@seasonkoh/webaz 0.1.24 → 0.1.26

package/dist/pwa/routes/admin-tokenomics.js

@@ -1,33 +1,35 @@
+import { dbOne, dbAll, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerAdminTokenomicsRoutes(app, deps) {
-    const { db, requireProtocolAdmin, logAdminAction } = deps;
+    // db 已走 RFC-016 异步 seam(dbOne/dbAll/dbRun),不再直接用 deps.db
+    const { requireProtocolAdmin, logAdminAction } = deps;
     // Tokenomics 详细数据 + Tier 配置 + 高额榜
-    app.get('/api/admin/tokenomics', (req, res) => {
+    app.get('/api/admin/tokenomics', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
-        const tiers = db.prepare("SELECT * FROM binary_tier_config ORDER BY tier ASC").all();
-        const topComm = db.prepare(`
+        const tiers = await dbAll("SELECT * FROM binary_tier_config ORDER BY tier ASC");
+        const topComm = await dbAll(`
       SELECT cr.beneficiary_id, u.name, COUNT(*) as records, COALESCE(SUM(cr.amount),0) as earned
       FROM commission_records cr LEFT JOIN users u ON u.id = cr.beneficiary_id
       WHERE cr.beneficiary_id != 'sys_protocol'
       GROUP BY cr.beneficiary_id ORDER BY earned DESC LIMIT 10
-    `).all();
-        const topBinary = db.prepare(`
+    `);
+        const topBinary = await dbAll(`
       SELECT bsr.user_id, u.name,
         COUNT(*) as hits,
         COALESCE(SUM(CASE WHEN settled_at IS NOT NULL THEN waz_amount ELSE 0 END),0) as waz_total,
         COALESCE(SUM(score),0) as score_total
       FROM binary_score_records bsr LEFT JOIN users u ON u.id = bsr.user_id
       GROUP BY bsr.user_id ORDER BY waz_total DESC LIMIT 10
-    `).all();
-        const gf = db.prepare("SELECT * FROM global_fund WHERE id=1").get();
-        const mb = db.prepare("SELECT balance FROM management_bonus_pool WHERE id=1").get();
-        const pvLedger = db.prepare(`
+    `);
+        const gf = await dbOne("SELECT * FROM global_fund WHERE id=1");
+        const mb = await dbOne("SELECT balance FROM management_bonus_pool WHERE id=1");
+        const pvLedger = await dbOne(`
       SELECT COUNT(*) as total,
         SUM(CASE WHEN processed=0 THEN 1 ELSE 0 END) as pending,
         COALESCE(SUM(CASE WHEN processed=0 THEN pv ELSE 0 END),0) as pending_pv
       FROM pv_ledger
-    `).get();
+    `);
         res.json({
             global_fund: gf,
             management_bonus_pool: mb,
@@ -38,7 +40,7 @@ export function registerAdminTokenomicsRoutes(app, deps) {
         });
     });
     // 调整 Tier 配置
-    app.post('/api/admin/tokenomics/tier', (req, res) => {
+    app.post('/api/admin/tokenomics/tier', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
@@ -47,50 +49,49 @@ export function registerAdminTokenomicsRoutes(app, deps) {
             return void res.json({ error: 'tier 无效' });
         if (Number(pv_threshold) <= 0 || Number(score_per_hit) <= 0)
             return void res.json({ error: '阈值/分数必须 > 0' });
-        db.prepare(`INSERT OR REPLACE INTO binary_tier_config (tier, pv_threshold, score_per_hit, active) VALUES (?,?,?,?)`)
-            .run(tier, Number(pv_threshold), Number(score_per_hit), active ? 1 : 0);
+        await dbRun(`INSERT OR REPLACE INTO binary_tier_config (tier, pv_threshold, score_per_hit, active) VALUES (?,?,?,?)`, [tier, Number(pv_threshold), Number(score_per_hit), active ? 1 : 0]);
         logAdminAction(admin.id, 'tokenomics_tier_update', 'tier', String(tier), { pv_threshold, score_per_hit, active });
         res.json({ success: true });
     });
     // 管理津贴资格列表 + 开关
-    app.get('/api/admin/tokenomics/mgmt-bonus', (req, res) => {
+    app.get('/api/admin/tokenomics/mgmt-bonus', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
-        const enabled = db.prepare("SELECT value FROM system_state WHERE key='mgmt_bonus_enabled'").get()?.value === '1';
-        const eligible = db.prepare(`
+        const enabled = (await dbOne("SELECT value FROM system_state WHERE key='mgmt_bonus_enabled'"))?.value === '1';
+        const eligible = await dbAll(`
       SELECT u.id, u.name, u.created_at,
         (SELECT COUNT(*) FROM users WHERE sponsor_id = u.id) as l1_count,
         COALESCE((SELECT SUM(amount) FROM commission_records WHERE beneficiary_id = u.id),0) as total_commission
       FROM users u WHERE u.mgmt_bonus_eligible = 1
