@logto/schemas 1.12.0 → 1.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (136) hide show
  1. package/alterations/1.13.0-1702274830-add-new-third-party-column-to-applications-table.ts +20 -0
  2. package/alterations/1.13.0-1702372401-add-application-permissions-tables.ts +93 -0
  3. package/alterations/1.13.0-1702544178-sync-tenant-orgs.ts +296 -0
  4. package/alterations/1.13.0-1702871078-protected-application-type.ts +24 -0
  5. package/alterations/1.13.0-1702877515-protected-app-configs.ts +18 -0
  6. package/alterations/1.13.0-1702978120-application-sign-in-experience-table.ts +61 -0
  7. package/alterations/1.13.0-1703229996-daily-token-usage.ts +62 -0
  8. package/alterations/1.13.0-1703230000-update-tenant-roles.ts +94 -0
  9. package/alterations/1.13.0-1704692973-remove-legacy-resources.ts +147 -0
  10. package/alterations/1.13.0-1704934999-add-magic-links-table.ts +37 -0
  11. package/alterations/1.13.0-1704935001-add-organization-invitation-tables.ts +78 -0
  12. package/alterations/1.13.0-1705288654-add-application-user-consent-organizations-table.ts +62 -0
  13. package/alterations/1.13.0-1705991158-update-invitation-indices.ts +32 -0
  14. package/alterations/1.13.0-1706449174-update-organization-invitation-column.ts +24 -0
  15. package/alterations/1.13.0-1706510290-protected-app-host-index.ts +21 -0
  16. package/alterations/1.13.0-1706512952-restore-get-started-page.ts +17 -0
  17. package/alterations/1.13.0-1706528755-remove-magic-links.ts +46 -0
  18. package/alterations/1.13.0-1706585206-protected-app-custom-domain-unique.ts +21 -0
  19. package/alterations/1.13.1-1707360939-grant-is-suspended-read-permission.ts +39 -0
  20. package/alterations/utils/1704934999-tables.ts +49 -0
  21. package/alterations/utils/README.md +9 -0
  22. package/alterations-js/1.13.0-1702274830-add-new-third-party-column-to-applications-table.d.ts +3 -0
  23. package/alterations-js/1.13.0-1702274830-add-new-third-party-column-to-applications-table.js +16 -0
  24. package/alterations-js/1.13.0-1702372401-add-application-permissions-tables.d.ts +3 -0
  25. package/alterations-js/1.13.0-1702372401-add-application-permissions-tables.js +79 -0
  26. package/alterations-js/1.13.0-1702544178-sync-tenant-orgs.d.ts +18 -0
  27. package/alterations-js/1.13.0-1702544178-sync-tenant-orgs.js +225 -0
  28. package/alterations-js/1.13.0-1702871078-protected-application-type.d.ts +3 -0
  29. package/alterations-js/1.13.0-1702871078-protected-application-type.js +20 -0
  30. package/alterations-js/1.13.0-1702877515-protected-app-configs.d.ts +3 -0
  31. package/alterations-js/1.13.0-1702877515-protected-app-configs.js +14 -0
  32. package/alterations-js/1.13.0-1702978120-application-sign-in-experience-table.d.ts +3 -0
  33. package/alterations-js/1.13.0-1702978120-application-sign-in-experience-table.js +51 -0
  34. package/alterations-js/1.13.0-1703229996-daily-token-usage.d.ts +3 -0
  35. package/alterations-js/1.13.0-1703229996-daily-token-usage.js +51 -0
  36. package/alterations-js/1.13.0-1703230000-update-tenant-roles.d.ts +11 -0
  37. package/alterations-js/1.13.0-1703230000-update-tenant-roles.js +87 -0
  38. package/alterations-js/1.13.0-1704692973-remove-legacy-resources.d.ts +3 -0
  39. package/alterations-js/1.13.0-1704692973-remove-legacy-resources.js +124 -0
  40. package/alterations-js/1.13.0-1704934999-add-magic-links-table.d.ts +3 -0
  41. package/alterations-js/1.13.0-1704934999-add-magic-links-table.js +32 -0
  42. package/alterations-js/1.13.0-1704935001-add-organization-invitation-tables.d.ts +3 -0
  43. package/alterations-js/1.13.0-1704935001-add-organization-invitation-tables.js +72 -0
  44. package/alterations-js/1.13.0-1705288654-add-application-user-consent-organizations-table.d.ts +3 -0
  45. package/alterations-js/1.13.0-1705288654-add-application-user-consent-organizations-table.js +52 -0
  46. package/alterations-js/1.13.0-1705991158-update-invitation-indices.d.ts +7 -0
  47. package/alterations-js/1.13.0-1705991158-update-invitation-indices.js +27 -0
  48. package/alterations-js/1.13.0-1706449174-update-organization-invitation-column.d.ts +3 -0
  49. package/alterations-js/1.13.0-1706449174-update-organization-invitation-column.js +20 -0
  50. package/alterations-js/1.13.0-1706510290-protected-app-host-index.d.ts +3 -0
  51. package/alterations-js/1.13.0-1706510290-protected-app-host-index.js +17 -0
  52. package/alterations-js/1.13.0-1706512952-restore-get-started-page.d.ts +3 -0
