@logto/cloud 0.2.5-fadb481

package/LICENSE

@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.

package/build/env-set/index.d.ts

@@ -0,0 +1,5 @@
+import { GlobalValues } from '@logto/shared';
+export declare const EnvSet: {
+    global: GlobalValues;
+    readonly isProduction: boolean;
+};

package/build/index.d.ts

@@ -0,0 +1 @@
+export {};

package/build/libraries/services.d.ts

@@ -0,0 +1,16 @@
+import type { SendMessagePayload, ConnectorType } from '@logto/connector-kit';
+import type { ServiceLogType } from '@logto/schemas';
+import type { Queries } from '#src/queries/index.js';
+import type { LogtoConnector } from '#src/utils/connector/index.js';
+export declare const serviceCountLimitForTenant = 100;
+export declare class ServicesLibrary {
+    readonly queries: Queries;
+    constructor(queries: Queries);
+    getTenantIdFromApplicationId(applicationId: string): Promise<string | undefined>;
+    getAdminTenantLogtoConnectors(): Promise<LogtoConnector[]>;
+    sendMessage(type: ConnectorType.Email | ConnectorType.Sms, data: SendMessagePayload): Promise<unknown>;
+    sendEmail(data: SendMessagePayload): Promise<import("got").Response<string>>;
+    addLog(tenantId: string, type: ServiceLogType, payload?: unknown): Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    getTenantBalanceForType(tenantId: string, type: ServiceLogType): Promise<number>;
+    getTenantUsageByTypeFrom(tenantId: string, type: ServiceLogType, from?: Date): Promise<number>;
+}

package/build/libraries/tenants.d.ts

@@ -0,0 +1,11 @@
+import { type TenantModel } from '@logto/schemas';
+import type { TenantInfo } from '@logto/schemas/models';
+import type { Queries } from '#src/queries/index.js';
+export declare class TenantsLibrary {
+    readonly queries: Queries;
+    constructor(queries: Queries);
+    getAvailableTenants(userId: string): Promise<TenantInfo[]>;
+    updateTenantById(tenantId: string, payload: Partial<Pick<TenantModel, 'name' | 'tag'>>): Promise<TenantInfo>;
+    deleteTenantById(tenantId: string): Promise<void>;
+    createNewTenant(forUserId: string, payload: Partial<Pick<TenantModel, 'name' | 'tag'>>): Promise<TenantInfo>;
+}

package/build/middleware/with-auth.d.ts

@@ -0,0 +1,18 @@
+import type { IncomingHttpHeaders } from 'node:http';
+import type { NextFunction, RequestContext } from '@withtyped/server';
+export declare const extractBearerTokenFromHeaders: ({ authorization }: IncomingHttpHeaders) => string;
+export type WithAuthContext<Context = RequestContext> = Context & {
+    auth: {
+        id: string;
+        scopes: string[];
+    };
+};
+export type WithAuthConfig = {
+    /** The Logto admin tenant endpoint. */
+    endpoint: URL;
+    /** The audience (i.e. Resource Indicator) to expect. */
+    audience: string;
+    /** The scopes (i.e. permissions) to expect. */
+    scopes?: string[];
+};
+export default function withAuth<InputContext extends RequestContext>({ endpoint, audience, scopes: expectScopes, }: WithAuthConfig): (context: InputContext, next: NextFunction<WithAuthContext<InputContext>>) => Promise<void>;

package/build/middleware/with-error-report.d.ts

@@ -0,0 +1,5 @@
+import type { BaseContext, NextFunction } from '@withtyped/server';
+/**
+ * Build a middleware function that reports error to Azure Application Insights.
+ */
+export default function withErrorReport<InputContext extends BaseContext>(): (context: InputContext, next: NextFunction<InputContext>) => Promise<void>;

package/build/middleware/with-http-proxy.d.ts

@@ -0,0 +1,7 @@
+import type { HttpContext, NextFunction, RequestContext } from '@withtyped/server';
+import type { ServerOptions } from 'http-proxy';
+export type WithHttpProxyOptions = ServerOptions & {
+    /** An array of pathname prefixes to ignore. */
+    ignorePathnames?: string[];
+};
+export default function withHttpProxy<InputContext extends RequestContext>(pathname: string, { ignorePathnames, ...options }: WithHttpProxyOptions): (context: InputContext, next: NextFunction<InputContext>, { request, response }: HttpContext) => Promise<void>;

package/build/middleware/with-pathname.d.ts

@@ -0,0 +1,11 @@
+import type { HttpContext, MiddlewareFunction, NextFunction, RequestContext } from '@withtyped/server';
+/**
+ * Build a middleware function that conditionally runs the given middleware function when:
+ *
+ * - The current pathname matches the given pathname prefix; and
+ * - `context.status` is unset (i.e. `undefined`).
+ *
+ * @param pathname The pathname prefix to match.
+ * @param run The middleware function to run with the prefix matches.
+ */
+export default function withPathname<InputContext extends RequestContext, OutputContext extends RequestContext>(pathname: string, run: MiddlewareFunction<InputContext, InputContext | OutputContext>): (context: InputContext, next: NextFunction<InputContext | OutputContext>, httpContext: HttpContext) => Promise<void>;

package/build/middleware/with-security-headers.d.ts

@@ -0,0 +1,2 @@
+import type { NextFunction, HttpContext, RequestContext } from '@withtyped/server';
+export default function withSecurityHeaders<InputContext extends RequestContext>(): (context: InputContext, next: NextFunction<InputContext>, { response, request }: HttpContext) => Promise<void>;

