Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fa47419cbd08d0965251449ccae332d079dbe70b
Void-Homelab/lib/api/routes/pending_changes.js
root ec96e4e2e3 feat(api): pending-changes + audit routes 
Owner-only routes wired with an applyPendingChange dispatch helper
covering page/project/task/ref/resource/source_doc create/update/delete.
Approve and reject emit their own audit_log entries (actions already in
the CHECK vocab) so the audit trail is self-contained.

Documents a latent bug in security-followups.md: pending_changes.action
CHECK constraint blocks 'upsert' / 'add_dependency' / 'remove_dependency'
divertToPending paths in refs/resources routes when an agent at suggest
tier hits them.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-01 02:01:10 +10:00

96 lines
3.4 KiB
JavaScript
Raw Blame History

import { Router } from 'express';
import { z } from 'zod';
import * as pendingRepo from '../../db/repos/pending_changes.js';
import * as pagesRepo from '../../db/repos/pages.js';
import * as projectsRepo from '../../db/repos/projects.js';
import * as tasksRepo from '../../db/repos/tasks.js';
import * as refsRepo from '../../db/repos/refs.js';
import * as resourcesRepo from '../../db/repos/resources.js';
import * as sourceDocsRepo from '../../db/repos/source_docs.js';
import * as audit from '../../db/repos/audit.js';
import { parsePagination } from '../pagination.js';
import { validate } from '../validate.js';
import { requireOwner } from '../cap.js';
import { NotFoundError, ConflictError, ValidationError, asyncWrap } from '../errors.js';
const REPOS = {
page: pagesRepo,
project: projectsRepo,
task: tasksRepo,
ref: refsRepo,
resource: resourcesRepo,
source_doc: sourceDocsRepo
};
// Action dispatch only supports the three CHECK-allowed actions on
// pending_changes. Extended actions like 'upsert' / 'add_dependency' /
// 'remove_dependency' are surfaced from a few routes but are blocked at
// the DB level today — see docs/security-followups.md.
export async function applyPendingChange(row, actor) {
const repo = REPOS[row.entity_type];
if (!repo) throw new ValidationError(`unsupported entity_type for approval: ${row.entity_type}`);
switch (row.action) {
case 'create': {
const created = await repo.create(row.payload, actor);
return created.id;
}
case 'update': {
await repo.update(row.entity_id, row.payload, actor);
return row.entity_id;
}
case 'delete': {
await repo.del(row.entity_id, actor);
return row.entity_id;
}
default:
throw new ValidationError(`unsupported action for approval: ${row.action}`);
}
}
const idParams = z.object({ id: z.string().uuid() });
export const router = Router();
router.use(requireOwner);
router.get('/',
asyncWrap(async (req, res) => {
const { limit } = parsePagination(req);
res.json(await pendingRepo.listPending({ limit }));
})
);
router.post('/:id/approve',
validate({ params: idParams }),
asyncWrap(async (req, res) => {
const row = await pendingRepo.getById(req.params.id);
if (!row) throw new NotFoundError('pending change not found');
if (row.status !== 'pending') {
throw new ConflictError(`pending change is already ${row.status}`);
}
const entity_id = await applyPendingChange(row, req.actor);
const resolved = await pendingRepo.resolve(req.params.id, 'approved', req.actor?.id ?? 'owner');
await audit.recordAudit(
req.actor, 'approve', row.entity_type, entity_id,
null, { pending_id: row.id, original_agent_id: row.agent_id, action: row.action }
);
res.json({ ...resolved, entity_id });
})
);
router.post('/:id/reject',
validate({ params: idParams }),
asyncWrap(async (req, res) => {
const row = await pendingRepo.getById(req.params.id);
if (!row) throw new NotFoundError('pending change not found');
if (row.status !== 'pending') {
throw new ConflictError(`pending change is already ${row.status}`);
}
const resolved = await pendingRepo.resolve(req.params.id, 'rejected', req.actor?.id ?? 'owner');
await audit.recordAudit(
req.actor, 'reject', row.entity_type, row.entity_id,
null, { pending_id: row.id, original_agent_id: row.agent_id, action: row.action }
);
res.json(resolved);
})
);
Reference in New Issue View Git Blame Copy Permalink