@heyhru/business-dms-approval 0.4.0

package/README.md

@@ -0,0 +1,33 @@
+# @heyhru/business-dms-approval
+
+DMS approval workflow domain logic: service, model, sql.
+
+## Exports
+
+### Direct route handlers
+
+```ts
+import {
+  approvalList,
+  approvalGet,
+  approvalCreate,
+  approvalApprove,
+  approvalReject,
+} from "@heyhru/business-dms-approval";
+
+app.post("/approvals/list", approvalList);
+app.post("/approvals/get", approvalGet);
+app.post("/approvals/create", approvalCreate);
+app.post("/approvals/approve", approvalApprove);
+app.post("/approvals/reject", approvalReject);
+```
+
+### Curried handler (encryptionKey required)
+
+```ts
+import { approvalExecute } from "@heyhru/business-dms-approval";
+
+app.post("/approvals/execute", approvalExecute(config.encryptionKey));
+```
+
+`approvalExecute` uses `FastifyBaseLogger` (via `req.log`) internally — no additional logger setup needed.

package/dist/approvals.model.d.ts

@@ -0,0 +1,14 @@
+export declare function listApprovals(filters?: {
+    status?: string;
+    submittedBy?: string;
+}): Promise<Record<string, unknown>[]>;
+export declare function getApprovalById(id: string): Promise<Record<string, unknown> | undefined>;
+export declare function insertApproval(dataSourceId: string, sqlText: string, submittedBy: string): Promise<Record<string, unknown> | undefined>;
+export declare function updateReview(id: string, status: string, reviewedBy: string, rejectReason: string | null): Promise<Record<string, unknown> | undefined>;
+export declare function setExecuting(id: string): Promise<{
+    changes: number;
+}>;
+export declare function setExecuteResult(id: string, status: string, result: string): Promise<{
+    changes: number;
+}>;
+//# sourceMappingURL=approvals.model.d.ts.map

package/dist/approvals.model.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approvals.model.d.ts","sourceRoot":"","sources":["../src/approvals.model.ts"],"names":[],"mappings":"AAGA,wBAAsB,aAAa,CAAC,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,sCAatF;AAED,wBAAgB,eAAe,CAAC,EAAE,EAAE,MAAM,gDAEzC;AAED,wBAAgB,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,gDAExF;AAED,wBAAgB,YAAY,CAC1B,EAAE,EAAE,MAAM,EACV,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,GAAG,IAAI,gDAG5B;AAED,wBAAgB,YAAY,CAAC,EAAE,EAAE,MAAM;;GAEtC;AAED,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;;GAE1E"}

package/dist/approvals.service.d.ts

@@ -0,0 +1,14 @@
+import { type FastifyRequest, type FastifyReply } from "fastify";
+interface AuthenticatedRequest extends FastifyRequest {
+    user: {
+        id: string;
+    };
+}
+export declare function approvalList(req: AuthenticatedRequest, reply: FastifyReply): Promise<never>;
+export declare function approvalGet(req: FastifyRequest, reply: FastifyReply): Promise<never>;
+export declare function approvalCreate(req: AuthenticatedRequest, reply: FastifyReply): Promise<never>;
+export declare function approvalApprove(req: AuthenticatedRequest, reply: FastifyReply): Promise<never>;
+export declare function approvalReject(req: AuthenticatedRequest, reply: FastifyReply): Promise<never>;
+export declare function approvalExecute(encryptionKey: string): (req: AuthenticatedRequest, reply: FastifyReply) => Promise<never>;
+export {};
+//# sourceMappingURL=approvals.service.d.ts.map

package/dist/approvals.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approvals.service.d.ts","sourceRoot":"","sources":["../src/approvals.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,KAAK,YAAY,EAA0B,MAAM,SAAS,CAAC;AAYzF,UAAU,oBAAqB,SAAQ,cAAc;IACnD,IAAI,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;CACtB;AAED,wBAAsB,YAAY,CAAC,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,YAAY,kBAQhF;AAED,wBAAsB,WAAW,CAAC,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,kBAKzE;AAED,wBAAsB,cAAc,CAAC,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,YAAY,kBAQlF;AAkBD,wBAAsB,eAAe,CAAC,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,YAAY,kBAUnF;AAED,wBAAsB,cAAc,CAAC,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,YAAY,kBAUlF;AAED,wBAAgB,eAAe,CAAC,aAAa,EAAE,MAAM,IACrC,KAAK,oBAAoB,EAAE,OAAO,YAAY,oBAY7D"}