package/build/middleware/with-spa.d.ts

@@ -0,0 +1,28 @@
+import type { HttpContext, NextFunction, RequestContext } from '@withtyped/server';
+export type WithSpaConfig = {
+    /**
+     * Browser cache max-age in seconds.
+     * @default 604_800 // 7 days
+     */
+    maxAge?: number;
+    /** The root directory to serve files. */
+    root: string;
+    /**
+     * The URL pathname to serve as root.
+     * @default '/'
+     */
+    pathname?: string;
+    /** An array of pathname prefixes to ignore. */
+    ignorePathnames?: string[];
+    /**
+     * The path to file to serve when the given path cannot be found in the file system.
+     * @default 'index.html'
+     */
+    indexPath?: string;
+    /**
+     * Explicitly disable cache for the index file in order to keep fresh and avoid cache invalidation issues.
+     * @default true
+     */
+    disableIndexCache?: boolean;
+};
+export default function withSpa<InputContext extends RequestContext>({ maxAge, root, pathname: rootPathname, ignorePathnames, indexPath: index, disableIndexCache, }: WithSpaConfig): (context: InputContext, next: NextFunction<InputContext>, { request }: HttpContext) => Promise<void>;

package/build/models/checkout-sessions.d.ts

@@ -0,0 +1,24 @@
+import { type InferModelType } from '@withtyped/server/model';
+import { z } from 'zod';
+/**
+ * This table is used for tracking user initialed checkout sessions.
+ * A successful checkout session trigger a subscription creation webhook.
+ * Logto will create a subscription record in the subscriptions table.
+ * Incase of a failed or delayed webhook event, we can use this table to fetch the session result.
+ *
+ *
+ * _id: should use the session id from stripe.
+ * _tenant_id: if present, the subscription is made for a existing tenant. Otherwise need to create a new tenant.
+ * _status: https://stripe.com/docs/api/checkout/sessions/object#checkout_session_object-status
+ */
+export declare const sessionStatusGuard: z.ZodUnion<[z.ZodLiteral<"open">, z.ZodLiteral<"complete">, z.ZodLiteral<"expired">]>;
+export declare const CheckoutSessionsModel: import("@withtyped/server/model").default<"checkout_sessions", {
+    id: string;
+    tenantId: string | null;
+    userId: string;
+    planId: string;
+    status: "open" | "complete" | "expired";
+    createdAt: Date;
+    updatedAt: Date;
+}, never, never>;
+export type CheckoutSessions = InferModelType<typeof CheckoutSessionsModel>;

package/build/models/consts/subscription-plan-quota.d.ts

@@ -0,0 +1,10 @@
+/**
+ * This is the default Logto subscription plan quota definition.
+ * For DB seed only, value may be outdated.
+ * Please refer to the DB data as the source of truth.
+ */
+import { type SubscriptionPlanQuota, type SubscriptionPlans } from '../subscription-plans.js';
+export declare const free: SubscriptionPlanQuota;
+export declare const hobby: SubscriptionPlanQuota;
+export declare const pro: SubscriptionPlanQuota;
+export declare const seedData: Array<Omit<SubscriptionPlans, 'createdAt' | 'updatedAt'>>;

package/build/models/subscription-plans.d.ts

@@ -0,0 +1,132 @@
+import { type InferModelType } from '@withtyped/server/model';
+import { z } from 'zod';
+export declare enum ProductType {
+    FlatRate = "FlatRate",
+    Tier1 = "tier1",
+    Tier2 = "tier2",
+    Tier3 = "tier3"
+}
+export declare const productGuard: z.ZodObject<{
+    id: z.ZodString;
+    name: z.ZodString;
+    type: z.ZodNativeEnum<typeof ProductType>;
+    description: z.ZodOptional<z.ZodString>;
+    price: z.ZodObject<{
+        id: z.ZodString;
+        unitAmount: z.ZodNumber;
+        unitAmountDecimal: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        id: string;
+        unitAmount: number;
+        unitAmountDecimal: string;
+    }, {
+        id: string;
+        unitAmount: number;
+        unitAmountDecimal: string;
+    }>;
+}, "strip", z.ZodTypeAny, {
+    description?: string | undefined;
+    type: ProductType;
+    id: string;
+    name: string;
+    price: {
+        id: string;
+        unitAmount: number;
+        unitAmountDecimal: string;
+    };
+}, {
+    description?: string | undefined;
+    type: ProductType;
+    id: string;
+    name: string;
+    price: {
+        id: string;
+        unitAmount: number;
+        unitAmountDecimal: string;
+    };
+}>;
+export declare const subscriptionPlanQuotaGuard: z.ZodObject<{
+    tenantLimit: z.ZodNullable<z.ZodNumber>;
+    mauLimit: z.ZodNullable<z.ZodNumber>;
+    applicationsLimit: z.ZodNumber;
+    machineToMachineLimit: z.ZodNumber;
+    resourcesLimit: z.ZodNumber;
+    scopesPerResourceLimit: z.ZodNumber;
+    customDomainEnabled: z.ZodBoolean;
+    omniSignInEnabled: z.ZodBoolean;
+    builtInEmailConnectorEnabled: z.ZodBoolean;
+    socialConnectorsLimit: z.ZodNullable<z.ZodNumber>;
+    standardConnectorsLimit: z.ZodNumber;
+    rolesLimit: z.ZodNumber;
+    scopesPerRoleLimit: z.ZodNullable<z.ZodNumber>;
+    hooksLimit: z.ZodNumber;
+    auditLogsRetentionDays: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    tenantLimit: number | null;
+    mauLimit: number | null;
+    applicationsLimit: number;
+    machineToMachineLimit: number;
+    resourcesLimit: number;
+    scopesPerResourceLimit: number;
+    customDomainEnabled: boolean;
+    omniSignInEnabled: boolean;
+    builtInEmailConnectorEnabled: boolean;
+    socialConnectorsLimit: number | null;
+    standardConnectorsLimit: number;
+    rolesLimit: number;
+    scopesPerRoleLimit: number | null;
+    hooksLimit: number;
+    auditLogsRetentionDays: number;
+}, {
+    tenantLimit: number | null;
+    mauLimit: number | null;
+    applicationsLimit: number;
+    machineToMachineLimit: number;
+    resourcesLimit: number;
+    scopesPerResourceLimit: number;
+    customDomainEnabled: boolean;
+    omniSignInEnabled: boolean;
+    builtInEmailConnectorEnabled: boolean;
+    socialConnectorsLimit: number | null;
+    standardConnectorsLimit: number;
+    rolesLimit: number;
+    scopesPerRoleLimit: number | null;
+    hooksLimit: number;
+    auditLogsRetentionDays: number;
+}>;
+export declare const SubscriptionPlansModel: import("@withtyped/server/model").default<"subscription_plans", {
+    id: string;
+    name: string;
+    products: {
+        description?: string | undefined;
+        type: ProductType;
+        id: string;
+        name: string;
+        price: {
+            id: string;
+            unitAmount: number;
+            unitAmountDecimal: string;
+        };
+    }[];
+    quota: {
+        tenantLimit: number | null;
+        mauLimit: number | null;
+        applicationsLimit: number;
+        machineToMachineLimit: number;
+        resourcesLimit: number;
+        scopesPerResourceLimit: number;
+        customDomainEnabled: boolean;
+        omniSignInEnabled: boolean;
+        builtInEmailConnectorEnabled: boolean;
+        socialConnectorsLimit: number | null;
+        standardConnectorsLimit: number;
+        rolesLimit: number;
+        scopesPerRoleLimit: number | null;
+        hooksLimit: number;
+        auditLogsRetentionDays: number;
+    };
+    createdAt: Date;
+    updatedAt: Date;
+}, "createdAt" | "updatedAt" | "products", "createdAt">;
+export type SubscriptionPlans = InferModelType<typeof SubscriptionPlansModel>;
+export type SubscriptionPlanQuota = z.infer<typeof subscriptionPlanQuotaGuard>;

