);try{let o=n.data_source_id,i=n.db_name,u=i?await(0,l.getPoolForDatabase)(o,i,s):await(async()=>{let g=await(0,l.getDataSourceWithPassword)(o,s);if(!g)throw new Error("Data source not found");return(0,l.getPool)({...g,database:g.database??""})})();if(!u)throw new Error("Data source not found");let p=n.sql_text,E=V(p),m;if(E.length<=1)m=`${(await u.execute(p)).length} rows affected`;else{let C=(await u.executeInTransaction(E)).map(W=>`${W.rowCount} rows`).join(", ");m=`${E.length} statements executed (${C})`}return await f(t,"executed",m),a.info("Approval executed (id=%s, user=%s, stmts=%d)",t,e,E.length),await(0,I.writeAuditLog)({userId:e,dataSourceId:o,action:"DML_EXECUTE",sqlText:p,resultSummary:m,ipAddress:r}),c(t)}catch(o){let i=o instanceof Error?o.message:String(o);throw await f(t,"execute_failed",i),a.error(o,"Approval execute_failed (id=%s)",t),o}}0&&(module.exports={approvalApprove,approvalCreate,approvalExecute,approvalGet,approvalList,approvalReject,getApprovalById,setExecuteResult,setExecuting});

package/dist/index.mjs CHANGED Viewed

@@ -1,240 +1,22 @@
-// src/approvals.service.ts
-import { getDataSourceWithPassword, getPool, getPoolForDatabase } from "@heyhru/business-dms-datasource";
-import { writeAuditLog } from "@heyhru/business-dms-audit";
-// src/approvals.model.ts
-import { getPgDb } from "@heyhru/server-plugin-pg";
-// src/approvals.sql.ts
-var FIND_BY_ID = `
+import{getDataSourceWithPassword as F,getPool as O,getPoolForDatabase as P}from"@heyhru/business-dms-datasource";import{writeAuditLog as L}from"@heyhru/business-dms-audit";import{getPgDb as d}from"@heyhru/server-plugin-pg";var v=`
 SELECT *
 FROM approvals
-WHERE id = ?`;
-var CREATE = `
+WHERE id = ?`,y=`
 INSERT INTO approvals (data_source_id, db_name, sql_text, submitted_by, sql_type)
 VALUES (?, ?, ?, ?, ?)
-RETURNING *`;
-var UPDATE_REVIEW = () => `
+RETURNING *`,w=()=>`
 UPDATE approvals
 SET status = ?, reviewed_by = ?, reject_reason = ?, updated_at = NOW()
 WHERE id = ?
-RETURNING *`;
-var UPDATE_EXECUTING = () => `
+RETURNING *`,A=()=>`
 UPDATE approvals
 SET status = 'executing', updated_at = NOW()
-WHERE id = ?`;
-var UPDATE_RESULT = () => `
+WHERE id = ?`,R=()=>`
 UPDATE approvals
 SET status = ?, execute_result = ?, updated_at = NOW()
-WHERE id = ?`;
-// src/approvals.model.ts
-function buildWhereParams(filters) {
-  const clauses = [];
-  const params = [];
-  if (filters?.status) {
-    clauses.push("a.status = ?");
-    params.push(filters.status);
-  }
-  if (filters?.submittedBy) {
-    clauses.push("a.submitted_by = ?");
-    params.push(filters.submittedBy);
-  }
-  return { where: clauses.length ? " AND " + clauses.join(" AND ") : "", params };
-}
-async function countApprovals(filters) {
-  const { where, params } = buildWhereParams(filters);
-  const row = await getPgDb().queryOne(
-    `SELECT COUNT(*) AS total FROM approvals a WHERE 1=1` + where,
-    params
-  );
-  return Number(row?.["total"] ?? 0);
-}
-async function listApprovals(filters) {
-  let query = `SELECT a.*, u.username AS submitter_name,
+WHERE id = ?`;function x(t){let e=[],r=[];return t?.status&&(e.push("a.status = ?"),r.push(t.status)),t?.submittedBy&&(e.push("a.submitted_by = ?"),r.push(t.submittedBy)),{where:e.length?" AND "+e.join(" AND "):"",params:r}}async function _(t){let{where:e,params:r}=x(t),s=await d().queryOne("SELECT COUNT(*) AS total FROM approvals a WHERE 1=1"+e,r);return Number(s?.total??0)}async function b(t){let e=`SELECT a.*, u.username AS submitter_name,
        ds.name AS data_source_name, ds.type AS data_source_type
 FROM approvals a
 LEFT JOIN users u ON u.id = a.submitted_by
 LEFT JOIN data_sources ds ON ds.id = a.data_source_id
-WHERE 1=1`;
-  const { where, params } = buildWhereParams(filters);
-  query += where + " ORDER BY a.created_at DESC LIMIT ? OFFSET ?";
