@seasonkoh/webaz 0.1.23 → 0.1.25

package/dist/pwa/routes/webauthn.js

@@ -2,6 +2,7 @@ import { generateRegistrationOptions, verifyRegistrationResponse, generateAuthen
 import { randomBytes } from 'node:crypto';
 // RFC-004 体验补:绑定 Passkey 后,追溯补发此前"已受理但无锚点跳过"的建设信誉。
 import { grantPendingAnchorCredits } from '../../layer2-business/L2-8-feedback/build-feedback-engine.js';
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerWebauthnRoutes(app, deps) {
     const { db, auth, generateId, rpId, rpName, origin, challengeTtlMs, gateTtlMs, invalidateAgentRiskCacheForUser, requireHumanPresence } = deps;
     // 1. 注册：start — 生成 challenge + 选项
@@ -9,7 +10,7 @@ export function registerWebauthnRoutes(app, deps) {
         const user = auth(req, res);
         if (!user)
             return;
-        const existing = db.prepare('SELECT id FROM webauthn_credentials WHERE user_id = ?').all(user.id);
+        const existing = await dbAll('SELECT id FROM webauthn_credentials WHERE user_id = ?', [user.id]);
         const opts = await generateRegistrationOptions({
             rpName,
             rpID: rpId,
@@ -21,8 +22,7 @@ export function registerWebauthnRoutes(app, deps) {
             authenticatorSelection: { residentKey: 'preferred', userVerification: 'required' },
         });
         const chId = generateId('wac');
-        db.prepare(`INSERT INTO webauthn_challenges (id, user_id, challenge, purpose, expires_at) VALUES (?,?,?,?,?)`)
-            .run(chId, user.id, opts.challenge, 'register', new Date(Date.now() + challengeTtlMs).toISOString());
+        await dbRun(`INSERT INTO webauthn_challenges (id, user_id, challenge, purpose, expires_at) VALUES (?,?,?,?,?)`, [chId, user.id, opts.challenge, 'register', new Date(Date.now() + challengeTtlMs).toISOString()]);
         res.json({ options: opts, challenge_id: chId });
     });
     // 2. 注册：finish — 验证 + 入库
@@ -31,7 +31,7 @@ export function registerWebauthnRoutes(app, deps) {
         if (!user)
             return;
         const { challenge_id, response, device_label } = req.body || {};
-        const ch = db.prepare(`SELECT challenge, expires_at, consumed_at FROM webauthn_challenges WHERE id = ? AND user_id = ? AND purpose = 'register'`).get(challenge_id, user.id);
+        const ch = await dbOne(`SELECT challenge, expires_at, consumed_at FROM webauthn_challenges WHERE id = ? AND user_id = ? AND purpose = 'register'`, [challenge_id, user.id]);
         if (!ch)
             return void res.status(404).json({ error: 'challenge not found' });
         if (ch.consumed_at)
@@ -51,9 +51,9 @@ export function registerWebauthnRoutes(app, deps) {
                 return void res.status(400).json({ error: 'verification failed' });
             }
             const { credential } = verification.registrationInfo;
-            db.prepare(`INSERT INTO webauthn_credentials (id, user_id, public_key, counter, transports, device_label) VALUES (?,?,?,?,?,?)`)
-                .run(credential.id, user.id, Buffer.from(credential.publicKey), credential.counter || 0, JSON.stringify(credential.transports || []), (device_label || '').slice(0, 60) || null);
-            db.prepare("UPDATE webauthn_challenges SET consumed_at = datetime('now') WHERE id = ?").run(challenge_id);
+            await dbRun(`INSERT INTO webauthn_credentials (id, user_id, public_key, counter, transports, device_label) VALUES (?,?,?,?,?,?)`, [credential.id, user.id, Buffer.from(credential.publicKey), credential.counter || 0,
+                JSON.stringify(credential.transports || []), (device_label || '').slice(0, 60) || null]);
+            await dbRun("UPDATE webauthn_challenges SET consumed_at = datetime('now') WHERE id = ?", [challenge_id]);
             invalidateAgentRiskCacheForUser(user.id); // 让 D2b 中间件立刻看到刚绑的 Passkey,否则 5min 缓存窗内仍被拦
             // RFC-004:绑定 Passkey = 成为可问责真人 → 追溯补发此前因无锚点跳过的建设信誉(advisory,永不阻塞绑定)
             let backfilled;
@@ -73,11 +73,11 @@ export function registerWebauthnRoutes(app, deps) {
         if (!user)
             return;
         const purpose = String(req.body?.purpose || '').trim();
-        const allowed = new Set(['withdraw', 'change-password', 'reveal-key', 'region', 'delete_passkey', 'governance_apply', 'governance_activate', 'governance_resign', 'governance_appeal_resolve', 'rewards_apply', 'rewards_deactivate']);