package/build/models/subscriptions-usage.d.ts

@@ -0,0 +1,24 @@
+import { type InferModelType } from '@withtyped/server/model';
+import { z } from 'zod';
+import { ProductType } from './subscription-plans.js';
+/**
+ * This table is used for recording and tracking the MAU based usage of a tenant for each business cycle.
+ * The same usage data record will be reported to stripe for billing.
+ *
+ * constraint subscriptions_usage__start_at: Usage record should be unique for each business cycle.
+ * constraint subscriptions_usage__linear_range: start_at should be earlier than end_at.
+ * exclude using gist: Prevent overlapping usage records for the same subscription.
+ */
+export declare const usageGuard: z.ZodRecord<z.ZodNativeEnum<typeof ProductType>, z.ZodNumber>;
+export declare const SubscriptionsUsageModel: import("@withtyped/server/model").default<"subscriptions_usage", {
+    updatedAt: Date;
+    id: string;
+    subscriptionId: string;
+    startAt: Date;
+    endAt: Date | null;
+    usage: Partial<Record<ProductType, number>>;
+    exclude: null;
+    "'[)')": null;
+}, "usage", never>;
+export type UsageType = z.infer<typeof usageGuard>;
+export type SubscriptionsUsage = InferModelType<typeof SubscriptionsUsageModel>;

package/build/models/subscriptions.d.ts

@@ -0,0 +1,31 @@
+import { type InferModelType } from '@withtyped/server/model';
+import { z } from 'zod';
+/**
+ * Stripe Subscription Object
+ * https://stripe.com/docs/api/subscriptions/object
+ */
+export declare const subscriptionStatusGuard: z.ZodUnion<[z.ZodLiteral<"incomplete">, z.ZodLiteral<"incomplete_expired">, z.ZodLiteral<"trialing">, z.ZodLiteral<"active">, z.ZodLiteral<"past_due">, z.ZodLiteral<"canceled">, z.ZodLiteral<"unpaid">]>;
+/**
+ * _tenant_id:
+ * Refrain from marking tenant_id as a foreign key in this case,
+ * as the parent tenant data may undergo hard deletion,
+ * while it is necessary to retain the subscription data for billing purposes.
+ * Need to validate the tenant_id exclusively in the application layer.
+ *
+ * _plan_id:
+ * Can not delete a subscription plan if it is being used by a tenant.
+ */
+export declare const SubscriptionsModel: import("@withtyped/server/model").default<"subscriptions", {
+    planId: string;
+    status: "incomplete" | "incomplete_expired" | "trialing" | "active" | "past_due" | "canceled" | "unpaid";
+    createdAt: Date;
+    updatedAt: Date;
+    id: string;
+    tenantId: string;
+    currentPeriodStart: Date;
+    currentPeriodEnd: Date;
+    customerId: string;
+    latestInvoiceId: string | null;
+    canceledAt: Date | null;
+}, never, never>;
+export type Subscriptions = InferModelType<typeof SubscriptionsModel>;

package/build/models/tenants-subscriptions.d.ts

@@ -0,0 +1,20 @@
+import { type InferModelType } from '@withtyped/server/model';
+/**
+ * Create a tenants_subscriptions relation record only on tenant first ever sign up a paid plan.
+ * If no record found, the tenant is on a free plan and never had a stripe payment before.
+ *
+ * _current_subscription_id:
+ * Can not delete a subscription if it is being used by a tenant.
+ * Remain null for free plan tenants.
+ *
+ * _customer_id:
+ * constraint unique customer_id for each tenant.
+ */
+export declare const TenantsSubscriptionsModel: import("@withtyped/server/model").default<"tenants_subscriptions", {
+    createdAt: Date;
+    updatedAt: Date;
+    customerId: string;
+    tenantId: string;
+    currentSubscriptionId: string | null;
+}, "createdAt" | "updatedAt", "createdAt">;
+export type TenantsSubscriptions = InferModelType<typeof TenantsSubscriptionsModel>;