  53. package/alterations-js/1.13.0-1706512952-restore-get-started-page.js +13 -0
  54. package/alterations-js/1.13.0-1706528755-remove-magic-links.d.ts +3 -0
  55. package/alterations-js/1.13.0-1706528755-remove-magic-links.js +41 -0
  56. package/alterations-js/1.13.0-1706585206-protected-app-custom-domain-unique.d.ts +3 -0
  57. package/alterations-js/1.13.0-1706585206-protected-app-custom-domain-unique.js +17 -0
  58. package/alterations-js/1.13.1-1707360939-grant-is-suspended-read-permission.d.ts +6 -0
  59. package/alterations-js/1.13.1-1707360939-grant-is-suspended-read-permission.js +31 -0
  60. package/alterations-js/utils/1704934999-tables.d.ts +11 -0
  61. package/alterations-js/utils/1704934999-tables.js +43 -0
  62. package/lib/db-entries/application-sign-in-experience.d.ts +26 -0
  63. package/lib/db-entries/application-sign-in-experience.js +42 -0
  64. package/lib/db-entries/application-user-consent-organization-scope.d.ts +24 -0
  65. package/lib/db-entries/application-user-consent-organization-scope.js +29 -0
  66. package/lib/db-entries/application-user-consent-organization.d.ts +22 -0
  67. package/lib/db-entries/application-user-consent-organization.js +33 -0
  68. package/lib/db-entries/application-user-consent-resource-scope.d.ts +24 -0
  69. package/lib/db-entries/application-user-consent-resource-scope.js +29 -0
  70. package/lib/db-entries/application-user-consent-user-scope.d.ts +24 -0
  71. package/lib/db-entries/application-user-consent-user-scope.js +29 -0
  72. package/lib/db-entries/application.d.ts +6 -2
  73. package/lib/db-entries/application.js +9 -1
  74. package/lib/db-entries/custom-types.d.ts +8 -1
  75. package/lib/db-entries/custom-types.js +8 -0
  76. package/lib/db-entries/daily-token-usage.d.ts +20 -0
  77. package/lib/db-entries/daily-token-usage.js +33 -0
  78. package/lib/db-entries/index.d.ts +8 -0
  79. package/lib/db-entries/index.js +8 -0
  80. package/lib/db-entries/organization-invitation-role-relation.d.ts +24 -0
  81. package/lib/db-entries/organization-invitation-role-relation.js +29 -0
  82. package/lib/db-entries/organization-invitation.d.ts +53 -0
  83. package/lib/db-entries/organization-invitation.js +58 -0
  84. package/lib/foundations/jsonb-types/applications.d.ts +380 -0
  85. package/lib/foundations/jsonb-types/applications.js +29 -0
  86. package/lib/foundations/jsonb-types/custom-domain.d.ts +37 -89
  87. package/lib/foundations/jsonb-types/custom-domain.js +4 -9
  88. package/lib/foundations/jsonb-types/index.d.ts +1 -0
  89. package/lib/foundations/jsonb-types/index.js +1 -0
  90. package/lib/foundations/jsonb-types/users.d.ts +1 -2
  91. package/lib/foundations/jsonb-types/users.js +1 -1
  92. package/lib/models/tenants.d.ts +1 -1
  93. package/lib/seeds/application.d.ts +1 -1
  94. package/lib/seeds/application.js +3 -1
  95. package/lib/seeds/cloud-api.d.ts +3 -3
  96. package/lib/seeds/cloud-api.js +2 -3
  97. package/lib/seeds/management-api.d.ts +77 -6
  98. package/lib/seeds/management-api.js +14 -10
  99. package/lib/types/application.d.ts +576 -1
  100. package/lib/types/application.js +42 -1
  101. package/lib/types/connector.js +1 -1
  102. package/lib/types/consent.d.ts +568 -0
  103. package/lib/types/consent.js +47 -0
  104. package/lib/types/domain.d.ts +21 -65
  105. package/lib/types/index.d.ts +3 -0
  106. package/lib/types/index.js +3 -0
  107. package/lib/types/interactions.d.ts +6 -6
  108. package/lib/types/logto-config.d.ts +32 -6
  109. package/lib/types/logto-config.js +12 -2
  110. package/lib/types/mapi-proxy.d.ts +30 -0
  111. package/lib/types/mapi-proxy.js +49 -0
  112. package/lib/types/organization.d.ts +10 -1
  113. package/lib/types/organization.js +4 -1
  114. package/lib/types/sso-connector.d.ts +9 -9
  115. package/lib/types/sso-connector.js +1 -1
  116. package/lib/types/system.d.ts +28 -1
  117. package/lib/types/system.js +17 -0
  118. package/lib/types/tenant-organization.d.ts +107 -0
  119. package/lib/types/tenant-organization.js +145 -0
  120. package/lib/types/tenant.d.ts +0 -1
  121. package/lib/types/tenant.js +2 -4
  122. package/lib/types/user-assets.d.ts +5 -5
  123. package/lib/types/user-assets.js +1 -0
  124. package/lib/types/user.d.ts +14 -15
  125. package/lib/types/user.js +0 -1
  126. package/package.json +14 -14
  127. package/tables/_after_all.sql +1 -1
  128. package/tables/application_sign_in_experiences.sql +15 -0