       ORDER BY u.created_at DESC LIMIT 100
-    `).all();
+    `);
         res.json({ enabled, eligible_users: eligible, eligible_count: eligible.length });
     });
     // 注册必须 ref 开关
-    app.post('/api/admin/tokenomics/require-ref/toggle', (req, res) => {
+    app.post('/api/admin/tokenomics/require-ref/toggle', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
         const { enabled } = req.body;
         const v = enabled ? '1' : '0';
-        db.prepare("INSERT OR REPLACE INTO system_state (key, value) VALUES ('require_ref_to_register', ?)").run(v);
+        await dbRun("INSERT OR REPLACE INTO system_state (key, value) VALUES ('require_ref_to_register', ?)", [v]);
         logAdminAction(admin.id, 'require_ref_toggle', 'system', 'require_ref_to_register', { value: v });
         res.json({ success: true, enabled: !!enabled });
     });
     // 管理津贴池开关
-    app.post('/api/admin/tokenomics/mgmt-bonus/toggle', (req, res) => {
+    app.post('/api/admin/tokenomics/mgmt-bonus/toggle', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
         const { enabled } = req.body;
         const v = enabled ? '1' : '0';
-        db.prepare("INSERT OR REPLACE INTO system_state (key, value) VALUES ('mgmt_bonus_enabled', ?)").run(v);
+        await dbRun("INSERT OR REPLACE INTO system_state (key, value) VALUES ('mgmt_bonus_enabled', ?)", [v]);
         logAdminAction(admin.id, 'mgmt_bonus_toggle', 'system', 'mgmt_bonus_enabled', { value: v });
         res.json({ success: true, enabled: !!enabled });
     });
     // 池注资
-    app.post('/api/admin/tokenomics/inject', (req, res) => {
+    app.post('/api/admin/tokenomics/inject', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
@@ -99,10 +100,10 @@ export function registerAdminTokenomicsRoutes(app, deps) {
         if (!(n > 0))
             return void res.json({ error: '金额必须 > 0' });
         if (pool === 'global_fund') {
-            db.prepare("UPDATE global_fund SET pool_balance = pool_balance + ? WHERE id=1").run(n);
+            await dbRun("UPDATE global_fund SET pool_balance = pool_balance + ? WHERE id=1", [n]);
         }
         else if (pool === 'management_bonus') {
-            db.prepare("UPDATE management_bonus_pool SET balance = balance + ? WHERE id=1").run(n);
+            await dbRun("UPDATE management_bonus_pool SET balance = balance + ? WHERE id=1", [n]);
         }
         else {
             return void res.json({ error: 'pool 名称无效（global_fund / management_bonus）' });

package/dist/pwa/routes/admin-users-lifecycle.js

@@ -1,7 +1,9 @@
+import { dbOne, dbRun } from '../../layer0-foundation/L0-1-database/db.js'; // RFC-016 异步 DB seam
 export function registerAdminUsersLifecycleRoutes(app, deps) {
-    const { db, requireUsersAdmin, requireProtocolAdmin, requireContentAdmin, requireRootAdmin, adminCanOperateOn, isRootAdmin, safeRoles, logAdminAction, QUOTA_TIERS } = deps;
+    // db 已走 RFC-016 异步 seam(dbOne/dbRun),不再直接用 deps.db
+    const { requireUsersAdmin, requireProtocolAdmin, requireContentAdmin, requireRootAdmin, adminCanOperateOn, isRootAdmin, safeRoles, logAdminAction, QUOTA_TIERS } = deps;
     // L1 分享权限 override：0 auto / 1 强允 / -1 强禁
-    app.post('/api/admin/users/:id/l1-share-override', (req, res) => {
+    app.post('/api/admin/users/:id/l1-share-override', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
@@ -11,38 +13,38 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         const v = Number(value);
         if (![0, 1, -1].includes(v))
             return void res.json({ error: 'value 必须是 0 / 1 / -1' });
-        const target = db.prepare("SELECT id FROM users WHERE id = ?").get(req.params.id);
+        const target = await dbOne("SELECT id FROM users WHERE id = ?", [req.params.id]);
         if (!target)
             return void res.json({ error: '用户不存在' });
-        db.prepare("UPDATE users SET l1_share_override = ?, updated_at = datetime('now') WHERE id = ?").run(v, req.params.id);
+        await dbRun("UPDATE users SET l1_share_override = ?, updated_at = datetime('now') WHERE id = ?", [v, req.params.id]);
         logAdminAction(admin.id, 'l1_share_override', 'user', req.params.id, { value: v, note: note || null });
         res.json({ success: true, value: v });