-  params.push(filters?.limit ?? 50, filters?.offset ?? 0);
-  return getPgDb().query(query, params);
-}
-function getApprovalById(id) {
-  return getPgDb().queryOne(FIND_BY_ID, [id]);
-}
-function insertApproval({ dataSourceId, dbName, sqlText, submittedBy, sqlType = "DML" }) {
-  return getPgDb().queryOne(CREATE, [dataSourceId, dbName, sqlText, submittedBy, sqlType]);
-}
-function updateReview(id, status, reviewedBy, rejectReason) {
-  return getPgDb().queryOne(UPDATE_REVIEW(), [status, reviewedBy, rejectReason, id]);
-}
-function setExecuting(id) {
-  return getPgDb().run(UPDATE_EXECUTING(), [id]);
-}
-function setExecuteResult(id, status, result) {
-  return getPgDb().run(UPDATE_RESULT(), [status, result, id]);
-}
-// src/approvals.service.ts
-async function approvalList(req, reply) {
-  const { status, mine, limit, offset } = req.body ?? {};
-  const ownOnly = req.user.role === "developer" || req.user.role === "maintainer" || String(mine) === "true";
-  const filters = {
-    status,
-    submittedBy: ownOnly ? req.user.id : void 0,
-    limit: limit ? Number(limit) : void 0,
-    offset: offset ? Number(offset) : void 0
-  };
-  const [rows, total] = await Promise.all([listApprovals(filters), countApprovals(filters)]);
-  return reply.send({ rows, total });
-}
-async function approvalGet(req, reply) {
-  const { id } = req.body ?? {};
-  const approval = await getApprovalById(id);
-  if (!approval) return reply.code(404).send({ error: "Not found" });
-  return reply.send(approval);
-}
-async function approvalCreate(req, reply) {
-  const { dataSourceId, database, sql, sqlType } = req.body ?? {};
-  if (!dataSourceId || !sql) {
-    return reply.code(400).send({ error: "Data source ID and SQL are required" });
-  }
-  const type = sqlType === "EXPORT" ? "EXPORT" : "DML";
-  const approval = await insertApproval({
-    dataSourceId,
-    dbName: database ?? null,
-    sqlText: sql,
-    submittedBy: req.user.id,
-    sqlType: type
-  });
-  req.log.info("Approval submitted (user=%s, type=%s)", req.user.id, type);
-  return reply.code(201).send(approval);
-}
-async function reviewApproval(id, reviewerId, decision, rejectReason) {
-  const approval = await getApprovalById(id);
-  if (!approval || approval["status"] !== "pending") {
-    throw new Error("Approval not found or not in pending status");
-  }
-  if (approval["submitted_by"] === reviewerId) {
-    throw new Error("Cannot approve your own submission");
-  }
-  return updateReview(id, decision, reviewerId, rejectReason ?? null);
-}
-async function approvalApprove(req, reply) {
-  const { id } = req.body ?? {};
-  try {
-    const result = await reviewApproval(id, req.user.id, "approved");
-    req.log.info("Approval approved (id=%s, reviewer=%s)", id, req.user.id);
-    return reply.send(result);
-  } catch (err) {
-    req.log.warn(err, "Approve failed (id=%s, reviewer=%s)", id, req.user.id);
-    return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
-  }
-}
-async function approvalReject(req, reply) {
-  const { id, reason } = req.body ?? {};
-  try {
-    const result = await reviewApproval(id, req.user.id, "rejected", reason);
-    req.log.info("Approval rejected (id=%s, reviewer=%s)", id, req.user.id);
-    return reply.send(result);
-  } catch (err) {
-    req.log.warn(err, "Reject failed (id=%s, reviewer=%s)", id, req.user.id);
-    return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
-  }
-}
-function approvalExecute(encryptionKey) {
-  return async (req, reply) => {
-    const { id } = req.body ?? {};
-    const ip = req.headers["x-forwarded-for"] ?? req.headers["x-real-ip"] ?? "unknown";
-    try {
-      const result = await doExecuteApproval({ id, userId: req.user.id, ip, encryptionKey }, req.log);