+        const allowed = new Set(['withdraw', 'change-password', 'reveal-key', 'region', 'delete_passkey', 'governance_apply', 'governance_activate', 'governance_resign', 'governance_appeal_resolve', 'rewards_apply', 'rewards_deactivate', 'identity_claim']);
         if (!allowed.has(purpose))
             return void res.status(400).json({ error: 'invalid purpose' });
         const purpose_data = req.body?.purpose_data ?? null;
-        const creds = db.prepare('SELECT id, transports FROM webauthn_credentials WHERE user_id = ?').all(user.id);
+        const creds = await dbAll('SELECT id, transports FROM webauthn_credentials WHERE user_id = ?', [user.id]);
         if (creds.length === 0)
             return void res.status(403).json({ error: '尚未注册任何 Passkey' });
         const opts = await generateAuthenticationOptions({
@@ -92,8 +92,9 @@ export function registerWebauthnRoutes(app, deps) {
                 } })() })),
         });
         const chId = generateId('wac');
-        db.prepare(`INSERT INTO webauthn_challenges (id, user_id, challenge, purpose, purpose_data, expires_at) VALUES (?,?,?,?,?,?)`)
-            .run(chId, user.id, opts.challenge, purpose, purpose_data ? JSON.stringify(purpose_data) : null, new Date(Date.now() + challengeTtlMs).toISOString());
+        await dbRun(`INSERT INTO webauthn_challenges (id, user_id, challenge, purpose, purpose_data, expires_at) VALUES (?,?,?,?,?,?)`, [chId, user.id, opts.challenge, purpose,
+            purpose_data ? JSON.stringify(purpose_data) : null,
+            new Date(Date.now() + challengeTtlMs).toISOString()]);
         res.json({ options: opts, challenge_id: chId });
     });
     // 4. 认证：finish — 验证签名 + 颁发短 gate token
@@ -102,15 +103,14 @@ export function registerWebauthnRoutes(app, deps) {
         if (!user)
             return;
         const { challenge_id, response } = req.body || {};
-        const ch = db.prepare(`SELECT challenge, purpose, purpose_data, expires_at, consumed_at FROM webauthn_challenges WHERE id = ? AND user_id = ?`).get(challenge_id, user.id);
+        const ch = await dbOne(`SELECT challenge, purpose, purpose_data, expires_at, consumed_at FROM webauthn_challenges WHERE id = ? AND user_id = ?`, [challenge_id, user.id]);
         if (!ch)
             return void res.status(404).json({ error: 'challenge not found' });
         if (ch.consumed_at)
             return void res.status(409).json({ error: 'challenge already used' });
         if (new Date(ch.expires_at).getTime() < Date.now())
             return void res.status(410).json({ error: 'challenge expired' });
-        const cred = db.prepare(`SELECT id, public_key, counter, transports FROM webauthn_credentials WHERE id = ? AND user_id = ?`)
-            .get(response?.id, user.id);
+        const cred = await dbOne(`SELECT id, public_key, counter, transports FROM webauthn_credentials WHERE id = ? AND user_id = ?`, [response?.id, user.id]);
         if (!cred)
             return void res.status(404).json({ error: 'credential not registered' });
         try {
@@ -136,13 +136,12 @@ export function registerWebauthnRoutes(app, deps) {
             if (!verification.verified)
                 return void res.status(400).json({ error: 'signature failed' });
             // 更新 counter（防重放）
-            db.prepare(`UPDATE webauthn_credentials SET counter = ?, last_used_at = datetime('now') WHERE id = ?`)
-                .run(verification.authenticationInfo.newCounter, cred.id);
-            db.prepare("UPDATE webauthn_challenges SET consumed_at = datetime('now') WHERE id = ?").run(challenge_id);
+            await dbRun(`UPDATE webauthn_credentials SET counter = ?, last_used_at = datetime('now') WHERE id = ?`, [verification.authenticationInfo.newCounter, cred.id]);
+            await dbRun("UPDATE webauthn_challenges SET consumed_at = datetime('now') WHERE id = ?", [challenge_id]);
             // 颁发短 token
             const token = generateId('wgt') + '_' + randomBytes(8).toString('hex');
-            db.prepare(`INSERT INTO webauthn_gate_tokens (id, user_id, purpose, purpose_data, expires_at) VALUES (?,?,?,?,?)`)
-                .run(token, user.id, ch.purpose, ch.purpose_data, new Date(Date.now() + gateTtlMs).toISOString());
+            await dbRun(`INSERT INTO webauthn_gate_tokens (id, user_id, purpose, purpose_data, expires_at) VALUES (?,?,?,?,?)`, [token, user.id, ch.purpose, ch.purpose_data,
+                new Date(Date.now() + gateTtlMs).toISOString()]);
