@authhero/drizzle 0.5.2 → 0.7.0

package/README.md

@@ -1,3 +1,65 @@
-# @authhero/drizzle-adater
+# @authhero/drizzle
 
-A drizzle-based adapter for connecting AuthHero to SQLite, postgres and MySQL.
+Drizzle ORM schemas for AuthHero - used for **migration generation only**.
+
+## Purpose
+
+This package provides Drizzle ORM schema definitions for generating database migrations. AuthHero uses:
+
+- **Kysely** for runtime queries (single schema works across SQLite/MySQL/PostgreSQL)
+- **Drizzle** for migration generation (native D1/SQLite support with proper diff migrations)
+
+## Available Schemas
+
+### SQLite/D1
+
+```typescript
+import * as schema from "@authhero/drizzle/sqlite";
+```
+
+Designed for Cloudflare D1 and SQLite databases.
+
+## Generating Migrations
+
+```bash
+# Generate a new migration
+pnpm db:generate
+
+# Push changes directly (development only)
+pnpm db:push
+```
+
+Migrations are output to `./drizzle/sqlite/`.
+
+## Why This Approach?
+
+| Tool | Role | Why |
+|------|------|-----|
+| **Kysely** | Runtime queries | Single schema works across all dialects |
+| **Drizzle** | Migration generation | Native D1 support, automatic diff migrations |
+
+Drizzle requires separate schema definitions per dialect, so we maintain a SQLite schema here specifically for D1 migration generation. The Kysely adapter handles runtime database operations.
+
+## Usage with create-authhero
+
+The `cloudflare-simple` template uses pre-generated migrations from this schema. Users can:
+
+1. Use the initial migration as-is for a fresh database
+2. Modify the Drizzle schema and run `pnpm db:generate` for incremental changes
+
+## Schema Files
+
+```
+src/schema/sqlite/
+├── index.ts          # Main export
+├── tenants.ts        # Tenant tables
+├── users.ts          # User & password tables  
+├── clients.ts        # Client & grant tables
+├── connections.ts    # Connection & domain tables
+├── sessions.ts       # Session, token & code tables
+├── organizations.ts  # Organization tables
+├── roles.ts          # Role & permission tables
+├── branding.ts       # Branding, theme & UI tables
+├── logs.ts           # Log tables
+└── legacy.ts         # Legacy/deprecated tables
+```

package/package.json

@@ -11,9 +11,10 @@
     "type": "git",
     "url": "https://github.com/markusahlstrand/authhero"
   },
-  "version": "0.5.2",
+  "version": "0.7.0",
   "files": [
-    "dist"
+    "dist",
+    "src/schema"
   ],
   "main": "dist/drizzle.cjs",
   "module": "dist/drizzle.mjs",
@@ -23,6 +24,10 @@
       "require": "./dist/drizzle.cjs",
       "import": "./dist/drizzle.mjs",
       "types": "./dist/drizzle.d.ts"
+    },
+    "./schema/sqlite": {
+      "import": "./src/schema/sqlite/index.ts",
+      "types": "./src/schema/sqlite/index.ts"
     }
   },
   "devDependencies": {
@@ -35,9 +40,11 @@
   },
   "dependencies": {
     "drizzle-orm": "^0.44.2",
-    "@authhero/adapter-interfaces": "0.110.0"
+    "@authhero/adapter-interfaces": "0.111.0"
   },
   "scripts": {
-    "build": "tsc && vite build"
+    "build": "tsc && vite build",
+    "db:generate": "drizzle-kit generate",
+    "db:push": "drizzle-kit push"
   }
 }