package/build/queries/application.d.ts

@@ -0,0 +1,9 @@
+import type { Application, CreateApplication, CreateApplicationsRole } from '@logto/schemas';
+import type { PostgreSql } from '@withtyped/postgres';
+import type { Queryable } from '@withtyped/server';
+export type ApplicationsQuery = ReturnType<typeof createApplicationsQueries>;
+export declare const createApplicationsQueries: (client: Queryable<PostgreSql>) => {
+    insertApplication: (data: CreateApplication) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    assignRoleToApplication: (data: CreateApplicationsRole) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    findApplicationById: (id: string, tenantId: string) => Promise<Application>;
+};

package/build/queries/connector.d.ts

@@ -0,0 +1,11 @@
+import type { Connector, CreateConnector } from '@logto/schemas';
+import type { PostgreSql } from '@withtyped/postgres';
+import type { JsonObject, Queryable } from '@withtyped/server';
+export type ConnectorsQuery = ReturnType<typeof createConnectorsQuery>;
+export declare const createConnectorsQuery: (client: Queryable<PostgreSql>) => {
+    findAllConnectors: (tenantId: string) => Promise<Connector[]>;
+    insertConnector: (connector: Pick<CreateConnector, 'id' | 'tenantId' | 'connectorId'> & {
+        config: JsonObject;
+        metadata?: JsonObject;
+    }) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+};

package/build/queries/index.d.ts

@@ -0,0 +1,104 @@
+export declare class Queries {
+    static default: Queries;
+    readonly client: import("@withtyped/postgres").PostgresQueryClient;
+    readonly tenants: {
+        getManagementApiLikeIndicatorsForUser: (userId: string) => Promise<import("@withtyped/server").QueryResult<{
+            indicator: string;
+        }>>;
+        insertTenant: (tenant: Pick<{
+            id: string;
+            dbUser: string | null;
+            dbUserPassword: string | null;
+            name: string;
+            tag: import("@logto/schemas/lib/models/tenants.js").TenantTag;
+            createdAt: Date;
+        }, "id" | "dbUser" | "dbUserPassword"> & Partial<Pick<{
+            id: string;
+            dbUser: string | null;
+            dbUserPassword: string | null;
+            name: string;
+            tag: import("@logto/schemas/lib/models/tenants.js").TenantTag;
+            createdAt: Date;
+        }, "name" | "tag">>) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+        updateTenantById: (tenantId: string, payload: Partial<Pick<{
+            id: string;
+            dbUser: string | null;
+            dbUserPassword: string | null;
+            name: string;
+            tag: import("@logto/schemas/lib/models/tenants.js").TenantTag;
+            createdAt: Date;
+        }, "name" | "tag">>) => Promise<{
+            id: string;
+            dbUser: string | null;
+            dbUserPassword: string | null;
+            name: string;
+            tag: import("@logto/schemas/lib/models/tenants.js").TenantTag;
+            createdAt: Date;
+        }>;
+        createTenantRole: (parentRole: string, role: string, password: string) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+        deleteDatabaseRoleForTenant: (role: string) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+        insertAdminData: (data: import("@logto/schemas").AdminData) => Promise<void>;
+        getTenantById: (id: string) => Promise<Pick<{
+            id: string;
+            dbUser: string | null;
+            dbUserPassword: string | null;
+            name: string;
+            tag: import("@logto/schemas/lib/models/tenants.js").TenantTag;
+            createdAt: Date;
+        }, "name" | "tag" | "dbUser">>;
+        getTenantsByIds: (tenantIds: string[]) => Promise<Pick<{
+            id: string;
+            dbUser: string | null;
+            dbUserPassword: string | null;
+            name: string;
+            tag: import("@logto/schemas/lib/models/tenants.js").TenantTag;
+            createdAt: Date;
+        }, "id" | "name" | "tag">[]>;
+        deleteClientTenantManagementApplicationById: (tenantId: string) => Promise<void>;
+        deleteClientTenantManagementApiResourceByTenantId: (tenantId: string) => Promise<void>;
+        deleteClientTenantRoleById: (tenantId: string) => Promise<void>;
+        deleteTenantById: (id: string) => Promise<void>;
+        appendAdminConsoleRedirectUris: (...urls: URL[]) => Promise<void>;
+        removeUrisFromAdminConsoleRedirectUris: (...urls: URL[]) => Promise<void>;
+    };
+    readonly users: {
+        assignRoleToUser: (data: import("@logto/schemas").UsersRole) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    };
+    readonly applications: {
+        insertApplication: (data: import("@logto/schemas").CreateApplication) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+        assignRoleToApplication: (data: import("@logto/schemas").CreateApplicationsRole) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+        findApplicationById: (id: string, tenantId: string) => Promise<import("@logto/schemas").Application>;
+    };
+    readonly connectors: {
+        findAllConnectors: (tenantId: string) => Promise<import("@logto/schemas").Connector[]>;
+        insertConnector: (connector: Pick<import("@logto/schemas").CreateConnector, "tenantId" | "id" | "connectorId"> & {
+            config: import("@withtyped/server").JsonObject;
+            metadata?: import("@withtyped/server").JsonObject | undefined;
+        }) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    };
+    readonly serviceLogs: {
+        insertLog: (data: Omit<import("@logto/schemas").CreateServiceLog, "payload"> & {
+            payload?: import("@withtyped/server").JsonObject | undefined;
+        }) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+        countTenantLogs: (tenantId: string, type: import("@logto/schemas").ServiceLogType, from?: Date | undefined) => Promise<number>;
+    };
+    readonly systems: {
+        getDemoSocialValue: () => Promise<{
+            name: string;
+            logo: string;
+            logoDark: string;
+            provider: import("@logto/schemas").DemoSocialProvider;
+            clientId: string;
+        }[] | undefined>;
+        getEmailServiceConfig: () => Promise<{
+            provider: import("@logto/schemas").EmailServiceProvider;
+            apiKey: string;
+            fromName: string;
+            fromEmail: string;
+            templates: Partial<Record<import("@logto/schemas").OtherEmailTemplate | import("@logto/connector-kit").VerificationCodeType, {
+                subject: string;
+                content: string;
+            }>>;
+        } | undefined>;
+    };
+}

