feat: add tenant and user management with migrations, handlers, and tests

- Implemented tenant and user management features including:
  - Tenant creation and management with associated migrations.
  - User creation and management with associated migrations.
  - Tenant membership management with associated migrations.
  - Platform user roles management with associated migrations.
  - Quota management with associated migrations.
  - Article and template management with associated migrations.
- Added HTTP handlers for templates and workspaces.
- Created tests for protected and public routes.
- Introduced a script to check tenant scope in SQL queries.
- Documented task plan for backend completion and frontend foundation.
This commit is contained in:
2026-04-01 00:58:42 +08:00
commit de30497f59
210 changed files with 23733 additions and 0 deletions
+14
View File
@@ -0,0 +1,14 @@
{
"name": "@geo/http-client",
"version": "0.0.0",
"private": true,
"type": "module",
"dependencies": {
"@geo/shared-types": "workspace:*",
"axios": "^1.14.0"
},
"exports": {
".": "./src/index.ts"
}
}
+163
View File
@@ -0,0 +1,163 @@
import axios, {
type AxiosError,
type AxiosInstance,
type AxiosRequestConfig,
type InternalAxiosRequestConfig,
} from "axios";
import type { ApiEnvelope, ApiErrorEnvelope, AuthTokens } from "@geo/shared-types";
export interface AuthBindings {
getAccessToken: () => string | null;
getRefreshToken: () => string | null;
setTokens: (tokens: AuthTokens) => void;
clearTokens: () => void;
refresh: (refreshToken: string) => Promise<AuthTokens>;
}
export interface CreateApiClientOptions {
baseURL?: string;
timeoutMs?: number;
auth?: AuthBindings;
}
export class ApiClientError extends Error {
status?: number;
code: number;
detail?: string;
requestId?: string;
constructor(input: {
message: string;
code?: number;
status?: number;
detail?: string;
requestId?: string;
}) {
super(input.message);
this.name = "ApiClientError";
this.code = input.code ?? 50000;
this.status = input.status;
this.detail = input.detail;
this.requestId = input.requestId;
}
}
export interface ApiClient {
raw: AxiosInstance;
get: <T>(url: string, config?: AxiosRequestConfig) => Promise<T>;
post: <T, B = unknown>(url: string, body?: B, config?: AxiosRequestConfig) => Promise<T>;
put: <T, B = unknown>(url: string, body?: B, config?: AxiosRequestConfig) => Promise<T>;
remove: <T>(url: string, config?: AxiosRequestConfig) => Promise<T>;
}
function normalizeError(error: unknown): ApiClientError {
if (error instanceof ApiClientError) {
return error;
}
if (axios.isAxiosError(error)) {
const payload = error.response?.data as Partial<ApiErrorEnvelope> | undefined;
return new ApiClientError({
message: payload?.message ?? error.message ?? "network_error",
code: payload?.code ?? 50000,
status: error.response?.status,
detail: payload?.detail,
requestId: payload?.request_id,
});
}
if (error instanceof Error) {
return new ApiClientError({ message: error.message });
}
return new ApiClientError({ message: "unknown_error" });
}
function unwrapEnvelope<T>(response: { data: ApiEnvelope<T> }): T {
return response.data.data;
}
export function createApiClient(options: CreateApiClientOptions = {}): ApiClient {
const client = axios.create({
baseURL: options.baseURL ?? "",
timeout: options.timeoutMs ?? 15000,
withCredentials: false,
});
const auth = options.auth;
let refreshPromise: Promise<AuthTokens> | null = null;
client.interceptors.request.use((config) => {
if (!auth) {
return config;
}
const accessToken = auth.getAccessToken();
if (accessToken) {
config.headers = config.headers ?? {};
(config.headers as Record<string, string>).Authorization = `Bearer ${accessToken}`;
}
return config;
});
client.interceptors.response.use(
(response) => response,
async (error: AxiosError<ApiErrorEnvelope>) => {
if (auth && error.response?.status === 401 && error.config) {
const originalRequest = error.config as InternalAxiosRequestConfig & {
_retry?: boolean;
};
const refreshToken = auth.getRefreshToken();
if (refreshToken && !originalRequest._retry) {
originalRequest._retry = true;
try {
if (!refreshPromise) {
refreshPromise = auth
.refresh(refreshToken)
.then((tokens) => {
auth.setTokens(tokens);
return tokens;
})
.finally(() => {
refreshPromise = null;
});
}
const nextTokens = await refreshPromise;
originalRequest.headers = originalRequest.headers ?? {};
(originalRequest.headers as Record<string, string>).Authorization =
`Bearer ${nextTokens.accessToken}`;
return client.request(originalRequest);
} catch (refreshError) {
auth.clearTokens();
throw normalizeError(refreshError);
}
}
auth.clearTokens();
}
throw normalizeError(error);
},
);
return {
raw: client,
async get<T>(url: string, config?: AxiosRequestConfig) {
return unwrapEnvelope(await client.get<ApiEnvelope<T>>(url, config));
},
async post<T, B = unknown>(url: string, body?: B, config?: AxiosRequestConfig) {
return unwrapEnvelope(await client.post<ApiEnvelope<T>>(url, body, config));
},
async put<T, B = unknown>(url: string, body?: B, config?: AxiosRequestConfig) {
return unwrapEnvelope(await client.put<ApiEnvelope<T>>(url, body, config));
},
async remove<T>(url: string, config?: AxiosRequestConfig) {
return unwrapEnvelope(await client.delete<ApiEnvelope<T>>(url, config));
},
};
}