package/src/schema/sqlite/branding.ts

@@ -0,0 +1,264 @@
+import {
+  sqliteTable,
+  text,
+  integer,
+  primaryKey,
+  index,
+} from "drizzle-orm/sqlite-core";
+import { tenants } from "./tenants";
+import { connections } from "./connections";
+
+export const branding = sqliteTable("branding", {
+  tenant_id: text("tenant_id", { length: 191 })
+    .primaryKey()
+    .references(() => tenants.id, { onDelete: "cascade" }),
+  logo_url: text("logo_url", { length: 512 }),
+  favicon_url: text("favicon_url", { length: 512 }),
+  font_url: text("font_url", { length: 512 }),
+  colors_primary: text("colors_primary", { length: 8 }),
+  colors_page_background_type: text("colors_page_background_type", {
+    length: 32,
+  }),
+  colors_page_background_start: text("colors_page_background_start", {
+    length: 8,
+  }),
+  colors_page_background_end: text("colors_page_background_end", { length: 8 }),
+  colors_page_background_angle_dev: integer("colors_page_background_angle_dev"),
+});
+
+export const themes = sqliteTable(
+  "themes",
+  {
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    themeId: text("themeId", { length: 255 }).notNull(),
+    displayName: text("displayName", { length: 255 }).notNull(),
+    colors_primary_button_label: text("colors_primary_button_label", {
+      length: 24,
+    }).notNull(),
+    colors_primary_button: text("colors_primary_button", {
+      length: 24,
+    }).notNull(),
+    colors_secondary_button_border: text("colors_secondary_button_border", {
+      length: 24,
+    }).notNull(),
+    colors_secondary_button_label: text("colors_secondary_button_label", {
+      length: 24,
+    }).notNull(),
+    colors_base_focus_color: text("colors_base_focus_color", {
+      length: 24,
+    }).notNull(),
+    colors_base_hover_color: text("colors_base_hover_color", {
+      length: 24,
+    }).notNull(),
+    colors_body_text: text("colors_body_text", { length: 24 }).notNull(),
+    colors_captcha_widget_theme: text("colors_captcha_widget_theme", {
+      length: 24,
+    }).notNull(),
+    colors_error: text("colors_error", { length: 24 }).notNull(),
+    colors_header: text("colors_header", { length: 24 }).notNull(),
+    colors_icons: text("colors_icons", { length: 24 }).notNull(),
+    colors_input_background: text("colors_input_background", {
+      length: 24,
+    }).notNull(),
+    colors_input_border: text("colors_input_border", { length: 24 }).notNull(),
+    colors_input_filled_text: text("colors_input_filled_text", {
+      length: 24,
+    }).notNull(),
+    colors_input_labels_placeholders: text("colors_input_labels_placeholders", {
+      length: 24,
+    }).notNull(),
+    colors_links_focused_components: text("colors_links_focused_components", {
+      length: 24,
+    }).notNull(),
+    colors_success: text("colors_success", { length: 24 }).notNull(),
+    colors_widget_background: text("colors_widget_background", {
+      length: 24,
+    }).notNull(),
+    colors_widget_border: text("colors_widget_border", {
+      length: 24,
+    }).notNull(),
+    borders_button_border_radius: integer(
+      "borders_button_border_radius",
+    ).notNull(),
+    borders_button_border_weight: integer(
+      "borders_button_border_weight",
+    ).notNull(),
+    borders_buttons_style: text("borders_buttons_style", {
+      length: 24,
+    }).notNull(),
+    borders_input_border_radius: integer(
+      "borders_input_border_radius",
+    ).notNull(),
+    borders_input_border_weight: integer(
+      "borders_input_border_weight",
+    ).notNull(),
+    borders_inputs_style: text("borders_inputs_style", {
+      length: 24,
+    }).notNull(),
+    borders_show_widget_shadow: integer("borders_show_widget_shadow", {
+      mode: "boolean",
+    }).notNull(),
+    borders_widget_border_weight: integer(
+      "borders_widget_border_weight",
+    ).notNull(),
+    borders_widget_corner_radius: integer(
+      "borders_widget_corner_radius",
+    ).notNull(),
+    fonts_body_text_bold: integer("fonts_body_text_bold").notNull(),
+    fonts_body_text_size: integer("fonts_body_text_size").notNull(),
+    fonts_buttons_text_bold: integer("fonts_buttons_text_bold").notNull(),
+    fonts_buttons_text_size: integer("fonts_buttons_text_size").notNull(),
+    fonts_font_url: text("fonts_font_url", { length: 255 }).notNull(),
+    fonts_input_labels_bold: integer("fonts_input_labels_bold").notNull(),
+    fonts_input_labels_size: integer("fonts_input_labels_size").notNull(),
+    fonts_links_bold: integer("fonts_links_bold", {
+      mode: "boolean",
+    }).notNull(),
+    fonts_links_size: integer("fonts_links_size").notNull(),
+    fonts_links_style: text("fonts_links_style", { length: 24 }).notNull(),
+    fonts_reference_text_size: integer("fonts_reference_text_size").notNull(),
+    fonts_subtitle_bold: integer("fonts_subtitle_bold", {
+      mode: "boolean",
+    }).notNull(),
+    fonts_subtitle_size: integer("fonts_subtitle_size").notNull(),
+    fonts_title_bold: integer("fonts_title_bold", {
+      mode: "boolean",
+    }).notNull(),
+    fonts_title_size: integer("fonts_title_size").notNull(),
+    page_background_background_color: text("page_background_background_color", {
+      length: 24,
+    }).notNull(),
+    page_background_background_image_url: text(
+      "page_background_background_image_url",
+      { length: 255 },
+    ).notNull(),
+    page_background_page_layout: text("page_background_page_layout", {
+      length: 24,
+    }).notNull(),
+    widget_header_text_alignment: text("widget_header_text_alignment", {
+      length: 24,
+    }).notNull(),
+    widget_logo_height: integer("widget_logo_height").notNull(),
+    widget_logo_position: text("widget_logo_position", {
+      length: 24,
+    }).notNull(),
+    widget_logo_url: text("widget_logo_url", { length: 255 }).notNull(),
+    widget_social_buttons_layout: text("widget_social_buttons_layout", {
+      length: 24,
+    }).notNull(),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+  },
+  (table) => [
+    primaryKey({
+      columns: [table.tenant_id, table.themeId],
+      name: "themes_pkey",
+    }),
+    index("themes_tenant_id_idx").on(table.tenant_id),
+  ],
+);
+
+export const forms = sqliteTable(
+  "forms",
+  {
+    id: text("id", { length: 255 }).primaryKey(),
+    name: text("name", { length: 255 }).notNull(),
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    messages: text("messages", { length: 255 }),
+    languages: text("languages", { length: 255 }),
+    translations: text("translations", { length: 4096 }),
+    nodes: text("nodes", { length: 4096 }),
+    start: text("start", { length: 255 }),
+    ending: text("ending", { length: 255 }),
+    style: text("style", { length: 1042 }),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+  },
+  (table) => [index("forms_tenant_id_idx").on(table.tenant_id)],
+);
+
+export const flows = sqliteTable(
+  "flows",
+  {
+    id: text("id", { length: 24 }).primaryKey(),
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    name: text("name", { length: 150 }).notNull(),
+    actions: text("actions"),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+  },
+  (table) => [index("flows_tenant_id_idx").on(table.tenant_id)],
+);
+
+export const promptSettings = sqliteTable("prompt_settings", {
+  tenant_id: text("tenant_id", { length: 191 }).primaryKey(),
+  universal_login_experience: text("universal_login_experience", { length: 16 })
+    .notNull()
+    .default("new"),
+  identifier_first: integer("identifier_first", { mode: "boolean" })
+    .notNull()
+    .default(true),
+  password_first: integer("password_first", { mode: "boolean" })
+    .notNull()
+    .default(false),
+  webauthn_platform_first_factor: integer("webauthn_platform_first_factor", {
+    mode: "boolean",
+  })
+    .notNull()
+    .default(false),
+});
+
+export const emailProviders = sqliteTable("email_providers", {
+  tenant_id: text("tenant_id", { length: 191 }).primaryKey(),
+  name: text("name", { length: 255 }).notNull(),
+  enabled: integer("enabled", { mode: "boolean" }).notNull(),
+  default_from_address: text("default_from_address", { length: 255 }),
+  credentials: text("credentials", { length: 2048 }).notNull().default("{}"),
+  settings: text("settings", { length: 2048 }).notNull().default("{}"),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+});
+
+export const hooks = sqliteTable("hooks", {
+  hook_id: text("hook_id", { length: 255 }).primaryKey(),
+  tenant_id: text("tenant_id", { length: 191 })
+    .notNull()
+    .references(() => tenants.id, { onDelete: "cascade" }),
+  url: text("url", { length: 512 }).notNull(),
+  trigger_id: text("trigger_id", { length: 255 }).notNull(),
+  enabled: integer("enabled", { mode: "boolean" }).notNull(),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+  synchronous: integer("synchronous", { mode: "boolean" })
+    .notNull()
+    .default(false),
+  priority: integer("priority"),
+  form_id: text("form_id"),
+  url_tmp: text("url_tmp", { length: 512 }),
+});
+
+export const keys = sqliteTable("keys", {
+  kid: text("kid", { length: 255 }).primaryKey(),
+  tenant_id: text("tenant_id", { length: 191 }).references(() => tenants.id, {
+    onDelete: "cascade",
+  }),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  revoked_at: text("revoked_at", { length: 35 }),
+  cert: text("cert", { length: 4096 }),
+  pkcs7: text("pkcs7", { length: 4096 }),
+  fingerprint: text("fingerprint", { length: 256 }),
+  thumbprint: text("thumbprint", { length: 256 }),
+  current_since: text("current_since", { length: 35 }),
+  current_until: text("current_until", { length: 35 }),
+  type: text("type", { length: 50 }).notNull().default("jwt_signing"),
+  connection: text("connection", { length: 255 }).references(
+    () => connections.id,
+    { onDelete: "cascade" },
+  ),
+});

