4c41374db4
Apps become the isolation boundary for scripts, routes, domains, and
later data. Doing this now — while the surface is small — avoids
several migrations on populated tables once v1.1 data-plane services
ship.
Schema (migration 0005_apps.sql):
- New tables: apps, app_domains (with shape_key UNIQUE for collision
detection), app_slug_history (for permanent slug-rename redirects).
- app_id added to scripts, routes, execution_logs (non-null, cascading
rules per row).
- Script-name uniqueness becomes per-app; the route unique index is
swapped for an app-scoped version.
- The "default" app is seeded unconditionally with a localhost claim;
existing scripts/routes backfill into it. Fresh installs additionally
get the Hello World seed via seed_hello_world_if_fresh after
migrations run (idempotent — only fires when the default app has no
scripts).
Orchestrator dispatch is two-phase: AppDomainTable resolves Host →
app_id (most-specific match wins, exact beats wildcard), then the
existing route matcher runs against that app's partitioned slice via
RouteTable. Unknown hosts return 404 at the app layer with a clear
message; /api/v1/execute/{id} still works as the implicit
__internal__ claim, decoupled from any public domain.
Manager API: full CRUD for /api/v1/admin/apps/* and
/api/v1/admin/apps/{id_or_slug}/domains/*, with slug:check + force
takeover semantics implementing the rename-history flow (two-step
check → confirm, never a single endpoint). Script create requires
app_id; list accepts ?app= filter. Route create validates host
against the parent app's claims; conflict detection stays strictly
intra-app.
Dashboard: /admin/apps and /admin/apps/{slug} (overview + scripts +
domains + settings tabs, with slug-history-aware redirects). Root
path redirects to the apps list. Script detail page gains an app
breadcrumb and threads app_id into the route preview.
Deferred per design: per-app admin roles. The require_admin middleware
remains the seam where role checks will slot in later.
Blueprint §11.5 and roadmap updated to reflect what shipped; docs/
versioning.md notes the schema 3 → 5 bump.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
59 lines
1.9 KiB
Rust
59 lines
1.9 KiB
Rust
use async_trait::async_trait;
|
|
use picloud_shared::{ExecutionLog, ExecutionLogSink, LogSinkError};
|
|
use sqlx::PgPool;
|
|
|
|
/// Persists `ExecutionLog` rows to the `execution_logs` table.
|
|
///
|
|
/// In cluster mode this impl lives in the manager and is reachable
|
|
/// from orchestrator nodes via an HTTP wrapper; in single-process MVP
|
|
/// mode the orchestrator's `DataPlaneState` holds it directly.
|
|
pub struct PostgresExecutionLogSink {
|
|
pool: PgPool,
|
|
}
|
|
|
|
impl PostgresExecutionLogSink {
|
|
#[must_use]
|
|
pub fn new(pool: PgPool) -> Self {
|
|
Self { pool }
|
|
}
|
|
}
|
|
|
|
#[async_trait]
|
|
impl ExecutionLogSink for PostgresExecutionLogSink {
|
|
async fn record(&self, log: ExecutionLog) -> Result<(), LogSinkError> {
|
|
let headers = serde_json::to_value(&log.request_headers)
|
|
.map_err(|e| LogSinkError::Backend(format!("encode headers: {e}")))?;
|
|
let response_code = log.response_code.map(i32::from);
|
|
let duration_ms = i32::try_from(log.duration_ms).unwrap_or(i32::MAX);
|
|
|
|
sqlx::query(
|
|
"INSERT INTO execution_logs ( \
|
|
id, app_id, script_id, request_id, \
|
|
request_path, request_headers, request_body, \
|
|
response_code, response_body, \
|
|
logs, duration_ms, status, created_at \
|
|
) VALUES ( \
|
|
$1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13 \
|
|
)",
|
|
)
|
|
.bind(log.id)
|
|
.bind(log.app_id.into_inner())
|
|
.bind(log.script_id.into_inner())
|
|
.bind(log.request_id.into_inner())
|
|
.bind(&log.request_path)
|
|
.bind(headers)
|
|
.bind(&log.request_body)
|
|
.bind(response_code)
|
|
.bind(&log.response_body)
|
|
.bind(&log.script_logs)
|
|
.bind(duration_ms)
|
|
.bind(log.status.as_str())
|
|
.bind(log.created_at)
|
|
.execute(&self.pool)
|
|
.await
|
|
.map_err(|e| LogSinkError::Backend(e.to_string()))?;
|
|
|
|
Ok(())
|
|
}
|
|
}
|