             res.json({ success: true, gate_token: token, expires_in_seconds: Math.floor(gateTtlMs / 1000) });
         }
         catch (e) {
@@ -150,15 +149,15 @@ export function registerWebauthnRoutes(app, deps) {
         }
     });
     // 列出 / 删除 credential
-    app.get('/api/webauthn/credentials', (req, res) => {
+    app.get('/api/webauthn/credentials', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const rows = db.prepare(`SELECT id, device_label, transports, created_at, last_used_at FROM webauthn_credentials WHERE user_id = ? ORDER BY created_at DESC`).all(user.id);
+        const rows = await dbAll(`SELECT id, device_label, transports, created_at, last_used_at FROM webauthn_credentials WHERE user_id = ? ORDER BY created_at DESC`, [user.id]);
         const required = !!user.webauthn_required_for_withdraw;
         res.json({ credentials: rows, settings: { required_for_withdraw: required } });
     });
-    app.delete('/api/webauthn/credentials/:id', (req, res) => {
+    app.delete('/api/webauthn/credentials/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -174,23 +173,23 @@ export function registerWebauthnRoutes(app, deps) {
         });
         if (!hpCheck.ok)
             return void res.status(412).json({ error: hpCheck.reason, error_code: hpCheck.error_code });
-        const r = db.prepare('DELETE FROM webauthn_credentials WHERE id = ? AND user_id = ?').run(req.params.id, user.id);
+        const r = await dbRun('DELETE FROM webauthn_credentials WHERE id = ? AND user_id = ?', [req.params.id, user.id]);
         if (r.changes > 0)
             invalidateAgentRiskCacheForUser(user.id); // 删到最后一把就丢真人身份,立刻反映到 D2b
         res.json({ success: true, deleted: r.changes });
     });
-    app.post('/api/webauthn/settings', (req, res) => {
+    app.post('/api/webauthn/settings', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const required = req.body?.required_for_withdraw ? 1 : 0;
         // 开启前必须至少有 1 个 credential
         if (required) {
-            const n = db.prepare('SELECT COUNT(*) as n FROM webauthn_credentials WHERE user_id = ?').get(user.id).n;
+            const n = (await dbOne('SELECT COUNT(*) as n FROM webauthn_credentials WHERE user_id = ?', [user.id])).n;
             if (n === 0)
                 return void res.status(400).json({ error: '请先注册至少一个 Passkey' });
         }
-        db.prepare('UPDATE users SET webauthn_required_for_withdraw = ? WHERE id = ?').run(required, user.id);
+        await dbRun('UPDATE users SET webauthn_required_for_withdraw = ? WHERE id = ?', [required, user.id]);
         res.json({ success: true, required_for_withdraw: !!required });
     });
 }

package/dist/pwa/routes/webhooks.js

@@ -1,5 +1,6 @@
 import { createHmac } from 'node:crypto';
 import { isPrivateOrInternalHost } from '../security/ssrf.js';
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export const WEBHOOK_EVENT_TYPES = [
     'order.created', 'order.paid', 'order.shipped', 'order.delivered', 'order.completed', 'order.disputed',
     'wish.claimed', 'wish.proof', 'wish.confirmed', 'wish.repay', 'wish.repay_resp',
@@ -7,37 +8,36 @@ export const WEBHOOK_EVENT_TYPES = [
     'charity.donation', 'charity.fund_redirect',
 ];
 // P2.2 失败通知：连续 5 次失败 → 自动 active=0 + 通知用户
-function recordWebhookFailure(db, generateId, sub, errMsg) {
-    db.prepare(`UPDATE webhook_subscriptions SET fail_count = fail_count + 1, last_error = ?, last_fired_at = datetime('now') WHERE id = ?`).run(errMsg, sub.id);
-    const after = db.prepare(`SELECT fail_count, active FROM webhook_subscriptions WHERE id = ?`).get(sub.id);
+// RFC-016: db 参数保留(调用方仍传),内部走异步 seam(同一实例,setSeamDb)。
+async function recordWebhookFailure(_db, generateId, sub, errMsg) {
+    await dbRun(`UPDATE webhook_subscriptions SET fail_count = fail_count + 1, last_error = ?, last_fired_at = datetime('now') WHERE id = ?`, [errMsg, sub.id]);
+    const after = (await dbOne(`SELECT fail_count, active FROM webhook_subscriptions WHERE id = ?`, [sub.id]));
     if (after.active && after.fail_count > 0 && after.fail_count % 5 === 0) {
         try {
-            db.prepare(`INSERT INTO notifications (id, user_id, type, title, body, created_at)
-                  VALUES (?,?,'webhook_fail',?,?,datetime('now'))`)
-                .run(generateId('ntf'), sub.user_id, `⚠ Webhook 连续 ${after.fail_count} 次失败`, `${sub.event_type} → ${String(sub.target_url).slice(0, 60)}... · ${errMsg}`);
+            await dbRun(`INSERT INTO notifications (id, user_id, type, title, body, created_at)