package/src/schema/sqlite/clients.ts

@@ -0,0 +1,75 @@
+import { sqliteTable, text, integer, primaryKey, index } from "drizzle-orm/sqlite-core";
+import { tenants } from "./tenants";
+
+export const clients = sqliteTable("clients", {
+  client_id: text("client_id", { length: 191 }).notNull(),
+  tenant_id: text("tenant_id", { length: 191 }).notNull().references(() => tenants.id, { onDelete: "cascade" }),
+  name: text("name", { length: 255 }).notNull(),
+  description: text("description", { length: 140 }),
+  global: integer("global").notNull().default(0),
+  client_secret: text("client_secret", { length: 255 }),
+  app_type: text("app_type", { length: 64 }).default("regular_web"),
+  logo_uri: text("logo_uri", { length: 2083 }),
+  is_first_party: integer("is_first_party").notNull().default(0),
+  oidc_conformant: integer("oidc_conformant").notNull().default(1),
+  callbacks: text("callbacks").notNull(),
+  allowed_origins: text("allowed_origins").notNull(),
+  web_origins: text("web_origins").notNull(),
+  client_aliases: text("client_aliases").notNull(),
+  allowed_clients: text("allowed_clients").notNull(),
+  allowed_logout_urls: text("allowed_logout_urls").notNull(),
+  session_transfer: text("session_transfer").notNull(),
+  oidc_logout: text("oidc_logout").notNull(),
+  grant_types: text("grant_types").notNull(),
+  jwt_configuration: text("jwt_configuration").notNull(),
+  signing_keys: text("signing_keys").notNull(),
+  encryption_key: text("encryption_key").notNull(),
+  sso: integer("sso").notNull().default(0),
+  sso_disabled: integer("sso_disabled").notNull().default(1),
+  cross_origin_authentication: integer("cross_origin_authentication").notNull().default(0),
+  cross_origin_loc: text("cross_origin_loc", { length: 2083 }),
+  custom_login_page_on: integer("custom_login_page_on").notNull().default(0),
+  custom_login_page: text("custom_login_page"),
+  custom_login_page_preview: text("custom_login_page_preview"),
+  form_template: text("form_template"),
+  addons: text("addons").notNull(),
+  token_endpoint_auth_method: text("token_endpoint_auth_method", { length: 64 }).default("client_secret_basic"),
+  client_metadata: text("client_metadata").notNull(),
+  mobile: text("mobile").notNull(),
+  initiate_login_uri: text("initiate_login_uri", { length: 2083 }),
+  native_social_login: text("native_social_login").notNull(),
+  refresh_token: text("refresh_token").notNull(),
+  default_organization: text("default_organization").notNull(),
+  organization_usage: text("organization_usage", { length: 32 }).default("deny"),
+  organization_require_behavior: text("organization_require_behavior", { length: 32 }).default("no_prompt"),
+  client_authentication_methods: text("client_authentication_methods").notNull(),
+  require_pushed_authorization_requests: integer("require_pushed_authorization_requests").notNull().default(0),
+  require_proof_of_possession: integer("require_proof_of_possession").notNull().default(0),
+  signed_request_object: text("signed_request_object").notNull(),
+  compliance_level: text("compliance_level", { length: 64 }),
+  par_request_expiry: integer("par_request_expiry"),
+  token_quota: text("token_quota").notNull(),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+  connections: text("connections").notNull().default("[]"),
+}, (table) => [
+  primaryKey({ columns: [table.tenant_id, table.client_id], name: "clients_tenant_id_client_id" }),
+]);
+
+export const clientGrants = sqliteTable("client_grants", {
+  id: text("id", { length: 21 }).notNull(),
+  tenant_id: text("tenant_id", { length: 191 }).notNull().references(() => tenants.id, { onDelete: "cascade" }),
+  client_id: text("client_id", { length: 191 }).notNull(),
+  audience: text("audience", { length: 191 }).notNull(),
+  scope: text("scope").default("[]"),
+  organization_usage: text("organization_usage", { length: 32 }),
+  allow_any_organization: integer("allow_any_organization").default(0),
+  is_system: integer("is_system").default(0),
+  subject_type: text("subject_type", { length: 32 }),
+  authorization_details_types: text("authorization_details_types").default("[]"),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+}, (table) => [
+  primaryKey({ columns: [table.tenant_id, table.id], name: "pk_client_grants" }),
+  index("idx_client_grants_audience").on(table.audience),
+]);