package/build/queries/roles.d.ts

@@ -0,0 +1,6 @@
+import type { PostgreSql } from '@withtyped/postgres';
+import type { Queryable } from '@withtyped/server';
+export type RolesQuery = ReturnType<typeof createRolesQuery>;
+export declare const createRolesQuery: (client: Queryable<PostgreSql>) => {
+    findRoleIdByName: (roleName: string, tenantId: string) => Promise<string>;
+};

package/build/queries/service-logs.d.ts

@@ -0,0 +1,10 @@
+import type { CreateServiceLog, ServiceLogType } from '@logto/schemas';
+import type { PostgreSql } from '@withtyped/postgres';
+import type { JsonObject, Queryable } from '@withtyped/server';
+export type ServiceLogsQueries = ReturnType<typeof createServiceLogsQueries>;
+export declare const createServiceLogsQueries: (client: Queryable<PostgreSql>) => {
+    insertLog: (data: Omit<CreateServiceLog, 'payload'> & {
+        payload?: JsonObject;
+    }) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    countTenantLogs: (tenantId: string, type: ServiceLogType, from?: Date) => Promise<number>;
+};

package/build/queries/system.d.ts

@@ -0,0 +1,22 @@
+import type { PostgreSql } from '@withtyped/postgres';
+import type { Queryable } from '@withtyped/server';
+export type SystemsQuery = ReturnType<typeof createSystemsQuery>;
+export declare const createSystemsQuery: (client: Queryable<PostgreSql>) => {
+    getDemoSocialValue: () => Promise<{
+        name: string;
+        logo: string;
+        logoDark: string;
+        provider: import("@logto/schemas").DemoSocialProvider;
+        clientId: string;
+    }[] | undefined>;
+    getEmailServiceConfig: () => Promise<{
+        provider: import("@logto/schemas").EmailServiceProvider;
+        apiKey: string;
+        fromName: string;
+        fromEmail: string;
+        templates: Partial<Record<import("@logto/schemas").OtherEmailTemplate | import("@logto/connector-kit").VerificationCodeType, {
+            subject: string;
+            content: string;
+        }>>;
+    } | undefined>;
+};

package/build/queries/tenants.d.ts

@@ -0,0 +1,30 @@
+import { type AdminData } from '@logto/schemas';
+import type { TenantModel } from '@logto/schemas/models';
+import { type PostgreSql } from '@withtyped/postgres';
+import type { Queryable } from '@withtyped/server';
+export type TenantsQueries = ReturnType<typeof createTenantsQueries>;
+export declare const createTenantsQueries: (client: Queryable<PostgreSql>) => {
+    getManagementApiLikeIndicatorsForUser: (userId: string) => Promise<import("@withtyped/server").QueryResult<{
+        indicator: string;
+    }>>;
+    insertTenant: (tenant: Pick<TenantModel, 'id' | 'dbUser' | 'dbUserPassword'> & Partial<Pick<TenantModel, 'name' | 'tag'>>) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    updateTenantById: (tenantId: string, payload: Partial<Pick<TenantModel, 'name' | 'tag'>>) => Promise<{
+        id: string;
+        dbUser: string | null;
+        dbUserPassword: string | null;
+        name: string;
+        tag: import("@logto/schemas/models").TenantTag;
+        createdAt: Date;
+    }>;
+    createTenantRole: (parentRole: string, role: string, password: string) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    deleteDatabaseRoleForTenant: (role: string) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+    insertAdminData: (data: AdminData) => Promise<void>;
+    getTenantById: (id: string) => Promise<Pick<TenantModel, 'dbUser' | 'name' | 'tag'>>;
+    getTenantsByIds: (tenantIds: string[]) => Promise<Array<Pick<TenantModel, 'id' | 'name' | 'tag'>>>;
+    deleteClientTenantManagementApplicationById: (tenantId: string) => Promise<void>;
+    deleteClientTenantManagementApiResourceByTenantId: (tenantId: string) => Promise<void>;
+    deleteClientTenantRoleById: (tenantId: string) => Promise<void>;
+    deleteTenantById: (id: string) => Promise<void>;
+    appendAdminConsoleRedirectUris: (...urls: URL[]) => Promise<void>;
+    removeUrisFromAdminConsoleRedirectUris: (...urls: URL[]) => Promise<void>;
+};

package/build/queries/users.d.ts

@@ -0,0 +1,7 @@
+import type { UsersRole } from '@logto/schemas';
+import type { PostgreSql } from '@withtyped/postgres';
+import type { Queryable } from '@withtyped/server';
+export type UsersQueries = ReturnType<typeof createUsersQueries>;
+export declare const createUsersQueries: (client: Queryable<PostgreSql>) => {
+    assignRoleToUser: (data: UsersRole) => Promise<import("@withtyped/server").QueryResult<Record<string, unknown>>>;
+};

package/build/queries/utils.d.ts

@@ -0,0 +1,3 @@
+import type { PostgreSql } from '@withtyped/postgres';
+import type { Queryable } from '@withtyped/server';
+export declare const getDatabaseName: (client: Queryable<PostgreSql>) => Promise<string>;