-      return reply.send(result);
-    } catch (err) {
-      req.log.error(err, "Execute approval failed (id=%s, user=%s)", id, req.user.id);
-      return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
-    }
-  };
-}
-function splitStatements(sql) {
-  const statements = [];
-  let current = "";
-  let inSingle = false;
-  let inDouble = false;
-  for (let i = 0; i < sql.length; i++) {
-    const ch = sql[i];
-    const prev = sql[i - 1];
-    if (ch === "'" && !inDouble && prev !== "\\") {
-      inSingle = !inSingle;
-    } else if (ch === '"' && !inSingle && prev !== "\\") {
-      inDouble = !inDouble;
-    }
-    if (ch === ";" && !inSingle && !inDouble) {
-      const trimmed2 = current.trim();
-      if (trimmed2) statements.push(trimmed2);
-      current = "";
-    } else {
-      current += ch;
-    }
-  }
-  const trimmed = current.trim();
-  if (trimmed) statements.push(trimmed);
-  return statements;
-}
-async function doExecuteApproval({ id, userId, ip, encryptionKey }, log) {
-  const approval = await getApprovalById(id);
-  if (!approval || !["approved", "execute_failed"].includes(approval["status"])) {
-    throw new Error("Approval not found or not approved");
-  }
-  await setExecuting(id);
-  try {
-    const dataSourceId = approval["data_source_id"];
-    const dbName = approval["db_name"];
-    const pool = dbName ? await getPoolForDatabase(dataSourceId, dbName, encryptionKey) : await (async () => {
-      const ds = await getDataSourceWithPassword(dataSourceId, encryptionKey);
-      if (!ds) throw new Error("Data source not found");
-      return getPool({ ...ds, database: ds.database ?? "" });
-    })();
-    if (!pool) throw new Error("Data source not found");
-    const sqlText = approval["sql_text"];
-    const statements = splitStatements(sqlText);
-    let result;
-    if (statements.length <= 1) {
-      const rows = await pool.execute(sqlText);
-      result = `${rows.length} rows affected`;
-    } else {
-      const results = await pool.executeInTransaction(statements);
-      const details = results.map((r) => `${r.rowCount} rows`).join(", ");
-      result = `${statements.length} statements executed (${details})`;
-    }
-    await setExecuteResult(id, "executed", result);
-    log.info("Approval executed (id=%s, user=%s, stmts=%d)", id, userId, statements.length);
-    await writeAuditLog({
-      userId,
-      dataSourceId,
-      action: "DML_EXECUTE",
-      sqlText,
-      resultSummary: result,
-      ipAddress: ip
-    });
-    return getApprovalById(id);
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    await setExecuteResult(id, "execute_failed", message);
-    log.error(err, "Approval execute_failed (id=%s)", id);
-    throw err;
-  }
-}
-export {
-  approvalApprove,
-  approvalCreate,
-  approvalExecute,
-  approvalGet,
-  approvalList,
-  approvalReject,
-  getApprovalById,
-  setExecuteResult,
-  setExecuting
-};
+WHERE 1=1`,{where:r,params:s}=x(t);return e+=r+" ORDER BY a.created_at DESC LIMIT ? OFFSET ?",s.push(t?.limit??50,t?.offset??0),d().query(e,s)}function c(t){return d().queryOne(v,[t])}function T({dataSourceId:t,dbName:e,sqlText:r,submittedBy:s,sqlType:a="DML"}){return d().queryOne(y,[t,e,r,s,a])}function h(t,e,r,s){return d().queryOne(w(),[e,r,s,t])}function m(t){return d().run(A(),[t])}function E(t,e,r){return d().run(R(),[e,r,t])}async function U(t,e){let{status:r,mine:s,limit:a,offset:n}=t.body??{},o=t.user.role==="developer"||t.user.role==="maintainer"||String(s)==="true",i={status:r,submittedBy:o?t.user.id:void 0,limit:a?Number(a):void 0,offset:n?Number(n):void 0},[u,p]=await Promise.all([b(i),_(i)]);return e.send({rows:u,total:p})}async function B(t,e){let{id:r}=t.body??{},s=await c(r);return s?e.send(s):e.code(404).send({error:"Not found"})}async function C(t,e){let{dataSourceId:r,database:s,sql:a,sqlType:n}=t.body??