package/dist/approvals.sql.d.ts

@@ -0,0 +1,6 @@
+export declare const FIND_BY_ID = "\nSELECT *\nFROM approvals\nWHERE id = ?";
+export declare const CREATE = "\nINSERT INTO approvals (data_source_id, sql_text, submitted_by)\nVALUES (?, ?, ?)\nRETURNING *";
+export declare const UPDATE_REVIEW: () => string;
+export declare const UPDATE_EXECUTING: () => string;
+export declare const UPDATE_RESULT: () => string;
+//# sourceMappingURL=approvals.sql.d.ts.map

package/dist/approvals.sql.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approvals.sql.d.ts","sourceRoot":"","sources":["../src/approvals.sql.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,UAAU,6CAGV,CAAC;AAEd,eAAO,MAAM,MAAM,oGAGP,CAAC;AAEb,eAAO,MAAM,aAAa,cAId,CAAC;AAEb,eAAO,MAAM,gBAAgB,cAGhB,CAAC;AAEd,eAAO,MAAM,aAAa,cAGb,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export { approvalList, approvalGet, approvalCreate, approvalApprove, approvalReject, approvalExecute, } from "./approvals.service.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,cAAc,EACd,eAAe,GAChB,MAAM,wBAAwB,CAAC"}

package/dist/index.js

@@ -0,0 +1,204 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  approvalApprove: () => approvalApprove,
+  approvalCreate: () => approvalCreate,
+  approvalExecute: () => approvalExecute,
+  approvalGet: () => approvalGet,
+  approvalList: () => approvalList,
+  approvalReject: () => approvalReject
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/approvals.service.ts
+var import_business_dms_datasource = require("@heyhru/business-dms-datasource");
+var import_business_dms_audit = require("@heyhru/business-dms-audit");
+
+// src/approvals.model.ts
+var import_server_plugin_pg = require("@heyhru/server-plugin-pg");
+
+// src/approvals.sql.ts
+var FIND_BY_ID = `
+SELECT *
+FROM approvals
+WHERE id = ?`;
+var CREATE = `
+INSERT INTO approvals (data_source_id, sql_text, submitted_by)
+VALUES (?, ?, ?)
+RETURNING *`;
+var UPDATE_REVIEW = () => `
+UPDATE approvals
+SET status = ?, reviewed_by = ?, reject_reason = ?, updated_at = NOW()
+WHERE id = ?
+RETURNING *`;
+var UPDATE_EXECUTING = () => `
+UPDATE approvals
+SET status = 'executing', updated_at = NOW()
+WHERE id = ?`;
+var UPDATE_RESULT = () => `
+UPDATE approvals
+SET status = ?, execute_result = ?, updated_at = NOW()
+WHERE id = ?`;
+
+// src/approvals.model.ts
+async function listApprovals(filters) {
+  let query = "SELECT * FROM approvals WHERE 1=1";
+  const params = [];
+  if (filters?.status) {
+    query += " AND status = ?";
+    params.push(filters.status);
+  }
+  if (filters?.submittedBy) {
+    query += " AND submitted_by = ?";
+    params.push(filters.submittedBy);
+  }
+  query += " ORDER BY created_at DESC";
+  return (0, import_server_plugin_pg.getPgDb)().query(query, params);
+}
+function getApprovalById(id) {
+  return (0, import_server_plugin_pg.getPgDb)().queryOne(FIND_BY_ID, [id]);
+}
+function insertApproval(dataSourceId, sqlText, submittedBy) {
+  return (0, import_server_plugin_pg.getPgDb)().queryOne(CREATE, [dataSourceId, sqlText, submittedBy]);
+}
+function updateReview(id, status, reviewedBy, rejectReason) {
+  return (0, import_server_plugin_pg.getPgDb)().queryOne(UPDATE_REVIEW(), [status, reviewedBy, rejectReason, id]);
+}
+function setExecuting(id) {
+  return (0, import_server_plugin_pg.getPgDb)().run(UPDATE_EXECUTING(), [id]);
+}
+function setExecuteResult(id, status, result) {
+  return (0, import_server_plugin_pg.getPgDb)().run(UPDATE_RESULT(), [status, result, id]);
+}
+
+// src/approvals.service.ts
+async function approvalList(req, reply) {
+  const { status, mine } = req.body ?? {};
+  return reply.send(
+    await listApprovals({
+      status,
+      submittedBy: mine === "true" ? req.user.id : void 0
+    })
+  );
+}
+async function approvalGet(req, reply) {
+  const { id } = req.body ?? {};
+  const approval = await getApprovalById(id);
