feat(handler): add app

2026-01-31 15:44:56 +08:00
parent 6b68a368f1
commit 4dc46659c9
25 changed files with 2516 additions and 14 deletions
--- a/scripts/db/migrations/0003_app_lifecycle.sql
+++ b/scripts/db/migrations/0003_app_lifecycle.sql
@@ -0,0 +1,64 @@
+BEGIN;
+
+ALTER TABLE apps
+    ADD COLUMN IF NOT EXISTS app_type VARCHAR(50) NOT NULL DEFAULT 'generic',
+    ADD COLUMN IF NOT EXISTS owner VARCHAR(100),
+    ADD COLUMN IF NOT EXISTS owner_user_id UUID,
+    ADD COLUMN IF NOT EXISTS updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW();
+
+UPDATE apps
+SET updated_at = COALESCE(updated_at, created_at, NOW());
+
+CREATE INDEX IF NOT EXISTS idx_apps_status ON apps(status);
+CREATE INDEX IF NOT EXISTS idx_apps_app_type ON apps(app_type);
+CREATE INDEX IF NOT EXISTS idx_apps_created_at ON apps(created_at);
+
+CREATE TABLE IF NOT EXISTS app_change_logs (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    app_id VARCHAR(32) NOT NULL REFERENCES apps(id) ON DELETE CASCADE,
+    action VARCHAR(50) NOT NULL,
+    actor_user_id UUID,
+    before JSONB,
+    after JSONB,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_app_change_logs_app_id ON app_change_logs(app_id);
+CREATE INDEX IF NOT EXISTS idx_app_change_logs_created_at ON app_change_logs(created_at);
+
+CREATE TABLE IF NOT EXISTS app_status_change_requests (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    app_id VARCHAR(32) NOT NULL REFERENCES apps(id) ON DELETE CASCADE,
+    from_status VARCHAR(20) NOT NULL,
+    to_status VARCHAR(20) NOT NULL,
+    requested_by UUID,
+    requested_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    effective_at TIMESTAMP WITH TIME ZONE,
+    status VARCHAR(20) NOT NULL DEFAULT 'pending',
+    approved_by UUID,
+    approved_at TIMESTAMP WITH TIME ZONE,
+    rejected_by UUID,
+    rejected_at TIMESTAMP WITH TIME ZONE,
+    reason TEXT
+);
+
+CREATE INDEX IF NOT EXISTS idx_app_status_change_requests_status ON app_status_change_requests(status);
+CREATE INDEX IF NOT EXISTS idx_app_status_change_requests_app_id ON app_status_change_requests(app_id);
+CREATE INDEX IF NOT EXISTS idx_app_status_change_requests_effective_at ON app_status_change_requests(effective_at);
+
+INSERT INTO permissions (code, description, resource, action) VALUES
+('iam:app:read', 'Read apps registry', 'app', 'read'),
+('iam:app:write', 'Manage apps registry', 'app', 'write'),
+('iam:app:approve', 'Approve app status change', 'app_status_change', 'approve'),
+('iam:app:delete', 'Delete apps registry', 'app', 'delete')
+ON CONFLICT (code) DO NOTHING;
+
+INSERT INTO role_permissions (role_id, permission_id)
+SELECT r.id, p.id
+FROM roles r, permissions p
+WHERE r.name = 'SuperAdmin'
+  AND r.tenant_id = '00000000-0000-0000-0000-000000000001'
+  AND p.code IN ('iam:app:read', 'iam:app:write', 'iam:app:approve', 'iam:app:delete')
+ON CONFLICT DO NOTHING;
+
+COMMIT;
--- a/scripts/db/migrations/0004_password_reset.sql
+++ b/scripts/db/migrations/0004_password_reset.sql
@@ -0,0 +1,24 @@
+BEGIN;
+
+INSERT INTO permissions (code, description, resource, action) VALUES
+('user:password:reset:any', 'Reset any user password in tenant', 'user_password', 'reset_any')
+ON CONFLICT (code) DO NOTHING;
+
+INSERT INTO role_permissions (role_id, permission_id)
+SELECT r.id, p.id
+FROM roles r, permissions p
+WHERE r.name = 'Admin'
+  AND r.is_system = TRUE
+  AND p.code = 'user:password:reset:any'
+ON CONFLICT DO NOTHING;
+
+INSERT INTO role_permissions (role_id, permission_id)
+SELECT r.id, p.id
+FROM roles r, permissions p
+WHERE r.name = 'SuperAdmin'
+  AND r.tenant_id = '00000000-0000-0000-0000-000000000001'
+  AND p.code = 'user:password:reset:any'
+ON CONFLICT DO NOTHING;
+
+COMMIT;
+