{};if(!r||!a)return e.code(400).send({error:"Data source ID and SQL are required"});let o=n==="EXPORT"?"EXPORT":"DML",i=await T({dataSourceId:r,dbName:s??null,sqlText:a,submittedBy:t.user.id,sqlType:o});return t.log.info("Approval submitted (user=%s, type=%s)",t.user.id,o),e.code(201).send(i)}async function S(t,e,r,s){let a=await c(t);if(!a||a.status!=="pending")throw new Error("Approval not found or not in pending status");if(a.submitted_by===e)throw new Error("Cannot approve your own submission");return h(t,r,e,s??null)}async function W(t,e){let{id:r}=t.body??{};try{let s=await S(r,t.user.id,"approved");return t.log.info("Approval approved (id=%s, reviewer=%s)",r,t.user.id),e.send(s)}catch(s){return t.log.warn(s,"Approve failed (id=%s, reviewer=%s)",r,t.user.id),e.code(400).send({error:s instanceof Error?s.message:String(s)})}}async function j(t,e){let{id:r,reason:s}=t.body??{};try{let a=await S(r,t.user.id,"rejected",s);return t.log.info("Approval rejected (id=%s, reviewer=%s)",r,t.user.id),e.send(a)}catch(a){return t.log.warn(a,"Reject failed (id=%s, reviewer=%s)",r,t.user.id),e.code(400).send({error:a instanceof Error?a.message:String(a)})}}function M(t){return async(e,r)=>{let{id:s}=e.body??{},a=e.headers["x-forwarded-for"]??e.headers["x-real-ip"]??"unknown";try{let n=await G({id:s,userId:e.user.id,ip:a,encryptionKey:t},e.log);return r.send(n)}catch(n){return e.log.error(n,"Execute approval failed (id=%s, user=%s)",s,e.user.id),r.code(400).send({error:n instanceof Error?n.message:String(n)})}}}function Q(t){let e=[],r="",s=!1,a=!1;for(let o=0;o<t.length;o++){let i=t[o],u=t[o-1];if(i==="'"&&!a&&u!=="\\"?s=!s:i==='"'&&!s&&u!=="\\"&&(a=!a),i===";"&&!s&&!a){let p=r.trim();p&&e.push(p),r=""}else r+=i}let n=r.trim();return n&&e.push(n),e}async function G({id:t,userId:e,ip:r,encryptionKey:s},a){let n=await c(t);if(!n||!["approved","execute_failed"].includes(n.status))throw new Error("Approval not found or not approved");await m(t);try{let o=n.data_source_id,i=n.db_name,u=i?await P(o,i,s):await(async()=>{let l=await F(o,s);if(!l)throw new Error("Data source not found");return O({...l,database:l.database??""})})();if(!u)throw new Error("Data source not found");let p=n.sql_text,g=Q(p),f;if(g.length<=1)f=`${(await u.execute(p)).length} rows affected`;else{let D=(await u.executeInTransaction(g)).map(I=>`${I.rowCount} rows`).join(", ");f=`${g.length} statements executed (${D})`}return await E(t,"executed",f),a.info("Approval executed (id=%s, user=%s, stmts=%d)",t,e,g.length),await L({userId:e,dataSourceId:o,action:"DML_EXECUTE",sqlText:p,resultSummary:f,ipAddress:r}),c(t)}catch(o){let i=o instanceof Error?o.message:String(o);throw await E(t,"execute_failed",i),a.error(o,"Approval execute_failed (id=%s)",t),o}}export{W as approvalApprove,C as approvalCreate,M as approvalExecute,B as approvalGet,U as approvalList,j as approvalReject,c as getApprovalById,E as setExecuteResult,m as setExecuting};

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.11.0",
+  "version": "0.11.2",
   "description": "DMS approval workflow domain logic: service, model, sql",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -26,9 +26,9 @@
     "clean": "rm -rf dist"
   },
   "dependencies": {
-    "@heyhru/business-dms-audit": "0.6.3",
-    "@heyhru/business-dms-datasource": "0.8.3",
-    "@heyhru/server-plugin-pg": "0.8.0",
+    "@heyhru/business-dms-audit": "0.6.5",
+    "@heyhru/business-dms-datasource": "0.8.5",
+    "@heyhru/server-plugin-pg": "0.8.2",
     "fastify": "^5.8.4"
   },
   "devDependencies": {
@@ -36,5 +36,5 @@
     "typescript": "^6.0.2",
     "vitest": "^4.1.4"
   },
-  "gitHead": "643229b8735627837110392818e8b737a218e32b"
+  "gitHead": "77b53e79244df94faa9a2605f08cb6b41ba22ace"
 }