123

2026-03-19 16:07:35 +07:00
commit 39b0358b08
63 changed files with 3128 additions and 0 deletions
--- a/infra/postgres/init.sql
+++ b/infra/postgres/init.sql
@@ -0,0 +1,156 @@
+create extension if not exists "pgcrypto";
+
+create table if not exists app_users (
+  id uuid primary key default gen_random_uuid(),
+  username varchar(100) unique not null,
+  password_hash text not null,
+  is_active boolean not null default true,
+  created_at timestamptz not null default now()
+);
+
+create table if not exists roles (
+  id uuid primary key default gen_random_uuid(),
+  code varchar(100) unique not null,
+  name varchar(120) not null,
+  description text,
+  created_at timestamptz not null default now()
+);
+
+create table if not exists permissions (
+  id uuid primary key default gen_random_uuid(),
+  resource varchar(100) not null,
+  action varchar(50) not null,
+  unique(resource, action)
+);
+
+create table if not exists user_roles (
+  user_id uuid not null references app_users(id) on delete cascade,
+  role_id uuid not null references roles(id) on delete cascade,
+  primary key(user_id, role_id)
+);
+
+create table if not exists table_groups (
+  id uuid primary key default gen_random_uuid(),
+  code varchar(100) unique not null,
+  name varchar(120) not null,
+  description text
+);
+
+create table if not exists table_group_tables (
+  id uuid primary key default gen_random_uuid(),
+  table_group_id uuid not null references table_groups(id) on delete cascade,
+  table_name varchar(120) unique not null
+);
+
+create table if not exists role_permissions (
+  role_id uuid not null references roles(id) on delete cascade,
+  permission_id uuid not null references permissions(id) on delete cascade,
+  table_group_id uuid references table_groups(id) on delete cascade,
+  primary key(role_id, permission_id, table_group_id)
+);
+
+create table if not exists audit_logs (
+  id bigserial primary key,
+  user_id uuid references app_users(id) on delete set null,
+  action varchar(100) not null,
+  resource_type varchar(100) not null,
+  resource_name varchar(150),
+  sql_text text,
+  details jsonb not null default '{}'::jsonb,
+  success boolean not null default true,
+  created_at timestamptz not null default now()
+);
+
+create table if not exists finance_entries (
+  id bigserial primary key,
+  title varchar(120) not null,
+  amount numeric(12, 2) not null,
+  currency varchar(10) not null default 'USD',
+  created_at timestamptz not null default now()
+);
+
+create table if not exists user_profiles (
+  id bigserial primary key,
+  email varchar(190) not null unique,
+  full_name varchar(190) not null,
+  status varchar(50) not null default 'active',
+  created_at timestamptz not null default now()
+);
+
+create table if not exists app_logs (
+  id bigserial primary key,
+  level varchar(20) not null,
+  message text not null,
+  created_at timestamptz not null default now()
+);
+
+insert into table_groups (code, name, description)
+values
+  ('finance', 'Finance', 'Financial tables'),
+  ('users', 'Users', 'User domain tables'),
+  ('logs', 'Logs', 'Log and audit related tables')
+on conflict (code) do nothing;
+
+insert into table_group_tables (table_group_id, table_name)
+select tg.id, mapping.table_name
+from table_groups tg
+join (
+  values
+    ('finance', 'finance_entries'),
+    ('users', 'user_profiles'),
+    ('logs', 'app_logs')
+) as mapping(group_code, table_name)
+  on mapping.group_code = tg.code
+on conflict (table_name) do nothing;
+
+insert into permissions (resource, action)
+values
+  ('global', 'read'),
+  ('global', 'write'),
+  ('global', 'delete'),
+  ('global', 'schema'),
+  ('global', 'execute')
+on conflict (resource, action) do nothing;
+
+insert into roles (code, name, description)
+values
+  ('root', 'Root', 'Full access'),
+  ('group_admin', 'Group Admin', 'Admin of assigned table groups'),
+  ('editor', 'Editor', 'Read and write access'),
+  ('viewer', 'Viewer', 'Read-only access')
+on conflict (code) do nothing;
+
+insert into app_users (username, password_hash)
+values
+  ('root', crypt('ChangeMe123!', gen_salt('bf')))
+on conflict (username) do nothing;
+
+insert into user_roles (user_id, role_id)
+select u.id, r.id
+from app_users u
+join roles r on r.code = 'root'
+where u.username = 'root'
+on conflict do nothing;
+
+insert into role_permissions (role_id, permission_id, table_group_id)
+select r.id, p.id, null
+from roles r
+join permissions p on p.resource = 'global'
+where r.code = 'root'
+on conflict do nothing;
+
+insert into finance_entries (title, amount, currency)
+values
+  ('Subscription revenue', 1500.00, 'USD'),
+  ('Cloud hosting', -420.00, 'USD');
+
+insert into user_profiles (email, full_name, status)
+values
+  ('root@example.com', 'Root Administrator', 'active'),
+  ('analyst@example.com', 'Finance Analyst', 'active')
+on conflict (email) do nothing;
+
+insert into app_logs (level, message)
+values
+  ('info', 'System initialized'),
+  ('warn', 'Background job delayed');
--- a/infra/postgres/pg_hba.conf
+++ b/infra/postgres/pg_hba.conf
@@ -0,0 +1,3 @@
+local   all             all                                     trust
+host    all             all             0.0.0.0/0               md5
+host    all             all             ::/0                    md5
--- a/infra/postgres/postgresql.conf
+++ b/infra/postgres/postgresql.conf
@@ -0,0 +1,7 @@
+listen_addresses = '*'
+logging_collector = on
+log_directory = '/var/log/postgresql'
+log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'
+log_statement = 'ddl'
+log_min_duration_statement = 500
+log_line_prefix = '%m [%p] %u@%d '