feat: initialize Nuanji (Warm Notes) project

- Base platform from base.git (ERP base: auth, core, config, message, workflow, plugin)
- Created erp-diary module skeleton (lib.rs, dto.rs, error.rs, event.rs, state.rs)
- Integrated erp-diary into workspace and erp-server
- Added DiaryModule registration in main.rs
- Added DiaryState FromRef in state.rs
- Diary routes mounted (empty routes, ready for implementation)
- Product design spec v1.2 preserved in docs/
- Implementation plan preserved in plans/

Cargo check: OK
Cargo test: OK (78+ base tests passing)

crates/erp-workflow/src/handler/definition_handler.rs

@@ -0,0 +1,200 @@
+use axum::Extension;
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::Json;
+use validator::Validate;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext};
+use uuid::Uuid;
+
+use crate::dto::{CreateProcessDefinitionReq, ProcessDefinitionResp, UpdateProcessDefinitionReq};
+use crate::service::definition_service::DefinitionService;
+use crate::workflow_state::WorkflowState;
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/workflow/definitions",
+    params(Pagination),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<PaginatedResponse<ProcessDefinitionResp>>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// GET /api/v1/workflow/definitions
+pub async fn list_definitions<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(pagination): Query<Pagination>,
+) -> Result<Json<ApiResponse<PaginatedResponse<ProcessDefinitionResp>>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.list")?;
+
+    let (defs, total) = DefinitionService::list(ctx.tenant_id, &pagination, &state.db).await?;
+
+    let page = pagination.page.unwrap_or(1);
+    let page_size = pagination.limit();
+    let total_pages = total.div_ceil(page_size);
+
+    Ok(Json(ApiResponse::ok(PaginatedResponse {
+        data: defs,
+        total,
+        page,
+        page_size,
+        total_pages,
+    })))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/definitions",
+    request_body = CreateProcessDefinitionReq,
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessDefinitionResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// POST /api/v1/workflow/definitions
+pub async fn create_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateProcessDefinitionReq>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.create")?;
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let resp = DefinitionService::create(
+        ctx.tenant_id,
+        ctx.user_id,
+        &req,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/workflow/definitions/{id}",
+    params(("id" = Uuid, Path, description = "流程定义ID")),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessDefinitionResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程定义不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// GET /api/v1/workflow/definitions/{id}
+pub async fn get_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.read")?;
+
+    let resp = DefinitionService::get_by_id(id, ctx.tenant_id, &state.db).await?;
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    put,
+    path = "/api/v1/workflow/definitions/{id}",
+    params(("id" = Uuid, Path, description = "流程定义ID")),
+    request_body = UpdateProcessDefinitionReq,
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessDefinitionResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程定义不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// PUT /api/v1/workflow/definitions/{id}
+pub async fn update_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    Json(req): Json<UpdateProcessDefinitionReq>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.update")?;
+
+    let resp = DefinitionService::update(id, ctx.tenant_id, ctx.user_id, &req, &state.db).await?;
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/definitions/{id}/publish",
+    params(("id" = Uuid, Path, description = "流程定义ID")),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessDefinitionResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程定义不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程定义"
+)]
+/// POST /api/v1/workflow/definitions/{id}/publish
+pub async fn publish_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.publish")?;
+
+    let resp =
+        DefinitionService::publish(id, ctx.tenant_id, ctx.user_id, &state.db, &state.event_bus)
+            .await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+pub async fn deprecate_definition<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<ProcessDefinitionResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.publish")?;
+
+    let resp =
+        DefinitionService::deprecate(id, ctx.tenant_id, ctx.user_id, &state.db, &state.event_bus)
+            .await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}

crates/erp-workflow/src/handler/instance_handler.rs

@@ -0,0 +1,206 @@
+use axum::Extension;
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::Json;
+use validator::Validate;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext};
+use uuid::Uuid;
+
+use crate::dto::{ProcessInstanceResp, StartInstanceReq};
+use crate::service::instance_service::InstanceService;
+use crate::workflow_state::WorkflowState;
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/instances",
+    request_body = StartInstanceReq,
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessInstanceResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程实例"
+)]
+/// POST /api/v1/workflow/instances
+pub async fn start_instance<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<StartInstanceReq>,
+) -> Result<Json<ApiResponse<ProcessInstanceResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.start")?;
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let resp = InstanceService::start(
+        ctx.tenant_id,
+        ctx.user_id,
+        &req,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/workflow/instances",
+    params(Pagination),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<PaginatedResponse<ProcessInstanceResp>>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程实例"
+)]
+/// GET /api/v1/workflow/instances
+pub async fn list_instances<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(pagination): Query<Pagination>,
+) -> Result<Json<ApiResponse<PaginatedResponse<ProcessInstanceResp>>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.list")?;
+
+    let (instances, total) = InstanceService::list(ctx.tenant_id, &pagination, &state.db).await?;
+
+    let page = pagination.page.unwrap_or(1);
+    let page_size = pagination.limit();
+    let total_pages = total.div_ceil(page_size);
+
+    Ok(Json(ApiResponse::ok(PaginatedResponse {
+        data: instances,
+        total,
+        page,
+        page_size,
+        total_pages,
+    })))
+}
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/workflow/instances/{id}",
+    params(("id" = Uuid, Path, description = "流程实例ID")),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<ProcessInstanceResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程实例不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程实例"
+)]
+/// GET /api/v1/workflow/instances/{id}
+pub async fn get_instance<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<ProcessInstanceResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.read")?;
+
+    let resp = InstanceService::get_by_id(id, ctx.tenant_id, &state.db).await?;
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/instances/{id}/suspend",
+    params(("id" = Uuid, Path, description = "流程实例ID")),
+    responses(
+        (status = 200, description = "成功"),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程实例不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程实例"
+)]
+/// POST /api/v1/workflow/instances/{id}/suspend
+pub async fn suspend_instance<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<()>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.update")?;
+
+    InstanceService::suspend(id, ctx.tenant_id, ctx.user_id, &state.db).await?;
+    Ok(Json(ApiResponse::ok(())))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/instances/{id}/terminate",
+    params(("id" = Uuid, Path, description = "流程实例ID")),
+    responses(
+        (status = 200, description = "成功"),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程实例不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程实例"
+)]
+/// POST /api/v1/workflow/instances/{id}/terminate
+pub async fn terminate_instance<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<()>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.update")?;
+
+    InstanceService::terminate(id, ctx.tenant_id, ctx.user_id, &state.db).await?;
+    Ok(Json(ApiResponse::ok(())))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/instances/{id}/resume",
+    params(("id" = Uuid, Path, description = "流程实例ID")),
+    responses(
+        (status = 200, description = "成功"),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "流程实例不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程实例"
+)]
+/// POST /api/v1/workflow/instances/{id}/resume
+pub async fn resume_instance<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<()>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.update")?;
+
+    InstanceService::resume(id, ctx.tenant_id, ctx.user_id, &state.db).await?;
+    Ok(Json(ApiResponse::ok(())))
+}