+                  VALUES (?,?,'webhook_fail',?,?,datetime('now'))`, [generateId('ntf'), sub.user_id, `⚠ Webhook 连续 ${after.fail_count} 次失败`, `${sub.event_type} → ${String(sub.target_url).slice(0, 60)}... · ${errMsg}`]);
         }
         catch (e) {
             console.error('[webhook notify fail]', e);
         }
         // 失败 >= 20 次 → 自动暂停
         if (after.fail_count >= 20) {
-            db.prepare(`UPDATE webhook_subscriptions SET active = 0 WHERE id = ?`).run(sub.id);
+            await dbRun(`UPDATE webhook_subscriptions SET active = 0 WHERE id = ?`, [sub.id]);
         }
     }
 }
 // 触发 webhook 投递（v1 同步 fetch，超时 5s）
 // 跨域 API — charity / RFQ / orders 等通过此函数广播事件
-export async function fireWebhooks(db, generateId, eventType, payload, userIds) {
+export async function fireWebhooks(_db, generateId, eventType, payload, userIds) {
     const where = userIds && userIds.length
         ? `event_type = ? AND active = 1 AND user_id IN (${userIds.map(() => '?').join(',')})`
         : `event_type = ? AND active = 1`;
     const args = [eventType, ...(userIds || [])];
-    const subs = db.prepare(`SELECT * FROM webhook_subscriptions WHERE ${where}`).all(...args);
+    const subs = await dbAll(`SELECT * FROM webhook_subscriptions WHERE ${where}`, args);
     for (const sub of subs) {
         // P1.1 SSRF：投递前再次校验（防止旧订阅或 DB 直改绕过创建时检查）
         if (isPrivateOrInternalHost(String(sub.target_url))) {
-            db.prepare(`UPDATE webhook_subscriptions SET fail_count = fail_count + 1, last_error = ?, active = 0 WHERE id = ?`)
-                .run('blocked: private/internal host', sub.id);
+            await dbRun(`UPDATE webhook_subscriptions SET fail_count = fail_count + 1, last_error = ?, active = 0 WHERE id = ?`, ['blocked: private/internal host', sub.id]);
             continue;
         }
         const body = JSON.stringify({ event: eventType, payload, ts: new Date().toISOString() });
@@ -52,21 +52,22 @@ export async function fireWebhooks(db, generateId, eventType, payload, userIds)
             });
             clearTimeout(tm);
             if (r.ok) {
-                db.prepare(`UPDATE webhook_subscriptions SET fire_count = fire_count + 1, last_fired_at = datetime('now'), last_error = NULL WHERE id = ?`).run(sub.id);
+                await dbRun(`UPDATE webhook_subscriptions SET fire_count = fire_count + 1, last_fired_at = datetime('now'), last_error = NULL WHERE id = ?`, [sub.id]);
             }
             else {
-                recordWebhookFailure(db, generateId, sub, 'HTTP ' + r.status);
+                await recordWebhookFailure(_db, generateId, sub, 'HTTP ' + r.status);
             }
         }
         catch (e) {
-            recordWebhookFailure(db, generateId, sub, String(e.message).slice(0, 200));
+            await recordWebhookFailure(_db, generateId, sub, String(e.message).slice(0, 200));
         }
     }
 }
 export function registerWebhookRoutes(app, deps) {
-    const { db, auth, generateId, rateLimitOk } = deps;
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
+    const { auth, generateId, rateLimitOk } = deps;
     // POST 订阅
-    app.post('/api/webhooks', (req, res) => {
+    app.post('/api/webhooks', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
@@ -86,40 +87,39 @@ export function registerWebhookRoutes(app, deps) {
         if (!WEBHOOK_EVENT_TYPES.includes(eventType))
             return void res.json({ error: '不支持的 event_type' });
         // 每用户最多 20 个订阅
-        const cnt = db.prepare(`SELECT COUNT(1) as n FROM webhook_subscriptions WHERE user_id = ?`).get(user.id).n;
+        const cnt = (await dbOne(`SELECT COUNT(1) as n FROM webhook_subscriptions WHERE user_id = ?`, [user.id])).n;
         if (cnt >= 20)
             return void res.json({ error: '订阅数量上限 20' });
         const id = generateId('whk');
-        db.prepare(`INSERT INTO webhook_subscriptions (id, user_id, event_type, target_url, secret) VALUES (?,?,?,?,?)`)
-            .run(id, user.id, eventType, url, secret);
+        await dbRun(`INSERT INTO webhook_subscriptions (id, user_id, event_type, target_url, secret) VALUES (?,?,?,?,?)`, [id, user.id, eventType, url, secret]);
         res.json({ id, event_type: eventType, target_url: url });
     });
     // GET 我的订阅
-    app.get('/api/webhooks', (req, res) => {