     });
-    app.post('/api/admin/users/:id/mgmt-bonus-eligible', (req, res) => {
+    app.post('/api/admin/users/:id/mgmt-bonus-eligible', async (req, res) => {
         const admin = requireProtocolAdmin(req, res);
         if (!admin)
             return;
         if (!adminCanOperateOn(admin, req.params.id, res))
             return;
         const { eligible, note } = req.body;
-        const target = db.prepare("SELECT id, name FROM users WHERE id = ?").get(req.params.id);
+        const target = await dbOne("SELECT id, name FROM users WHERE id = ?", [req.params.id]);
         if (!target)
             return void res.json({ error: '用户不存在' });
-        db.prepare("UPDATE users SET mgmt_bonus_eligible = ?, updated_at = datetime('now') WHERE id = ?").run(eligible ? 1 : 0, req.params.id);
+        await dbRun("UPDATE users SET mgmt_bonus_eligible = ?, updated_at = datetime('now') WHERE id = ?", [eligible ? 1 : 0, req.params.id]);
         logAdminAction(admin.id, eligible ? 'mgmt_bonus_grant' : 'mgmt_bonus_revoke', 'user', req.params.id, { note: note || null });
         res.json({ success: true });
     });
-    app.post('/api/admin/users/:id/reset-failed-attempts', (req, res) => {
+    app.post('/api/admin/users/:id/reset-failed-attempts', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
         if (!admin)
             return;
         if (!adminCanOperateOn(admin, req.params.id, res))
             return;
-        db.prepare("UPDATE users SET failed_attempts = 0, locked_until = NULL WHERE id = ?").run(req.params.id);
+        await dbRun("UPDATE users SET failed_attempts = 0, locked_until = NULL WHERE id = ?", [req.params.id]);
         logAdminAction(admin.id, 'reset_failed_attempts', 'user', req.params.id, {});
         res.json({ success: true });
     });
-    app.post('/api/admin/users/:id/force-delist-all', (req, res) => {
+    app.post('/api/admin/users/:id/force-delist-all', async (req, res) => {
         // P0.5: content 权限 + scope
         const admin = requireContentAdmin(req, res);
         if (!admin)
@@ -50,15 +52,15 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         if (!adminCanOperateOn(admin, req.params.id, res))
             return;
         const { reason } = req.body;
-        const seller = db.prepare("SELECT id, name FROM users WHERE id = ?").get(req.params.id);
+        const seller = await dbOne("SELECT id, name FROM users WHERE id = ?", [req.params.id]);
         if (!seller)
             return void res.json({ error: '用户不存在' });
-        const result = db.prepare("UPDATE products SET status = 'paused', updated_at = datetime('now') WHERE seller_id = ? AND status = 'active'").run(req.params.id);
+        const result = await dbRun("UPDATE products SET status = 'paused', updated_at = datetime('now') WHERE seller_id = ? AND status = 'active'", [req.params.id]);
         logAdminAction(admin.id, 'force_delist_all', 'user', req.params.id, { reason: reason || null, count: result.changes });
         res.json({ success: true, count: result.changes });
     });
     // P0.4: users + scope；suspend admin → root only
-    app.post('/api/admin/users/:id/suspend', (req, res) => {
+    app.post('/api/admin/users/:id/suspend', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
         if (!admin)
             return;
@@ -66,7 +68,7 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         const { reason } = req.body;
         if (targetId === admin.id)
             return void res.json({ error: '不能暂停自己' });
-        const target = db.prepare("SELECT id, role, region FROM users WHERE id = ?").get(targetId);
+        const target = await dbOne("SELECT id, role, region FROM users WHERE id = ?", [targetId]);
         if (!target)
             return void res.json({ error: '用户不存在' });
         if (target.role === 'admin') {
@@ -75,35 +77,34 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         }
         if (target.role !== 'admin' && !adminCanOperateOn(admin, targetId, res))
             return;
-        db.prepare(`INSERT INTO user_moderation (user_id, suspended, reason, suspended_by, suspended_at)
+        await dbRun(`INSERT INTO user_moderation (user_id, suspended, reason, suspended_by, suspended_at)