crates/erp-workflow/src/handler/mod.rs

@@ -0,0 +1,3 @@
+pub mod definition_handler;
+pub mod instance_handler;
+pub mod task_handler;

crates/erp-workflow/src/handler/task_handler.rs

@@ -0,0 +1,199 @@
+use axum::Extension;
+use axum::extract::{FromRef, Path, Query, State};
+use axum::response::Json;
+use validator::Validate;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, Pagination, TenantContext};
+use uuid::Uuid;
+
+use crate::dto::{CompleteTaskReq, DelegateTaskReq, TaskResp};
+use crate::service::task_service::TaskService;
+use crate::workflow_state::WorkflowState;
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/workflow/tasks/pending",
+    params(Pagination),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<PaginatedResponse<TaskResp>>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程任务"
+)]
+/// GET /api/v1/workflow/tasks/pending
+pub async fn list_pending_tasks<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(pagination): Query<Pagination>,
+) -> Result<Json<ApiResponse<PaginatedResponse<TaskResp>>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.approve")?;
+
+    let (tasks, total) =
+        TaskService::list_pending(ctx.tenant_id, ctx.user_id, &pagination, &state.db).await?;
+
+    let page = pagination.page.unwrap_or(1);
+    let page_size = pagination.limit();
+    let total_pages = total.div_ceil(page_size);
+
+    Ok(Json(ApiResponse::ok(PaginatedResponse {
+        data: tasks,
+        total,
+        page,
+        page_size,
+        total_pages,
+    })))
+}
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/workflow/tasks/completed",
+    params(Pagination),
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<PaginatedResponse<TaskResp>>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程任务"
+)]
+/// GET /api/v1/workflow/tasks/completed
+pub async fn list_completed_tasks<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(pagination): Query<Pagination>,
+) -> Result<Json<ApiResponse<PaginatedResponse<TaskResp>>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.approve")?;
+
+    let (tasks, total) =
+        TaskService::list_completed(ctx.tenant_id, ctx.user_id, &pagination, &state.db).await?;
+
+    let page = pagination.page.unwrap_or(1);
+    let page_size = pagination.limit();
+    let total_pages = total.div_ceil(page_size);
+
+    Ok(Json(ApiResponse::ok(PaginatedResponse {
+        data: tasks,
+        total,
+        page,
+        page_size,
+        total_pages,
+    })))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/tasks/{id}/complete",
+    params(("id" = Uuid, Path, description = "任务ID")),
+    request_body = CompleteTaskReq,
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<TaskResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "任务不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程任务"
+)]
+/// POST /api/v1/workflow/tasks/{id}/complete
+pub async fn complete_task<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    Json(req): Json<CompleteTaskReq>,
+) -> Result<Json<ApiResponse<TaskResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.approve")?;
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let resp = TaskService::complete(
+        id,
+        ctx.tenant_id,
+        ctx.user_id,
+        &req,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/workflow/tasks/{id}/delegate",
+    params(("id" = Uuid, Path, description = "任务ID")),
+    request_body = DelegateTaskReq,
+    responses(
+        (status = 200, description = "成功", body = ApiResponse<TaskResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "任务不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程任务"
+)]
+/// POST /api/v1/workflow/tasks/{id}/delegate
+pub async fn delegate_task<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+    Json(req): Json<DelegateTaskReq>,
+) -> Result<Json<ApiResponse<TaskResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.delegate")?;
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
+
+    let resp = TaskService::delegate(id, ctx.tenant_id, ctx.user_id, &req, &state.db).await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    put,
+    path = "/api/v1/workflow/tasks/{id}/claim",
+    params(("id" = Uuid, Path, description = "任务ID")),
+    responses(
+        (status = 200, description = "认领成功", body = ApiResponse<TaskResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "任务不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "流程任务"
+)]
+/// PUT /api/v1/workflow/tasks/{id}/claim
+pub async fn claim_task<S>(
+    State(state): State<WorkflowState>,
+    Extension(ctx): Extension<TenantContext>,
+    Path(id): Path<Uuid>,
+) -> Result<Json<ApiResponse<TaskResp>>, AppError>
+where
+    WorkflowState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "workflow.approve")?;
+
+    let resp = TaskService::claim(id, ctx.tenant_id, ctx.user_id, &state.db).await?;
+
+    Ok(Json(ApiResponse::ok(resp)))
+}