+  if (!approval) return reply.code(404).send({ error: "Not found" });
+  return reply.send(approval);
+}
+async function approvalCreate(req, reply) {
+  const { dataSourceId, sql } = req.body ?? {};
+  if (!dataSourceId || !sql) {
+    return reply.code(400).send({ error: "Data source ID and SQL are required" });
+  }
+  const approval = await insertApproval(dataSourceId, sql, req.user.id);
+  req.log.info("Approval submitted (user=%s)", req.user.id);
+  return reply.code(201).send(approval);
+}
+async function reviewApproval(id, reviewerId, decision, rejectReason) {
+  const approval = await getApprovalById(id);
+  if (!approval || approval["status"] !== "pending") {
+    throw new Error("Approval not found or not in pending status");
+  }
+  if (approval["submitted_by"] === reviewerId) {
+    throw new Error("Cannot approve your own submission");
+  }
+  return updateReview(id, decision, reviewerId, rejectReason ?? null);
+}
+async function approvalApprove(req, reply) {
+  const { id } = req.body ?? {};
+  try {
+    const result = await reviewApproval(id, req.user.id, "approved");
+    req.log.info("Approval approved (id=%s, reviewer=%s)", id, req.user.id);
+    return reply.send(result);
+  } catch (err) {
+    req.log.warn(err, "Approve failed (id=%s, reviewer=%s)", id, req.user.id);
+    return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
+  }
+}
+async function approvalReject(req, reply) {
+  const { id, reason } = req.body ?? {};
+  try {
+    const result = await reviewApproval(id, req.user.id, "rejected", reason);
+    req.log.info("Approval rejected (id=%s, reviewer=%s)", id, req.user.id);
+    return reply.send(result);
+  } catch (err) {
+    req.log.warn(err, "Reject failed (id=%s, reviewer=%s)", id, req.user.id);
+    return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
+  }
+}
+function approvalExecute(encryptionKey) {
+  return async (req, reply) => {
+    const { id } = req.body ?? {};
+    const ip = req.headers["x-forwarded-for"] ?? req.headers["x-real-ip"] ?? "unknown";
+    try {
+      const result = await doExecuteApproval({ id, userId: req.user.id, ip, encryptionKey }, req.log);
+      return reply.send(result);
+    } catch (err) {
+      req.log.error(err, "Execute approval failed (id=%s, user=%s)", id, req.user.id);
+      return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
+    }
+  };
+}
+async function doExecuteApproval({ id, userId, ip, encryptionKey }, log) {
+  const approval = await getApprovalById(id);
+  if (!approval || !["approved", "execute_failed"].includes(approval["status"])) {
+    throw new Error("Approval not found or not approved");
+  }
+  await setExecuting(id);
+  try {
+    const ds = await (0, import_business_dms_datasource.getDataSourceWithPassword)(
+      approval["data_source_id"],
+      encryptionKey
+    );
+    if (!ds) throw new Error("Data source not found");
+    const pool = (0, import_business_dms_datasource.getPool)({ ...ds, database: ds.database ?? "" });
+    const rows = await pool.execute(approval["sql_text"]);
+    const result = `${rows.length} rows affected`;
+    await setExecuteResult(id, "executed", result);
+    log.info("Approval executed (id=%s, user=%s)", id, userId);
+    await (0, import_business_dms_audit.writeAuditLog)({
+      userId,
+      dataSourceId: approval["data_source_id"],
+      action: "DML_EXECUTE",
+      sqlText: approval["sql_text"],
+      resultSummary: result,
+      ipAddress: ip
+    });
+    return getApprovalById(id);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    await setExecuteResult(id, "execute_failed", message);
+    log.error(err, "Approval execute_failed (id=%s)", id);
+    throw err;
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  approvalApprove,
+  approvalCreate,
+  approvalExecute,
+  approvalGet,
+  approvalList,
+  approvalReject
+});