package/src/schema/sqlite/connections.ts

@@ -0,0 +1,56 @@
+import { sqliteTable, text, integer, index } from "drizzle-orm/sqlite-core";
+import { tenants } from "./tenants";
+
+export const connections = sqliteTable(
+  "connections",
+  {
+    id: text("id", { length: 255 }).primaryKey(),
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    name: text("name", { length: 255 }).notNull(),
+    response_type: text("response_type", { length: 255 }),
+    response_mode: text("response_mode", { length: 255 }),
+    strategy: text("strategy", { length: 64 }),
+    options: text("options", { length: 2048 }).notNull().default("{}"),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+    display_name: text("display_name", { length: 255 }),
+    is_domain_connection: integer("is_domain_connection"),
+    show_as_button: integer("show_as_button"),
+    metadata: text("metadata", { length: 4096 }),
+  },
+  (table) => [index("connections_tenant_id_index").on(table.tenant_id)],
+);
+
+export const customDomains = sqliteTable("custom_domains", {
+  custom_domain_id: text("custom_domain_id", { length: 256 }).primaryKey(),
+  tenant_id: text("tenant_id", { length: 191 })
+    .notNull()
+    .references(() => tenants.id, { onDelete: "cascade" }),
+  domain: text("domain", { length: 255 }).notNull(),
+  primary: integer("primary", { mode: "boolean" }).notNull(),
+  status: text("status", { length: 50 }).notNull(),
+  type: text("type", { length: 50 }).notNull(),
+  origin_domain_name: text("origin_domain_name", { length: 255 }),
+  verification: text("verification", { length: 2048 }),
+  custom_client_ip_header: text("custom_client_ip_header", { length: 50 }),
+  tls_policy: text("tls_policy", { length: 50 }),
+  domain_metadata: text("domain_metadata", { length: 2048 }),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+});
+
+export const domains = sqliteTable("domains", {
+  id: text("id", { length: 255 }).primaryKey(),
+  tenant_id: text("tenant_id", { length: 191 })
+    .notNull()
+    .references(() => tenants.id, { onDelete: "cascade" }),
+  domain: text("domain", { length: 255 }).notNull(),
+  email_service: text("email_service", { length: 255 }),
+  email_api_key: text("email_api_key", { length: 255 }),
+  dkim_private_key: text("dkim_private_key", { length: 2048 }),
+  dkim_public_key: text("dkim_public_key", { length: 2048 }),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+});

package/src/schema/sqlite/index.ts

@@ -0,0 +1,34 @@
+/**
+ * AuthHero SQLite/D1 Schema for Drizzle ORM
+ *
+ * This schema is designed to match the Kysely schema used at runtime.
+ * Use drizzle-kit to generate migrations for D1.
+ *
+ * Usage:
+ *   pnpm drizzle-kit generate:sqlite
+ */
+
+// Tenants
+export * from "./tenants";
+
+// Users & Authentication
+export * from "./users";
+export * from "./sessions";
+
+// Clients & Grants
+export * from "./clients";
+
+// Connections & Domains
+export * from "./connections";
+
+// Organizations
+export * from "./organizations";
+
+// Roles & Permissions
+export * from "./roles";
+
+// Branding & UI
+export * from "./branding";
+
+// Logs
+export * from "./logs";