+    app.get('/api/webhooks', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const items = db.prepare(`SELECT id, event_type, target_url, active, last_fired_at, fire_count, fail_count, last_error, created_at
-                              FROM webhook_subscriptions WHERE user_id = ? ORDER BY created_at DESC`).all(user.id);
+        const items = await dbAll(`SELECT id, event_type, target_url, active, last_fired_at, fire_count, fail_count, last_error, created_at
+                              FROM webhook_subscriptions WHERE user_id = ? ORDER BY created_at DESC`, [user.id]);
         res.json({ items, event_types: WEBHOOK_EVENT_TYPES });
     });
     // DELETE
-    app.delete('/api/webhooks/:id', (req, res) => {
+    app.delete('/api/webhooks/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
-        const r = db.prepare(`DELETE FROM webhook_subscriptions WHERE id = ? AND user_id = ?`).run(req.params.id, user.id);
+        const r = await dbRun(`DELETE FROM webhook_subscriptions WHERE id = ? AND user_id = ?`, [req.params.id, user.id]);
         if (r.changes === 0)
             return void res.json({ error: '订阅不存在或非你所有' });
         res.json({ ok: true });
     });
     // PATCH active toggle
-    app.patch('/api/webhooks/:id', (req, res) => {
+    app.patch('/api/webhooks/:id', async (req, res) => {
         const user = auth(req, res);
         if (!user)
             return;
         const active = req.body.active ? 1 : 0;
-        const r = db.prepare(`UPDATE webhook_subscriptions SET active = ? WHERE id = ? AND user_id = ?`).run(active, req.params.id, user.id);
+        const r = await dbRun(`UPDATE webhook_subscriptions SET active = ? WHERE id = ? AND user_id = ?`, [active, req.params.id, user.id]);
         if (r.changes === 0)
             return void res.json({ error: '订阅不存在' });
         res.json({ ok: true, active });

package/dist/pwa/routes/welcome.js

@@ -1,10 +1,12 @@
 import { createHash } from 'node:crypto';
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 const SUB_EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
 const VALID_ROLE_PREFS = new Set(['buyer', 'seller', 'creator', 'verifier', 'arbitrator', 'other']);
 export function registerWelcomeRoutes(app, deps) {
-    const { db, generateId, getUser, clientIpHash, clientUaHash, requireSupportAdmin } = deps;
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
+    const { generateId, getUser, clientIpHash, clientUaHash, requireSupportAdmin } = deps;
     // ─── admin 端 ─────────────────────────────────────────────
-    app.get('/api/admin/public-ideas', (req, res) => {
+    app.get('/api/admin/public-ideas', async (req, res) => {
         const admin = requireSupportAdmin(req, res);
         if (!admin)
             return;
@@ -16,47 +18,45 @@ export function registerWelcomeRoutes(app, deps) {
             args.push(status);
         }
         const whereClause = `WHERE ${where.join(' AND ')}`;
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT id, user_id, contact, content, status, created_at
       FROM public_ideas ${whereClause}
       ORDER BY created_at DESC LIMIT 500
-    `).all(...args);
-        const counts = db.prepare(`SELECT
+    `, args);
+        const counts = await dbOne(`SELECT
       SUM(CASE WHEN status='new' THEN 1 ELSE 0 END) as st_new,
       SUM(CASE WHEN status='triaged' THEN 1 ELSE 0 END) as st_triaged,
       SUM(CASE WHEN status='resolved' THEN 1 ELSE 0 END) as st_resolved,
       SUM(CASE WHEN status='spam' THEN 1 ELSE 0 END) as st_spam,
       COUNT(*) as total
-      FROM public_ideas WHERE content NOT LIKE 'WELCOME_EMAIL_SUBSCRIBE:%'`).get();
+      FROM public_ideas WHERE content NOT LIKE 'WELCOME_EMAIL_SUBSCRIBE:%'`);
         // P1 审计：admin 读 PII 留痕
         try {
-            db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail)
-                  VALUES (?, ?, 'read_public_ideas', 'public_ideas', NULL, ?)`)
-                .run(generateId('aud'), admin.id, JSON.stringify({ count: rows.length, status }));
+            await dbRun(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail)
+                  VALUES (?, ?, 'read_public_ideas', 'public_ideas', NULL, ?)`, [generateId('aud'), admin.id, JSON.stringify({ count: rows.length, status })]);
         }
         catch { }
         res.json({ items: rows, counts });
     });
-    app.patch('/api/admin/public-ideas/:id', (req, res) => {
+    app.patch('/api/admin/public-ideas/:id', async (req, res) => {
         const admin = requireSupportAdmin(req, res);