package/dist/index.mjs

@@ -0,0 +1,172 @@
+// src/approvals.service.ts
+import { getDataSourceWithPassword, getPool } from "@heyhru/business-dms-datasource";
+import { writeAuditLog } from "@heyhru/business-dms-audit";
+
+// src/approvals.model.ts
+import { getPgDb } from "@heyhru/server-plugin-pg";
+
+// src/approvals.sql.ts
+var FIND_BY_ID = `
+SELECT *
+FROM approvals
+WHERE id = ?`;
+var CREATE = `
+INSERT INTO approvals (data_source_id, sql_text, submitted_by)
+VALUES (?, ?, ?)
+RETURNING *`;
+var UPDATE_REVIEW = () => `
+UPDATE approvals
+SET status = ?, reviewed_by = ?, reject_reason = ?, updated_at = NOW()
+WHERE id = ?
+RETURNING *`;
+var UPDATE_EXECUTING = () => `
+UPDATE approvals
+SET status = 'executing', updated_at = NOW()
+WHERE id = ?`;
+var UPDATE_RESULT = () => `
+UPDATE approvals
+SET status = ?, execute_result = ?, updated_at = NOW()
+WHERE id = ?`;
+
+// src/approvals.model.ts
+async function listApprovals(filters) {
+  let query = "SELECT * FROM approvals WHERE 1=1";
+  const params = [];
+  if (filters?.status) {
+    query += " AND status = ?";
+    params.push(filters.status);
+  }
+  if (filters?.submittedBy) {
+    query += " AND submitted_by = ?";
+    params.push(filters.submittedBy);
+  }
+  query += " ORDER BY created_at DESC";
+  return getPgDb().query(query, params);
+}
+function getApprovalById(id) {
+  return getPgDb().queryOne(FIND_BY_ID, [id]);
+}
+function insertApproval(dataSourceId, sqlText, submittedBy) {
+  return getPgDb().queryOne(CREATE, [dataSourceId, sqlText, submittedBy]);
+}
+function updateReview(id, status, reviewedBy, rejectReason) {
+  return getPgDb().queryOne(UPDATE_REVIEW(), [status, reviewedBy, rejectReason, id]);
+}
+function setExecuting(id) {
+  return getPgDb().run(UPDATE_EXECUTING(), [id]);
+}
+function setExecuteResult(id, status, result) {
+  return getPgDb().run(UPDATE_RESULT(), [status, result, id]);
+}
+
+// src/approvals.service.ts
+async function approvalList(req, reply) {
+  const { status, mine } = req.body ?? {};
+  return reply.send(
+    await listApprovals({
+      status,
+      submittedBy: mine === "true" ? req.user.id : void 0
+    })
+  );
+}
+async function approvalGet(req, reply) {
+  const { id } = req.body ?? {};
+  const approval = await getApprovalById(id);
+  if (!approval) return reply.code(404).send({ error: "Not found" });
+  return reply.send(approval);
+}
+async function approvalCreate(req, reply) {
+  const { dataSourceId, sql } = req.body ?? {};
+  if (!dataSourceId || !sql) {
+    return reply.code(400).send({ error: "Data source ID and SQL are required" });
+  }
+  const approval = await insertApproval(dataSourceId, sql, req.user.id);
+  req.log.info("Approval submitted (user=%s)", req.user.id);
+  return reply.code(201).send(approval);
+}
+async function reviewApproval(id, reviewerId, decision, rejectReason) {
+  const approval = await getApprovalById(id);
+  if (!approval || approval["status"] !== "pending") {
+    throw new Error("Approval not found or not in pending status");
+  }
+  if (approval["submitted_by"] === reviewerId) {
+    throw new Error("Cannot approve your own submission");
+  }
+  return updateReview(id, decision, reviewerId, rejectReason ?? null);
+}
+async function approvalApprove(req, reply) {
+  const { id } = req.body ?? {};
+  try {
+    const result = await reviewApproval(id, req.user.id, "approved");