package/src/schema/sqlite/logs.ts

@@ -0,0 +1,47 @@
+import { sqliteTable, text, integer, index } from "drizzle-orm/sqlite-core";
+
+export const logs = sqliteTable(
+  "logs",
+  {
+    log_id: text("log_id", { length: 21 }).primaryKey(),
+    category: text("category", { length: 255 }),
+    tenant_id: text("tenant_id", { length: 64 }),
+    user_id: text("user_id", { length: 64 }),
+    ip: text("ip", { length: 255 }),
+    type: text("type", { length: 8 }).notNull(),
+    date: text("date", { length: 35 }).notNull(),
+    client_id: text("client_id", { length: 255 }),
+    client_name: text("client_name", { length: 255 }),
+    user_agent: text("user_agent", { length: 255 }),
+    description: text("description", { length: 255 }),
+    details: text("details", { length: 2048 }),
+    isMobile: integer("isMobile"),
+    user_name: text("user_name", { length: 255 }),
+    connection: text("connection", { length: 255 }),
+    connection_id: text("connection_id", { length: 255 }),
+    audience: text("audience", { length: 255 }),
+    scope: text("scope", { length: 255 }),
+    strategy: text("strategy", { length: 255 }),
+    strategy_type: text("strategy_type", { length: 255 }),
+    hostname: text("hostname", { length: 255 }),
+    auth0_client: text("auth0_client", { length: 8192 }),
+    session_connection: text("session_connection", { length: 255 }),
+    country_code: text("country_code", { length: 2 }),
+    city_name: text("city_name", { length: 255 }),
+    latitude: text("latitude", { length: 255 }),
+    longitude: text("longitude", { length: 255 }),
+    time_zone: text("time_zone", { length: 255 }),
+    continent_code: text("continent_code", { length: 2 }),
+  },
+  (table) => [
+    index("logs_user_id").on(table.user_id),
+    index("logs_tenant_id").on(table.tenant_id),
+    index("logs_date").on(table.date),
+    index("IDX_logs_tenant_date_type_user").on(
+      table.tenant_id,
+      table.date,
+      table.type,
+      table.user_id,
+    ),
+  ],
+);

package/src/schema/sqlite/organizations.ts

@@ -0,0 +1,54 @@
+import { sqliteTable, text, integer, uniqueIndex, index } from "drizzle-orm/sqlite-core";
+
+export const organizations = sqliteTable("organizations", {
+  id: text("id", { length: 21 }).primaryKey(),
+  tenant_id: text("tenant_id", { length: 191 }).notNull(),
+  name: text("name", { length: 256 }).notNull(),
+  display_name: text("display_name", { length: 256 }),
+  branding: text("branding"),
+  metadata: text("metadata"),
+  enabled_connections: text("enabled_connections"),
+  token_quota: text("token_quota"),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+}, (table) => [
+  index("idx_organizations_tenant_id").on(table.tenant_id),
+]);
+
+export const userOrganizations = sqliteTable("user_organizations", {
+  id: text("id", { length: 21 }).primaryKey(),
+  tenant_id: text("tenant_id", { length: 191 }).notNull(),
+  user_id: text("user_id", { length: 191 }).notNull(),
+  organization_id: text("organization_id", { length: 21 }).notNull(),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+}, (table) => [
+  uniqueIndex("user_organizations_unique").on(table.tenant_id, table.user_id, table.organization_id),
+  index("idx_user_organizations_tenant_id").on(table.tenant_id),
+  index("idx_user_organizations_user_id").on(table.user_id),
+  index("idx_user_organizations_organization_id").on(table.organization_id),
+]);
+
+export const invites = sqliteTable("invites", {
+  id: text("id", { length: 21 }).primaryKey(),
+  tenant_id: text("tenant_id", { length: 191 }).notNull(),
+  organization_id: text("organization_id", { length: 21 }).notNull(),
+  inviter: text("inviter").notNull(),
+  invitee: text("invitee").notNull(),
+  client_id: text("client_id", { length: 191 }).notNull(),
+  connection_id: text("connection_id", { length: 21 }),
+  invitation_url: text("invitation_url").notNull(),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  expires_at: text("expires_at", { length: 35 }).notNull(),
+  app_metadata: text("app_metadata"),
+  user_metadata: text("user_metadata"),
+  roles: text("roles"),
+  ticket_id: text("ticket_id", { length: 191 }),
+  ttl_sec: integer("ttl_sec"),
+  send_invitation_email: integer("send_invitation_email"),
+}, (table) => [
+  index("idx_invites_tenant_id").on(table.tenant_id),
+  index("idx_invites_organization_id").on(table.organization_id),
+  index("idx_invites_expires_at").on(table.expires_at),
+  index("idx_invites_tenant_created").on(table.tenant_id, table.created_at),
+]);