package/build/routes/index.d.ts

@@ -0,0 +1,78 @@
+import type { WithAuthContext } from '#src/middleware/with-auth.js';
+declare const router: import("@withtyped/server").Router<WithAuthContext, import("@withtyped/server").MergeRoutes<import("@withtyped/server").MergeRoutes<import("@withtyped/server").BaseRoutes, import("@withtyped/server").RoutesWithPrefix<{
+    options: {};
+    patch: {
+        "/tenants/:tenantId": import("@withtyped/server").PathGuard<"/:tenantId", unknown, {
+            name?: string | undefined;
+            tag?: import("@logto/schemas/lib/models/tenants.js").TenantTag | undefined;
+        }, import("@logto/schemas/lib/models/tenants.js").TenantInfo>;
+    };
+    get: {
+        "/tenants": import("@withtyped/server").PathGuard<"/", unknown, unknown, import("@logto/schemas/lib/models/tenants.js").TenantInfo[]>;
+    };
+    post: {
+        "/tenants": import("@withtyped/server").PathGuard<"/", unknown, {
+            name?: string | undefined;
+            tag?: import("@logto/schemas/lib/models/tenants.js").TenantTag | undefined;
+        }, import("@logto/schemas/lib/models/tenants.js").TenantInfo>;
+    };
+    put: {};
+    head: {};
+    delete: {
+        "/tenants/:tenantId": import("@withtyped/server").PathGuard<"/:tenantId", unknown, unknown, unknown>;
+    };
+    copy: {};
+}, "/api">>, import("@withtyped/server").RoutesWithPrefix<{
+    options: {};
+    patch: {};
+    get: {
+        "/services/mails/usage": import("@withtyped/server").PathGuard<"/mails/usage", {
+            from?: string | undefined;
+        }, unknown, unknown>;
+    };
+    post: {
+        "/services/send-email": import("@withtyped/server").PathGuard<"/send-email", unknown, {
+            data: {
+                type: import("@logto/connector-kit").VerificationCodeType;
+                to: string;
+                payload: {
+                    fromName?: string | undefined;
+                    companyAddress?: string | undefined;
+                    appLogo?: string | undefined;
+                    code: string;
+                };
+            };
+        }, unknown>;
+    } & {
+        "/services/mails": import("@withtyped/server").PathGuard<"/mails", unknown, {
+            data: {
+                type: import("@logto/connector-kit").VerificationCodeType;
+                to: string;
+                payload: {
+                    fromName?: string | undefined;
+                    companyAddress?: string | undefined;
+                    appLogo?: string | undefined;
+                    code: string;
+                };
+            };
+        }, unknown>;
+    } & {
+        "/services/send-sms": import("@withtyped/server").PathGuard<"/send-sms", unknown, {
+            data: {
+                type: import("@logto/connector-kit").VerificationCodeType;
+                to: string;
+                payload: {
+                    fromName?: string | undefined;
+                    companyAddress?: string | undefined;
+                    appLogo?: string | undefined;
+                    code: string;
+                };
+            };
+        }, unknown>;
+    };
+    put: {};
+    head: {};
+    delete: {};
+    copy: {};
+}, "/api">>, "/api">;
+export default router;

package/build/routes/services.d.ts

@@ -0,0 +1,53 @@
+import type { ServicesLibrary } from '#src/libraries/services.js';
+import type { WithAuthContext } from '#src/middleware/with-auth.js';
+export declare const servicesRoutes: (library: ServicesLibrary) => import("@withtyped/server").RouterWithRoute<WithAuthContext, {
+    options: {};
+    patch: {};
+    get: {
+        "/services/mails/usage": import("@withtyped/server").PathGuard<"/mails/usage", {
+            from?: string | undefined;
+        }, unknown, unknown>;
+    };
+    post: {
+        "/services/send-email": import("@withtyped/server").PathGuard<"/send-email", unknown, {
+            data: {
+                type: import("@logto/connector-kit").VerificationCodeType;
+                to: string;
+                payload: {
+                    fromName?: string | undefined;
+                    companyAddress?: string | undefined;
+                    appLogo?: string | undefined;
+                    code: string;
+                };
+            };
+        }, unknown>;
+    } & {
+        "/services/mails": import("@withtyped/server").PathGuard<"/mails", unknown, {
+            data: {
+                type: import("@logto/connector-kit").VerificationCodeType;
+                to: string;
+                payload: {
+                    fromName?: string | undefined;
+                    companyAddress?: string | undefined;
+                    appLogo?: string | undefined;
+                    code: string;
+                };
+            };
+        }, unknown>;
+    };
+    put: {};
+    head: {};
+    delete: {};
+    copy: {};
+}, "/services", "post", "/send-sms", unknown, {
+    data: {
+        type: import("@logto/connector-kit").VerificationCodeType;
+        to: string;
+        payload: {
+            fromName?: string | undefined;
+            companyAddress?: string | undefined;
+            appLogo?: string | undefined;
+            code: string;
+        };
+    };
+}, unknown>;

package/build/routes/tenants.d.ts

@@ -0,0 +1,24 @@
+import type { TenantsLibrary } from '#src/libraries/tenants.js';
+import type { WithAuthContext } from '#src/middleware/with-auth.js';
+export declare const tenantsRoutes: (library: TenantsLibrary) => import("@withtyped/server").RouterWithRoute<WithAuthContext, {
+    options: {};
+    patch: {
+        "/tenants/:tenantId": import("@withtyped/server").PathGuard<"/:tenantId", unknown, {
+            name?: string | undefined;
+            tag?: import("@logto/schemas/models").TenantTag | undefined;
+        }, import("@logto/schemas/models").TenantInfo>;
+    };
+    get: {
+        "/tenants": import("@withtyped/server").PathGuard<"/", unknown, unknown, import("@logto/schemas/models").TenantInfo[]>;
+    };
+    post: {
+        "/tenants": import("@withtyped/server").PathGuard<"/", unknown, {
+            name?: string | undefined;
+            tag?: import("@logto/schemas/models").TenantTag | undefined;
+        }, import("@logto/schemas/models").TenantInfo>;
+    };
+    put: {};
+    head: {};
+    delete: {};
+    copy: {};
+}, "/tenants", "delete", "/:tenantId", unknown, unknown, unknown>;