+    req.log.info("Approval approved (id=%s, reviewer=%s)", id, req.user.id);
+    return reply.send(result);
+  } catch (err) {
+    req.log.warn(err, "Approve failed (id=%s, reviewer=%s)", id, req.user.id);
+    return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
+  }
+}
+async function approvalReject(req, reply) {
+  const { id, reason } = req.body ?? {};
+  try {
+    const result = await reviewApproval(id, req.user.id, "rejected", reason);
+    req.log.info("Approval rejected (id=%s, reviewer=%s)", id, req.user.id);
+    return reply.send(result);
+  } catch (err) {
+    req.log.warn(err, "Reject failed (id=%s, reviewer=%s)", id, req.user.id);
+    return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
+  }
+}
+function approvalExecute(encryptionKey) {
+  return async (req, reply) => {
+    const { id } = req.body ?? {};
+    const ip = req.headers["x-forwarded-for"] ?? req.headers["x-real-ip"] ?? "unknown";
+    try {
+      const result = await doExecuteApproval({ id, userId: req.user.id, ip, encryptionKey }, req.log);
+      return reply.send(result);
+    } catch (err) {
+      req.log.error(err, "Execute approval failed (id=%s, user=%s)", id, req.user.id);
+      return reply.code(400).send({ error: err instanceof Error ? err.message : String(err) });
+    }
+  };
+}
+async function doExecuteApproval({ id, userId, ip, encryptionKey }, log) {
+  const approval = await getApprovalById(id);
+  if (!approval || !["approved", "execute_failed"].includes(approval["status"])) {
+    throw new Error("Approval not found or not approved");
+  }
+  await setExecuting(id);
+  try {
+    const ds = await getDataSourceWithPassword(
+      approval["data_source_id"],
+      encryptionKey
+    );
+    if (!ds) throw new Error("Data source not found");
+    const pool = getPool({ ...ds, database: ds.database ?? "" });
+    const rows = await pool.execute(approval["sql_text"]);
+    const result = `${rows.length} rows affected`;
+    await setExecuteResult(id, "executed", result);
+    log.info("Approval executed (id=%s, user=%s)", id, userId);
+    await writeAuditLog({
+      userId,
+      dataSourceId: approval["data_source_id"],
+      action: "DML_EXECUTE",
+      sqlText: approval["sql_text"],
+      resultSummary: result,
+      ipAddress: ip
+    });
+    return getApprovalById(id);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    await setExecuteResult(id, "execute_failed", message);
+    log.error(err, "Approval execute_failed (id=%s)", id);
+    throw err;
+  }
+}
+export {
+  approvalApprove,
+  approvalCreate,
+  approvalExecute,
+  approvalGet,
+  approvalList,
+  approvalReject
+};

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@heyhru/business-dms-approval",
+  "publishConfig": {
+    "access": "public"
+  },
+  "version": "0.4.0",
+  "description": "DMS approval workflow domain logic: service, model, sql",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup && tsc --emitDeclarationOnly",
+    "dev": "tsup --watch",
+    "lint": "eslint src",
+    "test": "vitest run",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@heyhru/business-dms-audit": "0.4.0",
+    "@heyhru/business-dms-datasource": "0.4.0",
+    "@heyhru/server-plugin-pg": "0.4.0",
+    "fastify": "^5.8.4"
+  },
+  "devDependencies": {
+    "tsup": "^8.5.1",
+    "typescript": "^6.0.2",
+    "vitest": "^4.1.2"
+  },
+  "gitHead": "48f00e1f0b1ca5d0789c0df9384a12f2c8e847c4"
+}