Void-Homelab/lib/db/repos/resources.js

import { pool } from '../pool.js';
import { recordAudit } from './audit_stub.js';

const FIELDS = ['space_id','slug','name','runtime_type','host','url','version','status','monitoring','metadata','last_check','maintenance_until'];

export async function create(input, actor) {
  const cols = [], vals = [], ph = [];
  let i = 1;
  for (const f of FIELDS) {
    if (input[f] !== undefined) { cols.push(f); vals.push(input[f]); ph.push(`$${i++}`); }
  }
  const { rows: [r] } = await pool.query(
    `INSERT INTO resources(${cols.join(',')}) VALUES(${ph.join(',')}) RETURNING *`,
    vals
  );
  await recordAudit(actor, 'create', 'resource', r.id, null, r);
  return r;
}

export async function getById(id) {
  const { rows: [r] } = await pool.query(`SELECT * FROM resources WHERE id=$1`, [id]);
  return r;
}

export async function listBySpace(space_id) {
  const { rows } = await pool.query(
    `SELECT * FROM resources WHERE space_id=$1 ORDER BY name`, [space_id]
  );
  return rows;
}

// Attack-surface inventory across all spaces. Scalar columns only — never the
// monitoring/metadata JSON blobs (which can hold connection hints / vault_path).
export async function listExposure() {
  const { rows } = await pool.query(
    `SELECT id, space_id, slug, name, runtime_type, host, url, version, status,
            last_check, maintenance_until
     FROM resources ORDER BY name`
  );
  return rows;
}

export async function update(id, patch, actor) {
  const before = await getById(id);
  const sets = [], vals = [];
  let i = 1;
  for (const f of FIELDS) {
    if (patch[f] !== undefined) { sets.push(`${f}=$${i++}`); vals.push(patch[f]); }
  }
  sets.push(`updated_at=now()`);
  vals.push(id);
  const { rows: [r] } = await pool.query(
    `UPDATE resources SET ${sets.join(', ')} WHERE id=$${i} RETURNING *`,
    vals
  );
  await recordAudit(actor, 'update', 'resource', id, before, r);
  return r;
}

export async function del(id, actor) {
  const before = await getById(id);
  await pool.query(`DELETE FROM resources WHERE id=$1`, [id]);
  await recordAudit(actor, 'delete', 'resource', id, before, null);
}

export async function addDependency(resource_id, depends_on, kind) {
  if (resource_id === depends_on) throw new Error('resource cannot depend on itself');
  // Derive space_id from the source resource; the composite FK rejects
  // cross-space links at the DB layer.
  const { rows: [src] } = await pool.query(
    `SELECT space_id FROM resources WHERE id=$1`, [resource_id]
  );
  if (!src) throw new Error(`resource ${resource_id} not found`);
  await pool.query(
    `INSERT INTO resource_dependencies(resource_id, depends_on, space_id, kind)
     VALUES($1,$2,$3,$4) ON CONFLICT DO NOTHING`,
    [resource_id, depends_on, src.space_id, kind || null]
  );
}

export async function removeDependency(resource_id, depends_on) {
  await pool.query(
    `DELETE FROM resource_dependencies WHERE resource_id=$1 AND depends_on=$2`,
    [resource_id, depends_on]
  );
}

export async function listDependencies(resource_id) {
  const { rows } = await pool.query(
    `SELECT * FROM resource_dependencies WHERE resource_id=$1`, [resource_id]
  );
  return rows;
}

export async function addCredential(resource_id, { label, vault_path, kind, notes }) {
  // Derive space_id from the resource so caller can't fake cross-tenant assignment.
  const { rows: [src] } = await pool.query(
    `SELECT space_id FROM resources WHERE id=$1`, [resource_id]
  );
  if (!src) throw new Error(`resource ${resource_id} not found`);
  const { rows: [r] } = await pool.query(
    `INSERT INTO resource_credentials(resource_id, space_id, label, vault_path, kind, notes)
     VALUES($1,$2,$3,$4,$5,$6) RETURNING *`,
    [resource_id, src.space_id, label, vault_path, kind || null, notes || null]
  );
  return r;
}

export async function listCredentials(resource_id) {
  const { rows } = await pool.query(
    `SELECT id, resource_id, label, vault_path, kind, notes, created_at
     FROM resource_credentials WHERE resource_id=$1 ORDER BY label`,
    [resource_id]
  );
  return rows;
}