package/build/routes-anonymous/index.d.ts

@@ -0,0 +1,13 @@
+declare const router: import("@withtyped/server").RouterWithRoute<import("@withtyped/server").RequestContext, {
+    options: {};
+    patch: {};
+    get: {
+        "/api/status": import("@withtyped/server").PathGuard<"/status", unknown, unknown, unknown>;
+    };
+    post: {};
+    put: {};
+    head: {};
+    delete: {};
+    copy: {};
+}, "/api", "get", "/teapot", unknown, unknown, unknown>;
+export default router;

package/build/test-utils/context.d.ts

@@ -0,0 +1,14 @@
+/// <reference types="node" resolution-mode="require"/>
+/// <reference types="node/http.js" />
+import type { HttpContext, RequestContext, RequestMethod } from '@withtyped/server';
+import type { WithAuthContext } from '#src/middleware/with-auth.js';
+export declare const createHttpContext: (isHttps?: boolean) => HttpContext;
+type BuildRequestContext = Partial<RequestContext['request']>;
+export declare const buildRequestContext: <Path extends `GET ${string}` | `POST ${string}` | `PUT ${string}` | `PATCH ${string}` | `DELETE ${string}` | `COPY ${string}` | `HEAD ${string}` | `OPTIONS ${string}`>(path: Path, { headers, body }?: BuildRequestContext) => RequestContext;
+export declare const buildRequestAuthContext: <Path extends `GET ${string}` | `POST ${string}` | `PUT ${string}` | `PATCH ${string}` | `DELETE ${string}` | `COPY ${string}` | `HEAD ${string}` | `OPTIONS ${string}`>(args_0: Path, args_1?: Partial<Record<string, unknown> & {
+    method?: RequestMethod | undefined;
+    headers: import("http").IncomingHttpHeaders;
+    url: URL;
+    body?: unknown;
+}> | undefined) => (scopes?: string[]) => WithAuthContext;
+export {};

package/build/test-utils/function.d.ts

@@ -0,0 +1 @@
+export declare const noop: () => Promise<void>;

package/build/test-utils/libraries.d.ts

@@ -0,0 +1,26 @@
+/// <reference types="jest" />
+import type { ServiceLogType } from '@logto/schemas';
+import type { TenantInfo, TenantTag } from '@logto/schemas/models';
+import type { ServicesLibrary } from '#src/libraries/services.js';
+import type { TenantsLibrary } from '#src/libraries/tenants.js';
+import type { Queries } from '#src/queries/index.js';
+export declare class MockTenantsLibrary implements TenantsLibrary {
+    get queries(): Queries;
+    getAvailableTenants: jest.Mock<Promise<TenantInfo[]>, [string], any>;
+    createNewTenant: jest.Mock<Promise<TenantInfo>, [string, Record<string, unknown>], any>;
+    updateTenantById: jest.Mock<Promise<TenantInfo>, [string, {
+        name?: string | undefined;
+        tag?: TenantTag | undefined;
+    }], any>;
+    deleteTenantById: jest.Mock<Promise<void>, [string], any>;
+}
+export declare class MockServicesLibrary implements ServicesLibrary {
+    get queries(): Queries;
+    getTenantIdFromApplicationId: jest.Mock<Promise<string>, [string], any>;
+    sendMessage: jest.Mock<any, any, any>;
+    sendEmail: jest.Mock<any, any, any>;
+    getAdminTenantLogtoConnectors: jest.Mock<any, any, any>;
+    addLog: jest.Mock<any, any, any>;
+    getTenantBalanceForType: jest.Mock<Promise<number>, [string, ServiceLogType], any>;
+    getTenantUsageByTypeFrom: jest.Mock<Promise<number>, [string, ServiceLogType, Date], any>;
+}

package/build/utils/connector/index.d.ts

@@ -0,0 +1,2 @@
+export * from './types.js';
+export declare const loadConnectorFactories: () => Promise<import("@logto/cli/lib/connector/types.js").ConnectorFactory[]>;

package/build/utils/connector/seed.d.ts

@@ -0,0 +1,17 @@
+export declare const createCloudServiceConnector: (data: {
+    tenantId: string;
+    connectorId: string;
+    appId: string;
+    appSecret: string;
+}) => {
+    id: string;
+    tenantId: string;
+    connectorId: string;
+    config: {
+        appId: string;
+        appSecret: string;
+        tokenEndpoint: string;
+        endpoint: string;
+        resource: string;
+    };
+};

package/build/utils/connector/types.d.ts

@@ -0,0 +1,11 @@
+import type { AllConnector } from '@logto/connector-kit';
+import type { Connector } from '@logto/schemas';
+export { ConnectorType } from '@logto/schemas';
+/**
+ * The connector type with full context.
+ */
+export type LogtoConnector<T extends AllConnector = AllConnector> = T & {
+    validateConfig: (config: unknown) => void;
+} & {
+    dbEntry: Connector;
+};

package/build/utils/email-service/index.d.ts

@@ -0,0 +1,13 @@
+import { type EmailServiceData } from '@logto/schemas';
+export declare const buildEmailService: (config: EmailServiceData) => {
+    send: (sendMessagePayload: {
+        type: import("@logto/connector-kit").VerificationCodeType;
+        to: string;
+        payload: {
+            fromName?: string | undefined;
+            companyAddress?: string | undefined;
+            appLogo?: string | undefined;
+            code: string;
+        };
+    }) => Promise<import("got").Response<string>>;
+};