                 VALUES (?, 1, ?, ?, datetime('now'))
                 ON CONFLICT(user_id) DO UPDATE SET
                   suspended    = 1,
                   reason       = excluded.reason,
                   suspended_by = excluded.suspended_by,
-                  suspended_at = datetime('now')`)
-            .run(targetId, reason || null, admin.id);
+                  suspended_at = datetime('now')`, [targetId, reason || null, admin.id]);
         logAdminAction(admin.id, 'suspend_user', 'user', targetId, { reason: reason || null });
         res.json({ success: true });
     });
-    app.post('/api/admin/users/:id/unsuspend', (req, res) => {
+    app.post('/api/admin/users/:id/unsuspend', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
         if (!admin)
             return;
         const targetId = req.params.id;
-        const target = db.prepare("SELECT id, role FROM users WHERE id = ?").get(targetId);
+        const target = await dbOne("SELECT id, role FROM users WHERE id = ?", [targetId]);
         if (!target)
             return void res.json({ error: '用户不存在' });
         if (target.role === 'admin' && !isRootAdmin(admin))
             return void res.status(403).json({ error: '仅 root 可恢复其他 admin' });
         if (target.role !== 'admin' && !adminCanOperateOn(admin, targetId, res))
             return;
-        db.prepare("UPDATE user_moderation SET suspended = 0, suspended_at = NULL WHERE user_id = ?").run(targetId);
+        await dbRun("UPDATE user_moderation SET suspended = 0, suspended_at = NULL WHERE user_id = ?", [targetId]);
         logAdminAction(admin.id, 'unsuspend_user', 'user', targetId, {});
         res.json({ success: true });
     });
     // P0.1: admin 角色提权必须 root；其他角色需 users + scope
-    app.post('/api/admin/users/:id/grant-role', (req, res) => {
+    app.post('/api/admin/users/:id/grant-role', async (req, res) => {
         const { role } = req.body;
         const allowed = ['admin', 'verifier', 'arbitrator', 'logistics', 'seller', 'buyer'];
         if (!allowed.includes(role))
@@ -114,20 +115,19 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         const targetId = req.params.id;
         if (!adminCanOperateOn(admin, targetId, res))
             return;
-        const target = db.prepare("SELECT id, roles FROM users WHERE id = ?").get(targetId);
+        const target = await dbOne("SELECT id, roles FROM users WHERE id = ?", [targetId]);
         if (!target)
             return void res.json({ error: '用户不存在' });
         const roles = safeRoles(target);
         if (roles.includes(role))
             return void res.json({ error: '该用户已拥有此角色' });
         roles.push(role);
-        db.prepare("UPDATE users SET roles = ?, updated_at = datetime('now') WHERE id = ?")
-            .run(JSON.stringify(roles), targetId);
+        await dbRun("UPDATE users SET roles = ?, updated_at = datetime('now') WHERE id = ?", [JSON.stringify(roles), targetId]);
         logAdminAction(admin.id, 'grant_role', 'user', targetId, { role });
         res.json({ success: true, roles });
     });
     // P0.2: preview diff，含 admin 变更 → root only
-    app.post('/api/admin/users/:id/set-roles', (req, res) => {
+    app.post('/api/admin/users/:id/set-roles', async (req, res) => {
         const { roles } = req.body;
         const allowed = ['buyer', 'seller', 'logistics', 'arbitrator', 'verifier', 'admin'];
         if (!Array.isArray(roles) || roles.length === 0)
@@ -138,7 +138,7 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         }
         const dedup = Array.from(new Set(roles));
         const targetId = req.params.id;
-        const target = db.prepare("SELECT id, role, roles FROM users WHERE id = ?").get(targetId);
+        const target = await dbOne("SELECT id, role, roles FROM users WHERE id = ?", [targetId]);
         if (!target)
             return void res.json({ error: '用户不存在' });
         const oldRoles = (() => { try {
@@ -162,8 +162,7 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
             return void res.json({ error: '角色无变更' });
         }
         const newActiveRole = dedup.includes(target.role) ? target.role : dedup[0];
-        db.prepare("UPDATE users SET role = ?, roles = ?, updated_at = datetime('now') WHERE id = ?")