package/src/schema/sqlite/roles.ts

@@ -0,0 +1,143 @@
+import {
+  sqliteTable,
+  text,
+  integer,
+  primaryKey,
+  index,
+} from "drizzle-orm/sqlite-core";
+
+export const roles = sqliteTable(
+  "roles",
+  {
+    id: text("id", { length: 21 }).notNull(),
+    tenant_id: text("tenant_id", { length: 191 }).notNull(),
+    name: text("name", { length: 50 }).notNull(),
+    description: text("description", { length: 255 }),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+  },
+  (table) => [
+    primaryKey({ columns: [table.tenant_id, table.id], name: "roles_pk" }),
+  ],
+);
+
+export const rolePermissions = sqliteTable(
+  "role_permissions",
+  {
+    tenant_id: text("tenant_id", { length: 191 }).notNull(),
+    role_id: text("role_id", { length: 21 }).notNull(),
+    resource_server_identifier: text("resource_server_identifier", {
+      length: 191,
+    }).notNull(),
+    permission_name: text("permission_name", { length: 191 }).notNull(),
+    created_at: text("created_at", { length: 35 }).notNull(),
+  },
+  (table) => [
+    primaryKey({
+      columns: [
+        table.tenant_id,
+        table.role_id,
+        table.resource_server_identifier,
+        table.permission_name,
+      ],
+      name: "role_permissions_pk",
+    }),
+    index("role_permissions_role_fk").on(table.tenant_id, table.role_id),
+    index("role_permissions_permission_fk").on(
+      table.tenant_id,
+      table.resource_server_identifier,
+      table.permission_name,
+    ),
+  ],
+);
+
+export const userPermissions = sqliteTable(
+  "user_permissions",
+  {
+    tenant_id: text("tenant_id", { length: 191 }).notNull(),
+    user_id: text("user_id", { length: 191 }).notNull(),
+    resource_server_identifier: text("resource_server_identifier", {
+      length: 191,
+    }).notNull(),
+    permission_name: text("permission_name", { length: 191 }).notNull(),
+    organization_id: text("organization_id", { length: 21 })
+      .notNull()
+      .default(""),
+    created_at: text("created_at", { length: 35 }).notNull(),
+  },
+  (table) => [
+    primaryKey({
+      columns: [
+        table.tenant_id,
+        table.user_id,
+        table.resource_server_identifier,
+        table.permission_name,
+        table.organization_id,
+      ],
+      name: "user_permissions_pk",
+    }),
+    index("user_permissions_user_fk").on(table.tenant_id, table.user_id),
+    index("user_permissions_permission_fk").on(
+      table.tenant_id,
+      table.resource_server_identifier,
+      table.permission_name,
+    ),
+    index("user_permissions_organization_fk").on(table.organization_id),
+  ],
+);
+
+export const userRoles = sqliteTable(
+  "user_roles",
+  {
+    tenant_id: text("tenant_id", { length: 191 }).notNull(),
+    user_id: text("user_id", { length: 191 }).notNull(),
+    role_id: text("role_id", { length: 21 }).notNull(),
+    organization_id: text("organization_id", { length: 191 })
+      .notNull()
+      .default(""),
+    created_at: text("created_at", { length: 35 }).notNull(),
+  },
+  (table) => [
+    primaryKey({
+      columns: [
+        table.tenant_id,
+        table.user_id,
+        table.role_id,
+        table.organization_id,
+      ],
+      name: "user_roles_pk",
+    }),
+    index("user_roles_user_fk").on(table.tenant_id, table.user_id),
+    index("user_roles_role_fk").on(table.tenant_id, table.role_id),
+    index("user_roles_organization_fk").on(table.organization_id),
+  ],
+);
+
+export const resourceServers = sqliteTable(
+  "resource_servers",
+  {
+    id: text("id", { length: 21 }).notNull(),
+    tenant_id: text("tenant_id", { length: 191 }).notNull(),
+    identifier: text("identifier", { length: 191 }).notNull(),
+    name: text("name", { length: 255 }).notNull(),
+    scopes: text("scopes", { length: 4096 }),
+    signing_alg: text("signing_alg", { length: 64 }),
+    signing_secret: text("signing_secret", { length: 2048 }),
+    token_lifetime: integer("token_lifetime"),
+    token_lifetime_for_web: integer("token_lifetime_for_web"),
+    skip_consent_for_verifiable_first_party_clients: integer(
+      "skip_consent_for_verifiable_first_party_clients",
+    ),
+    allow_offline_access: integer("allow_offline_access"),
+    verification_key: text("verification_key", { length: 4096 }),
+    options: text("options", { length: 4096 }),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+  },
+  (table) => [
+    primaryKey({
+      columns: [table.tenant_id, table.id],
+      name: "resource_servers_pk",
+    }),
+  ],
+);