         if (!admin)
             return;
         const newStatus = String(req.body?.status || '');
         if (!['new', 'triaged', 'resolved', 'spam'].includes(newStatus))
             return void res.status(400).json({ error: 'status 取值非法' });
-        const r = db.prepare("UPDATE public_ideas SET status=? WHERE id=?").run(newStatus, req.params.id);
+        const r = await dbRun("UPDATE public_ideas SET status=? WHERE id=?", [newStatus, req.params.id]);
         if (r.changes === 0)
             return void res.status(404).json({ error: '记录不存在' });
         try {
-            db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail)
-                  VALUES (?, ?, 'patch_public_idea', 'public_ideas', ?, ?)`)
-                .run(generateId('aud'), admin.id, req.params.id, JSON.stringify({ status: newStatus }));
+            await dbRun(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail)
+                  VALUES (?, ?, 'patch_public_idea', 'public_ideas', ?, ?)`, [generateId('aud'), admin.id, req.params.id, JSON.stringify({ status: newStatus })]);
         }
         catch { }
         res.json({ ok: true, status: newStatus });
     });
     // 2026-05-25 admin 查邮箱订阅 — 独立端点，与建议分开
-    app.get('/api/admin/email-subscriptions', (req, res) => {
+    app.get('/api/admin/email-subscriptions', async (req, res) => {
         const admin = requireSupportAdmin(req, res);
         if (!admin)
             return;
@@ -72,13 +72,13 @@ export function registerWelcomeRoutes(app, deps) {
             args.push(statusFilter);
         }
         const where = conds.length ? `WHERE ${conds.join(' AND ')}` : '';
-        const rows = db.prepare(`
+        const rows = await dbAll(`
       SELECT id, email, source, role_preference, note, consent_at, unsubscribed_at, user_id, created_at,
              COALESCE(handle_status,'pending') as handle_status, handled_at
       FROM email_subscriptions ${where}
       ORDER BY created_at DESC LIMIT 500
-    `).all(...args);
-        const counts = db.prepare(`SELECT
+    `, args);
+        const counts = await dbOne(`SELECT
       COUNT(*) as total,
       SUM(CASE WHEN unsubscribed_at IS NULL THEN 1 ELSE 0 END) as active,
       SUM(CASE WHEN unsubscribed_at IS NOT NULL THEN 1 ELSE 0 END) as unsubscribed,
@@ -86,17 +86,16 @@ export function registerWelcomeRoutes(app, deps) {
       SUM(CASE WHEN handle_status = 'contacted' THEN 1 ELSE 0 END) as st_contacted,
       SUM(CASE WHEN handle_status = 'invited'   THEN 1 ELSE 0 END) as st_invited,
       SUM(CASE WHEN handle_status = 'done'      THEN 1 ELSE 0 END) as st_done
-      FROM email_subscriptions`).get();
+      FROM email_subscriptions`);
         try {
-            db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail)
-                  VALUES (?, ?, 'read_email_subscriptions', 'email_subscriptions', NULL, ?)`)
-                .run(generateId('aud'), admin.id, JSON.stringify({ count: rows.length, include_unsubscribed: includeUnsub }));
+            await dbRun(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail)
+                  VALUES (?, ?, 'read_email_subscriptions', 'email_subscriptions', NULL, ?)`, [generateId('aud'), admin.id, JSON.stringify({ count: rows.length, include_unsubscribed: includeUnsub })]);
         }
         catch { }
         res.json({ items: rows, counts });
     });
     // 2026-05-29: admin 标记申请处理状态（pending→contacted→invited→done）— 不动 POST 提交逻辑
-    app.patch('/api/admin/email-subscriptions/:id/status', (req, res) => {
+    app.patch('/api/admin/email-subscriptions/:id/status', async (req, res) => {
         const admin = requireSupportAdmin(req, res);
         if (!admin)
             return;
@@ -104,15 +103,13 @@ export function registerWelcomeRoutes(app, deps) {
         const status = String((req.body || {}).status || '');
         if (!HANDLE_STATES.includes(status))
             return void res.status(400).json({ error: 'status 必须是 pending/contacted/invited/done' });
-        const row = db.prepare('SELECT id, handle_status FROM email_subscriptions WHERE id = ?').get(req.params.id);
+        const row = await dbOne('SELECT id, handle_status FROM email_subscriptions WHERE id = ?', [req.params.id]);
         if (!row)
             return void res.status(404).json({ error: '记录不存在' });
-        db.prepare("UPDATE email_subscriptions SET handle_status = ?, handled_at = datetime('now'), handled_by = ? WHERE id = ?")