package/build/utils/email-service/sendgrid.d.ts

@@ -0,0 +1,6 @@
+import type { SendMessagePayload } from '@logto/connector-kit';
+import { type SendgridEmailServiceData } from '@logto/schemas';
+export declare const sendgridEndpoint = "https://api.sendgrid.com/v3/mail/send";
+export declare const buildSendgridEmailService: (config: SendgridEmailServiceData) => {
+    send: (sendMessagePayload: SendMessagePayload) => Promise<import("got").Response<string>>;
+};

package/build/utils/email-service/utils.d.ts

@@ -0,0 +1,2 @@
+import { type Optional } from '@silverhand/essentials';
+export declare const replacePlaceholders: (rawContent: string, patterns: Record<string, Optional<string>>) => string;

package/build/utils/guard.d.ts

@@ -0,0 +1,3 @@
+import type { Json } from '@withtyped/server';
+import { z } from 'zod';
+export declare const jsonObjectGuard: z.ZodRecord<z.ZodString, z.ZodType<Json, z.ZodTypeDef, Json>>;

package/build/utils/logto.d.ts

@@ -0,0 +1,3 @@
+export declare const findLogtoInstanceDirectory: () => Promise<string>;
+export declare const getLogtoConsoleAppDirectory: () => Promise<string>;
+export declare const getLogtoCoreConnectorsDirectory: () => Promise<string>;

package/build/utils/postgres.d.ts

@@ -0,0 +1,4 @@
+import type { createQueryClient } from '@withtyped/postgres';
+type CreateClientConfig = Parameters<typeof createQueryClient>[0];
+export declare const parseDsn: (dsn?: string) => CreateClientConfig;
+export {};

package/build/utils/query.d.ts

@@ -0,0 +1,2 @@
+import type { JsonObject } from '@withtyped/server';
+export declare const insertInto: <T extends JsonObject>(object: T, table: string) => import("@withtyped/postgres").PostgreSql;

package/build/utils/tenant.d.ts

@@ -0,0 +1 @@
+export declare const getTenantIdFromManagementApiIndicator: (indicator: string) => string | undefined;

package/build/utils/url.d.ts

@@ -0,0 +1,2 @@
+export declare const normalizePath: (pathLike: string) => string;
+export declare const matchPathname: (toMatch: string, pathname: string, ignorePathnames?: string[]) => string | false;

package/package.json

@@ -0,0 +1,80 @@
+{
+  "name": "@logto/cloud",
+  "version": "0.2.5-fadb481",
+  "description": "Logto Cloud service.",
+  "main": "build/index.js",
+  "author": "Silverhand Inc. <contact@silverhand.io>",
+  "license": "Elastic-2.0",
+  "type": "module",
+  "files": [
+    "build"
+  ],
+  "exports": {
+    "./routes": "./build/routes/index.js"
+  },
+  "imports": {
+    "#src/*": "./build/*"
+  },
+  "dependencies": {
+    "@logto/app-insights": "link:../../.logto/packages/app-insights",
+    "@logto/cli": "link:../../.logto/packages/cli",
+    "@logto/connector-kit": "link:../../.logto/packages/toolkit/connector-kit",
+    "@logto/core-kit": "link:../../.logto/packages/toolkit/core-kit",
+    "@logto/schemas": "link:../../.logto/packages/schemas",
+    "@logto/shared": "link:../../.logto/packages/shared",
+    "@silverhand/essentials": "^2.6.2",
+    "@withtyped/postgres": "^0.11.0",
+    "@withtyped/server": "^0.11.1",
+    "accepts": "^1.3.8",
+    "chalk": "^5.0.0",
+    "decamelize": "^6.0.0",
+    "dotenv": "^16.0.0",
+    "fetch-retry": "^5.0.4",
+    "find-up": "^6.3.0",
+    "got": "^13.0.0",
+    "helmet": "^7.0.0",
+    "http-proxy": "^1.18.1",
+    "jose": "^4.11.0",
+    "mime-types": "^2.1.35",
+    "zod": "^3.20.2"
+  },
+  "devDependencies": {
+    "@silverhand/eslint-config": "3.0.1",
+    "@silverhand/jest-config": "3.0.0",
+    "@silverhand/ts-config": "3.0.0",
+    "@types/accepts": "^1.3.5",
+    "@types/http-proxy": "^1.17.9",
+    "@types/jest": "^29.4.0",
+    "@types/mime-types": "^2.1.1",
+    "@types/node": "^18.11.18",
+    "eslint": "^8.21.0",
+    "jest": "^29.5.0",
+    "lint-staged": "^13.0.0",
+    "nodemon": "^2.0.19",
+    "prettier": "^2.8.1",
+    "typescript": "^5.0.0"
+  },
+  "engines": {
+    "node": "^18.12.0"
+  },
+  "eslintConfig": {
+    "extends": "@silverhand"
+  },
+  "prettier": "@silverhand/eslint-config/.prettierrc",
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "precommit": "lint-staged",
+    "build": "rm -rf build/ && tsc -p tsconfig.build.json",
+    "build:lib": "rm -rf build/ && tsc -p tsconfig.build.lib.json",
+    "build:test": "rm -rf build/ && tsc -p tsconfig.test.json --sourcemap",
+    "lint": "eslint --ext .ts src",
+    "lint:report": "pnpm lint --format json --output-file report.json",
+    "dev": "rm -rf build/ && nodemon",
+    "start": "NODE_ENV=production node .",
+    "test:only": "NODE_OPTIONS=\"--experimental-vm-modules --max_old_space_size=4096\" jest --logHeapUsage",
+    "test": "pnpm build:test && pnpm test:only",
+    "test:ci": "pnpm test:only --coverage --silent"
+  }
+}