package/src/schema/sqlite/sessions.ts

@@ -0,0 +1,205 @@
+import {
+  sqliteTable,
+  text,
+  integer,
+  primaryKey,
+  index,
+} from "drizzle-orm/sqlite-core";
+import { tenants } from "./tenants";
+
+export const sessions = sqliteTable(
+  "sessions",
+  {
+    id: text("id", { length: 21 }).notNull(),
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    user_id: text("user_id", { length: 255 }),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+    expires_at: text("expires_at", { length: 35 }),
+    idle_expires_at: text("idle_expires_at", { length: 35 }),
+    authenticated_at: text("authenticated_at", { length: 35 }),
+    last_interaction_at: text("last_interaction_at", { length: 35 }),
+    used_at: text("used_at", { length: 35 }),
+    revoked_at: text("revoked_at", { length: 35 }),
+    device: text("device").notNull(),
+    clients: text("clients").notNull(),
+    login_session_id: text("login_session_id", { length: 21 }),
+  },
+  (table) => [
+    primaryKey({ columns: [table.tenant_id, table.id], name: "sessions_pk" }),
+    index("IDX_sessions_login_session_id").on(table.login_session_id),
+  ],
+);
+
+export const refreshTokens = sqliteTable(
+  "refresh_tokens",
+  {
+    id: text("id", { length: 21 }).notNull(),
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    client_id: text("client_id", { length: 191 }).notNull(),
+    session_id: text("session_id", { length: 21 }).notNull(),
+    user_id: text("user_id", { length: 255 }),
+    resource_servers: text("resource_servers").notNull(),
+    device: text("device").notNull(),
+    rotating: integer("rotating", { mode: "boolean" }).notNull(),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    expires_at: text("expires_at", { length: 35 }),
+    idle_expires_at: text("idle_expires_at", { length: 35 }),
+    last_exchanged_at: text("last_exchanged_at", { length: 35 }),
+  },
+  (table) => [
+    primaryKey({
+      columns: [table.tenant_id, table.id],
+      name: "refresh_tokens_pk",
+    }),
+  ],
+);
+
+export const loginSessions = sqliteTable(
+  "login_sessions",
+  {
+    id: text("id", { length: 21 }).notNull(),
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    session_id: text("session_id", { length: 21 }),
+    csrf_token: text("csrf_token", { length: 21 }).notNull(),
+    authParams_client_id: text("authParams_client_id", {
+      length: 191,
+    }).notNull(),
+    authParams_vendor_id: text("authParams_vendor_id", { length: 255 }),
+    authParams_username: text("authParams_username", { length: 255 }),
+    authParams_response_type: text("authParams_response_type", { length: 255 }),
+    authParams_response_mode: text("authParams_response_mode", { length: 255 }),
+    authParams_audience: text("authParams_audience", { length: 255 }),
+    authParams_scope: text("authParams_scope"),
+    authParams_state: text("authParams_state"),
+    authParams_nonce: text("authParams_nonce", { length: 255 }),
+    authParams_code_challenge_method: text("authParams_code_challenge_method", {
+      length: 255,
+    }),
+    authParams_code_challenge: text("authParams_code_challenge", {
+      length: 255,
+    }),
+    authParams_redirect_uri: text("authParams_redirect_uri"),
+    authParams_organization: text("authParams_organization", { length: 255 }),
+    authParams_prompt: text("authParams_prompt", { length: 32 }),
+    authParams_act_as: text("authParams_act_as", { length: 256 }),
+    authParams_ui_locales: text("authParams_ui_locales", { length: 32 }),
+    authorization_url: text("authorization_url"),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+    expires_at: text("expires_at", { length: 35 }).notNull(),
+    ip: text("ip", { length: 39 }),
+    useragent: text("useragent"),
+    auth0Client: text("auth0Client", { length: 255 }),
+    login_completed: integer("login_completed").default(0),
+  },
+  (table) => [
+    primaryKey({
+      columns: [table.tenant_id, table.id],
+      name: "login_sessions_pk",
+    }),
+    index("login_sessions_id_index").on(table.id),
+  ],
+);
+
+export const codes = sqliteTable(
+  "codes",
+  {
+    code_id: text("code_id", { length: 191 }).notNull(),
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    user_id: text("user_id", { length: 255 }),
+    login_id: text("login_id", { length: 255 }),
+    connection_id: text("connection_id", { length: 255 }),
+    code_type: text("code_type", { length: 255 }).notNull(),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    expires_at: text("expires_at", { length: 35 }).notNull(),
+    used_at: text("used_at", { length: 35 }),
+    code_verifier: text("code_verifier", { length: 128 }),
+    code_challenge: text("code_challenge", { length: 128 }),
+    code_challenge_method: text("code_challenge_method", { length: 5 }),
+    redirect_uri: text("redirect_uri", { length: 1024 }),
+    nonce: text("nonce", { length: 1024 }),
+    state: text("state", { length: 2048 }),
+  },
+  (table) => [
+    primaryKey({
+      columns: [table.code_id, table.code_type],
+      name: "PK_codes_code_id_code_type",
+    }),
+    index("codes_expires_at_index").on(table.expires_at),
+  ],
+);
+
+export const authenticationCodes = sqliteTable("authentication_codes", {
+  tenant_id: text("tenant_id", { length: 191 })
+    .notNull()
+    .references(() => tenants.id, { onDelete: "cascade" }),
+  code: text("code", { length: 255 }).primaryKey(),
+  client_id: text("client_id", { length: 255 }).notNull(),
+  user_id: text("user_id", { length: 255 }).notNull(),
+  nonce: text("nonce", { length: 255 }),
+  state: text("state", { length: 8192 }),
+  scope: text("scope", { length: 1024 }),
+  response_type: text("response_type", { length: 256 }),
+  response_mode: text("response_mode", { length: 256 }),
+  redirect_uri: text("redirect_uri", { length: 1024 }),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  expires_at: text("expires_at", { length: 35 }).notNull(),
+  used_at: text("used_at", { length: 35 }),
+});
+
+export const otps = sqliteTable(
+  "otps",
+  {
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    id: text("id", { length: 255 }).primaryKey(),
+    client_id: text("client_id", { length: 255 }).notNull(),
+    code: text("code", { length: 255 }).notNull(),
+    email: text("email", { length: 255 }).notNull(),
+    user_id: text("user_id", { length: 255 }),
+    send: text("send", { length: 255 }),
+    nonce: text("nonce", { length: 255 }),
+    state: text("state", { length: 1024 }),
+    scope: text("scope", { length: 1024 }),
+    response_type: text("response_type", { length: 256 }),
+    response_mode: text("response_mode", { length: 256 }),
+    redirect_uri: text("redirect_uri", { length: 1024 }),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    expires_at: text("expires_at", { length: 35 }).notNull(),
+    used_at: text("used_at", { length: 35 }),
+    audience: text("audience", { length: 255 }),
+    ip: text("ip", { length: 64 }),
+  },
+  (table) => [
+    index("otps_email_index").on(table.email),
+    index("otps_expires_at_index").on(table.expires_at),
+  ],
+);
+
+export const tickets = sqliteTable("tickets", {
+  tenant_id: text("tenant_id", { length: 191 })
+    .notNull()
+    .references(() => tenants.id, { onDelete: "cascade" }),
+  id: text("id", { length: 255 }).primaryKey(),
+  client_id: text("client_id", { length: 255 }).notNull(),
+  email: text("email", { length: 255 }).notNull(),
+  nonce: text("nonce", { length: 255 }),
+  state: text("state", { length: 1024 }),
+  scope: text("scope", { length: 1024 }),
+  response_type: text("response_type", { length: 256 }),
+  response_mode: text("response_mode", { length: 256 }),
+  redirect_uri: text("redirect_uri", { length: 1024 }),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  expires_at: text("expires_at", { length: 35 }).notNull(),
+  used_at: text("used_at", { length: 35 }),
+});