-            .run(status, admin.id, req.params.id);
+        await dbRun("UPDATE email_subscriptions SET handle_status = ?, handled_at = datetime('now'), handled_by = ? WHERE id = ?", [status, admin.id, req.params.id]);
         try {
-            db.prepare(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail)
-                  VALUES (?, ?, 'update_email_subscription_status', 'email_subscriptions', ?, ?)`)
-                .run(generateId('aud'), admin.id, req.params.id, JSON.stringify({ from: row.handle_status || 'pending', to: status }));
+            await dbRun(`INSERT INTO admin_audit_log (id, admin_id, action, target_type, target_id, detail)
+                  VALUES (?, ?, 'update_email_subscription_status', 'email_subscriptions', ?, ?)`, [generateId('aud'), admin.id, req.params.id, JSON.stringify({ from: row.handle_status || 'pending', to: status })]);
         }
         catch { }
         res.json({ success: true, status });
@@ -120,7 +117,7 @@ export function registerWelcomeRoutes(app, deps) {
     // ─── 公开端 ───────────────────────────────────────────────
     // 2026-05-24 首屏「我有建议」— 公开提交（无需登录）
     // 反 bot：honeypot 字段 + 单 IP+UA 联合 rate limit 5/h + 内容 hash 去重 1h
-    app.post('/api/public-ideas', (req, res) => {
+    app.post('/api/public-ideas', async (req, res) => {
         // 蜜罐字段 `_hp`：bot 倾向于填所有 input；真人不会看到（前端 display:none）
         if (req.body?._hp)
             return void res.status(400).json({ error: 'invalid' }); // 不告诉 bot 真原因
@@ -132,24 +129,23 @@ export function registerWelcomeRoutes(app, deps) {
         const ipHash = clientIpHash(req);
         const uaHash = clientUaHash(req);
         // IP+UA 联合：5/h（之前是仅 IP，NAT 误伤）
-        const recent = db.prepare(`SELECT COUNT(*) as n FROM public_ideas
-      WHERE (ip_hash = ? OR ua_hash = ?) AND created_at > datetime('now', '-1 hour')`).get(ipHash, uaHash).n;
+        const recent = (await dbOne(`SELECT COUNT(*) as n FROM public_ideas
+      WHERE (ip_hash = ? OR ua_hash = ?) AND created_at > datetime('now', '-1 hour')`, [ipHash, uaHash])).n;
         if (recent >= 5)
             return void res.status(429).json({ error: '提交过于频繁，请稍后再试' });
         // 内容去重：1h 内同 ip+content 不重复落库
-        const dup = db.prepare(`SELECT 1 FROM public_ideas
-      WHERE ip_hash = ? AND content = ? AND created_at > datetime('now', '-1 hour')`).get(ipHash, content);
+        const dup = await dbOne(`SELECT 1 FROM public_ideas
+      WHERE ip_hash = ? AND content = ? AND created_at > datetime('now', '-1 hour')`, [ipHash, content]);
         if (dup)
             return void res.status(409).json({ error: '请勿重复提交相同内容' });
         const userId = getUser(req)?.id || null;
         const id = generateId('idea');
-        db.prepare(`INSERT INTO public_ideas (id, user_id, contact, content, ip_hash, ua_hash) VALUES (?,?,?,?,?,?)`)
-            .run(id, userId, contact || null, content, ipHash, uaHash);
+        await dbRun(`INSERT INTO public_ideas (id, user_id, contact, content, ip_hash, ua_hash) VALUES (?,?,?,?,?,?)`, [id, userId, contact || null, content, ipHash, uaHash]);
         res.json({ ok: true, id });
     });
     // 2026-05-25 邮箱订阅独立端点（替代旧 WELCOME_EMAIL_SUBSCRIBE: 前缀 hack）
     // 2026-05-26 加 role_preference + note 字段（welcome 表单丰富化）
-    app.post('/api/email-subscriptions', (req, res) => {
+    app.post('/api/email-subscriptions', async (req, res) => {
         if (req.body?._hp)
             return void res.status(400).json({ error: 'invalid' }); // honeypot
         const email = String(req.body?.email || '').trim().toLowerCase();
@@ -165,13 +161,13 @@ export function registerWelcomeRoutes(app, deps) {
         const note = noteRaw ? noteRaw.slice(0, 500) : null;
         const ipHash = clientIpHash(req);
         // rate limit: 单 IP 1h 最多 3 次（防爆破探测同人多邮箱）
-        const recent = db.prepare(`SELECT COUNT(*) as n FROM email_subscriptions
-      WHERE ip_hash = ? AND created_at > datetime('now', '-1 hour')`).get(ipHash).n;
+        const recent = (await dbOne(`SELECT COUNT(*) as n FROM email_subscriptions
+      WHERE ip_hash = ? AND created_at > datetime('now', '-1 hour')`, [ipHash])).n;
         if (recent >= 3)
             return void res.status(429).json({ error: '提交过于频繁，请稍后再试' });
         // 已存在（active）→ 幂等返回 ok（不暴露"该邮箱已订阅"避免邮箱枚举）