-            .run(newActiveRole, JSON.stringify(dedup), targetId);
+        await dbRun("UPDATE users SET role = ?, roles = ?, updated_at = datetime('now') WHERE id = ?", [newActiveRole, JSON.stringify(dedup), targetId]);
         if (added.length)
             logAdminAction(admin.id, 'grant_role_batch', 'user', targetId, { roles: added });
         if (removed.length)
@@ -171,7 +170,7 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         res.json({ success: true, roles: dedup, added, removed });
     });
     // P0.3: revoke admin → root only
-    app.post('/api/admin/users/:id/revoke-role', (req, res) => {
+    app.post('/api/admin/users/:id/revoke-role', async (req, res) => {
         const { role } = req.body;
         const admin = role === 'admin' ? requireRootAdmin(req, res) : requireUsersAdmin(req, res);
         if (!admin)
@@ -181,19 +180,18 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
             return;
         if (targetId === admin.id && role === 'admin')
             return void res.json({ error: '不能撤销自己的管理员角色（防自杀）' });
-        const target = db.prepare("SELECT id, role, roles FROM users WHERE id = ?").get(targetId);
+        const target = await dbOne("SELECT id, role, roles FROM users WHERE id = ?", [targetId]);
         if (!target)
             return void res.json({ error: '用户不存在' });
         const roles = safeRoles(target).filter(r => r !== role);
         if (roles.length === 0)
             return void res.json({ error: '用户至少保留一个角色' });
         const newActiveRole = target.role === role ? roles[0] : target.role;
-        db.prepare("UPDATE users SET role = ?, roles = ?, updated_at = datetime('now') WHERE id = ?")
-            .run(newActiveRole, JSON.stringify(roles), targetId);
+        await dbRun("UPDATE users SET role = ?, roles = ?, updated_at = datetime('now') WHERE id = ?", [newActiveRole, JSON.stringify(roles), targetId]);
         logAdminAction(admin.id, 'revoke_role', 'user', targetId, { role });
         res.json({ success: true, roles });
     });
-    app.post('/api/admin/users/:id/set-product-quota', (req, res) => {
+    app.post('/api/admin/users/:id/set-product-quota', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
         if (!admin)
             return;
@@ -203,14 +201,14 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         const n = Number(max_products);
         if (!QUOTA_TIERS.includes(n))
             return void res.json({ error: `配额应为 ${QUOTA_TIERS.join(' / ')} 之一` });
-        const target = db.prepare("SELECT id FROM users WHERE id = ?").get(req.params.id);
+        const target = await dbOne("SELECT id FROM users WHERE id = ?", [req.params.id]);
         if (!target)
             return void res.json({ error: '用户不存在' });
-        db.prepare("UPDATE users SET max_products = ?, updated_at = datetime('now') WHERE id = ?").run(n, req.params.id);
+        await dbRun("UPDATE users SET max_products = ?, updated_at = datetime('now') WHERE id = ?", [n, req.params.id]);
         logAdminAction(admin.id, 'set_product_quota', 'user', req.params.id, { quota: n });
         res.json({ success: true, max_products: n });
     });
-    app.post('/api/admin/users/:id/pause-listing', (req, res) => {
+    app.post('/api/admin/users/:id/pause-listing', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
         if (!admin)
             return;
@@ -219,18 +217,17 @@ export function registerAdminUsersLifecycleRoutes(app, deps) {
         const { reason } = req.body;
         if (!reason?.trim())
             return void res.json({ error: '请填写暂停原因' });
-        db.prepare(`UPDATE users SET listing_paused = 1, listing_paused_reason = ?, listing_paused_by = ?, listing_paused_at = datetime('now'), updated_at = datetime('now') WHERE id = ?`)
-            .run(reason.trim(), admin.id, req.params.id);
+        await dbRun(`UPDATE users SET listing_paused = 1, listing_paused_reason = ?, listing_paused_by = ?, listing_paused_at = datetime('now'), updated_at = datetime('now') WHERE id = ?`, [reason.trim(), admin.id, req.params.id]);
         logAdminAction(admin.id, 'pause_listing', 'user', req.params.id, { reason: reason.trim() });
         res.json({ success: true });
     });
-    app.post('/api/admin/users/:id/resume-listing', (req, res) => {
+    app.post('/api/admin/users/:id/resume-listing', async (req, res) => {
         const admin = requireUsersAdmin(req, res);
         if (!admin)
             return;
         if (!adminCanOperateOn(admin, req.params.id, res))
             return;
-        db.prepare(`UPDATE users SET listing_paused = 0, listing_paused_reason = NULL, updated_at = datetime('now') WHERE id = ?`).run(req.params.id);
+        await dbRun(`UPDATE users SET listing_paused = 0, listing_paused_reason = NULL, updated_at = datetime('now') WHERE id = ?`, [req.params.id]);
         logAdminAction(admin.id, 'resume_listing', 'user', req.params.id, {});
         res.json({ success: true });
     });