package/src/schema/sqlite/tenants.ts

@@ -0,0 +1,55 @@
+import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+
+export const tenants = sqliteTable("tenants", {
+  id: text("id", { length: 191 }).primaryKey(),
+  name: text("name", { length: 255 }),
+  audience: text("audience", { length: 255 }),
+  sender_email: text("sender_email", { length: 255 }),
+  sender_name: text("sender_name", { length: 255 }),
+  language: text("language", { length: 255 }),
+  logo: text("logo", { length: 255 }),
+  primary_color: text("primary_color", { length: 255 }),
+  secondary_color: text("secondary_color", { length: 255 }),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+  support_url: text("support_url", { length: 255 }),
+  idle_session_lifetime: integer("idle_session_lifetime"),
+  session_lifetime: integer("session_lifetime"),
+  session_cookie: text("session_cookie"),
+  allowed_logout_urls: text("allowed_logout_urls"),
+  ephemeral_session_lifetime: integer("ephemeral_session_lifetime"),
+  idle_ephemeral_session_lifetime: integer("idle_ephemeral_session_lifetime"),
+  default_redirection_uri: text("default_redirection_uri"),
+  enabled_locales: text("enabled_locales"),
+  default_directory: text("default_directory", { length: 255 }),
+  error_page: text("error_page"),
+  flags: text("flags"),
+  friendly_name: text("friendly_name", { length: 255 }),
+  picture_url: text("picture_url"),
+  support_email: text("support_email", { length: 255 }),
+  sandbox_version: text("sandbox_version", { length: 50 }),
+  sandbox_versions_available: text("sandbox_versions_available"),
+  legacy_sandbox_version: text("legacy_sandbox_version", { length: 50 }),
+  change_password: text("change_password"),
+  guardian_mfa_page: text("guardian_mfa_page"),
+  device_flow: text("device_flow"),
+  default_token_quota: text("default_token_quota"),
+  default_audience: text("default_audience", { length: 255 }),
+  default_organization: text("default_organization", { length: 255 }),
+  sessions: text("sessions"),
+  oidc_logout: text("oidc_logout"),
+  allow_organization_name_in_authentication_api: integer(
+    "allow_organization_name_in_authentication_api",
+  ),
+  customize_mfa_in_postlogin_action: integer(
+    "customize_mfa_in_postlogin_action",
+  ),
+  acr_values_supported: text("acr_values_supported"),
+  mtls: text("mtls"),
+  pushed_authorization_requests_supported: integer(
+    "pushed_authorization_requests_supported",
+  ),
+  authorization_response_iss_parameter_supported: integer(
+    "authorization_response_iss_parameter_supported",
+  ),
+});

package/src/schema/sqlite/users.ts

@@ -0,0 +1,84 @@
+import {
+  sqliteTable,
+  text,
+  integer,
+  primaryKey,
+  uniqueIndex,
+  index,
+} from "drizzle-orm/sqlite-core";
+import { tenants } from "./tenants";
+
+export const users = sqliteTable(
+  "users",
+  {
+    user_id: text("user_id", { length: 255 }).notNull(),
+    tenant_id: text("tenant_id", { length: 191 })
+      .notNull()
+      .references(() => tenants.id, { onDelete: "cascade" }),
+    email: text("email", { length: 255 }),
+    given_name: text("given_name", { length: 255 }),
+    family_name: text("family_name", { length: 255 }),
+    nickname: text("nickname", { length: 255 }),
+    name: text("name", { length: 255 }),
+    picture: text("picture", { length: 2083 }),
+    tags: text("tags", { length: 255 }),
+    phone_number: text("phone_number", { length: 17 }),
+    phone_verified: integer("phone_verified", { mode: "boolean" }),
+    username: text("username", { length: 128 }),
+    created_at: text("created_at", { length: 35 }).notNull(),
+    updated_at: text("updated_at", { length: 35 }).notNull(),
+    linked_to: text("linked_to", { length: 255 }),
+    last_ip: text("last_ip", { length: 255 }),
+    login_count: integer("login_count").notNull(),
+    last_login: text("last_login", { length: 255 }),
+    provider: text("provider", { length: 255 }).notNull(),
+    connection: text("connection", { length: 255 }),
+    email_verified: integer("email_verified", { mode: "boolean" }).notNull(),
+    is_social: integer("is_social", { mode: "boolean" }).notNull(),
+    app_metadata: text("app_metadata", { length: 4096 })
+      .notNull()
+      .default("{}"),
+    user_metadata: text("user_metadata", { length: 4096 })
+      .notNull()
+      .default("{}"),
+    profileData: text("profileData", { length: 2048 }),
+    locale: text("locale", { length: 255 }),
+  },
+  (table) => [
+    primaryKey({
+      columns: [table.user_id, table.tenant_id],
+      name: "users_tenants",
+    }),
+    uniqueIndex("unique_email_provider").on(
+      table.email,
+      table.provider,
+      table.tenant_id,
+    ),
+    uniqueIndex("unique_phone_provider").on(
+      table.phone_number,
+      table.provider,
+      table.tenant_id,
+    ),
+    index("users_email_index").on(table.email),
+    index("users_linked_to_index").on(table.linked_to),
+    index("users_name_index").on(table.name),
+    index("users_phone_tenant_provider_index").on(
+      table.tenant_id,
+      table.phone_number,
+      table.provider,
+    ),
+  ],
+);
+
+export const passwords = sqliteTable("passwords", {
+  id: text("id", { length: 21 }).primaryKey(),
+  tenant_id: text("tenant_id", { length: 191 })
+    .notNull()
+    .references(() => tenants.id, { onDelete: "cascade" }),
+  user_id: text("user_id", { length: 255 }).notNull(),
+  created_at: text("created_at", { length: 35 }).notNull(),
+  updated_at: text("updated_at", { length: 35 }).notNull(),
+  password: text("password", { length: 255 }).notNull(),
+  algorithm: text("algorithm", { length: 16 }).notNull().default("bcrypt"),
+  is_current: integer("is_current").notNull().default(1),
+});