         // 但若提供了新 role/note，更新这俩字段（用户可能回来补充）
-        const exist = db.prepare(`SELECT id, unsubscribed_at FROM email_subscriptions WHERE email = ?`).get(email);
+        const exist = await dbOne(`SELECT id, unsubscribed_at FROM email_subscriptions WHERE email = ?`, [email]);
         if (exist) {
             const sets = [];
             const args = [];
@@ -188,36 +184,35 @@ export function registerWelcomeRoutes(app, deps) {
             }
             if (sets.length > 0) {
                 args.push(exist.id);
-                db.prepare(`UPDATE email_subscriptions SET ${sets.join(', ')} WHERE id = ?`).run(...args);
+                await dbRun(`UPDATE email_subscriptions SET ${sets.join(', ')} WHERE id = ?`, args);
             }
             return void res.json({ ok: true, id: exist.id, status: 'subscribed' });
         }
         const id = generateId('eml');
         const token = createHash('sha256').update(id + email + Math.random()).digest('hex').slice(0, 32);
         const userId = getUser(req)?.id || null;
-        db.prepare(`INSERT INTO email_subscriptions (id, email, source, role_preference, note, unsubscribe_token, ip_hash, user_id) VALUES (?,?,?,?,?,?,?,?)`)
-            .run(id, email, source, rolePref, note, token, ipHash, userId);
+        await dbRun(`INSERT INTO email_subscriptions (id, email, source, role_preference, note, unsubscribe_token, ip_hash, user_id) VALUES (?,?,?,?,?,?,?,?)`, [id, email, source, rolePref, note, token, ipHash, userId]);
         res.json({ ok: true, id, status: 'subscribed', unsubscribe_url: `/unsubscribe?t=${token}` });
     });
     // 公开退订端点 — 接受 GET（邮件里的链接）+ POST（页面按钮）
-    function doUnsubscribe(token) {
+    async function doUnsubscribe(token) {
         if (!token || token.length !== 32)
             return { ok: false, error: 'invalid_token' };
-        const row = db.prepare(`SELECT id, email, unsubscribed_at FROM email_subscriptions WHERE unsubscribe_token = ?`).get(token);
+        const row = await dbOne(`SELECT id, email, unsubscribed_at FROM email_subscriptions WHERE unsubscribe_token = ?`, [token]);
         if (!row)
             return { ok: false, error: 'token_not_found' };
         if (row.unsubscribed_at)
             return { ok: true, email: row.email }; // 已退订也返 ok（幂等）
-        db.prepare(`UPDATE email_subscriptions SET unsubscribed_at = datetime('now') WHERE id = ?`).run(row.id);
+        await dbRun(`UPDATE email_subscriptions SET unsubscribed_at = datetime('now') WHERE id = ?`, [row.id]);
         return { ok: true, email: row.email };
     }
-    app.post('/api/email-subscriptions/unsubscribe', (req, res) => {
-        const r = doUnsubscribe(String(req.body?.token || ''));
+    app.post('/api/email-subscriptions/unsubscribe', async (req, res) => {
+        const r = await doUnsubscribe(String(req.body?.token || ''));
         res.status(r.ok ? 200 : 400).json(r);
     });
     // 浏览器友好的退订页（GET）
-    app.get('/unsubscribe', (req, res) => {
-        const r = doUnsubscribe(String(req.query?.t || ''));
+    app.get('/unsubscribe', async (req, res) => {
+        const r = await doUnsubscribe(String(req.query?.t || ''));
         const okHtml = `<!DOCTYPE html><html><head><meta charset="utf-8"><title>已退订 — webaz</title><meta name="viewport" content="width=device-width,initial-scale=1"><style>body{font-family:-apple-system,sans-serif;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0;background:#FAFAFA;color:#18181B}main{text-align:center;padding:32px}h1{font-size:22px;font-weight:600;margin:0 0 12px}p{font-size:14px;color:#71717A;margin:0 0 8px}a{color:#6366f1;text-decoration:none;font-size:13px}</style></head><body><main><h1>✓ 已退订 / Unsubscribed</h1><p>${r.email ? `<code>${r.email}</code>` : ''}</p><p>不会再收到 webaz 的邮件。<br>You won't receive emails from webaz anymore.</p><a href="/">← 返回首页 / Back</a></main></body></html>`;
         const errHtml = `<!DOCTYPE html><html><head><meta charset="utf-8"><title>退订链接无效</title><style>body{font-family:-apple-system,sans-serif;text-align:center;padding:80px 20px;color:#18181B}p{color:#71717A}</style></head><body><h1>退订链接无效</h1><p>${r.error}</p><a href="/">← 返回首页</a></body></html>`;
         res.setHeader('content-type', 'text/html; charset=utf-8');