  129. package/tables/application_user_consent_organization_scopes.sql +14 -0
  130. package/tables/application_user_consent_organizations.sql +16 -0
  131. package/tables/application_user_consent_resource_scopes.sql +14 -0
  132. package/tables/application_user_consent_user_scopes.sql +13 -0
  133. package/tables/applications.sql +16 -1
  134. package/tables/daily_token_usage.sql +11 -0
  135. package/tables/organization_invitation_role_relations.sql +14 -0
  136. package/tables/organization_invitations.sql +36 -0
package/lib/seeds/cloud-api.js CHANGED
@@ -8,8 +8,6 @@ export var CloudScope;
8
8
  (function (CloudScope) {
9
9
  /** The user can create a user tenant. */
10
10
  CloudScope["CreateTenant"] = "create:tenant";
11
- /** The user can perform arbitrary operations on any tenant. */
12
- CloudScope["ManageTenant"] = "manage:tenant";
13
11
  /** The user can update or delete its own tenants. */
14
12
  CloudScope["ManageTenantSelf"] = "manage:tenant:self";
15
13
  CloudScope["SendSms"] = "send:sms";
@@ -18,6 +16,8 @@ export var CloudScope;
18
16
  CloudScope["ManageAffiliate"] = "manage:affiliate";
19
17
  /** The user can create new affiliates and logs. */
20
18
  CloudScope["CreateAffiliate"] = "create:affiliate";
19
+ /** The user can cleanup outdated logs. */
20
+ CloudScope["CleanupOutdatedLogs"] = "cleanup:outdated-logs";
21
21
  })(CloudScope || (CloudScope = {}));
22
22
  export const createCloudApi = () => {
23
23
  const resourceId = generateStandardId();
@@ -45,7 +45,6 @@ export const createCloudApi = () => {
45
45
  name: AdminTenantRole.User,
46
46
  },
47
47
  },
48
- buildScope(CloudScope.ManageTenant, 'Allow managing existing tenants, including create without limitation, update, and delete.'),
49
48
  buildScope(CloudScope.SendEmail, 'Allow sending emails. This scope is only available to M2M application.'),
50
49
  buildScope(CloudScope.SendSms, 'Allow sending SMS. This scope is only available to M2M application.'),
51
50
  buildScope(CloudScope.CreateAffiliate, 'Allow creating new affiliates and logs.'),
package/lib/seeds/management-api.d.ts CHANGED
@@ -1,5 +1,9 @@
1
1
  import { RoleType, type CreateResource, type CreateRole, type CreateScope } from '../db-entries/index.js';
2
- import { PredefinedScope, InternalRole } from '../types/index.js';
2
+ import { PredefinedScope, InternalRole, AdminTenantRole } from '../types/index.js';
3
+ /**
4
+ * The Management API data for a tenant. Usually used for creating a new tenant in the admin
5
+ * tenant.
6
+ */
3
7
  export type AdminData = {
4
8
  resource: CreateResource;
5
9
  scopes: CreateScope[];
@@ -32,6 +36,10 @@ export declare const defaultManagementApi: Readonly<{
32
36
  /** @deprecated You should not rely on this constant. Change to something else. */
33
37
  resourceId: string;
34
38
  }[];
39
+ /**
40
+ * An internal user role for Management API of the `default` tenant.
41
+ * @deprecated This role will be removed soon.
42
+ */
35
43
  role: {
36
44
  tenantId: string;
37
45
  /** @deprecated You should not rely on this constant. Change to something else. */
@@ -43,9 +51,72 @@ export declare const defaultManagementApi: Readonly<{
43
51
  }>;
44
52
  export declare function getManagementApiResourceIndicator<TenantId extends string>(tenantId: TenantId): `https://${TenantId}.logto.app/api`;
45
53
  export declare function getManagementApiResourceIndicator<TenantId extends string, Path extends string>(tenantId: TenantId, path: Path): `https://${TenantId}.logto.app/${Path}`;
46
- export declare const getManagementApiAdminName: <TenantId extends string>(tenantId: TenantId) => `${TenantId}:admin`;
54
+ /**
55
+ * The fixed Management API user role for `default` tenant in the admin tenant. It is used for
56
+ * OSS only.
57
+ */
58
+ export declare const defaultManagementApiAdminName: "default:admin";
47
59
  /** Create a set of admin data for Management API of the given tenant ID. */
48
- export declare const createAdminData: (tenantId: string) => AdminData;
49
- /** Create a set of admin data for Management API of the given tenant ID for `admin` tenant. */
50
- export declare const createAdminDataInAdminTenant: (tenantId: string) => AdminData;
51
- export declare const createMeApiInAdminTenant: () => AdminData;
60
+ export declare const createAdminData: (tenantId: string) => Readonly<{
61
+ resource: {
62
+ tenantId: string;
63
+ id: string;
64
+ indicator: `https://${string}.logto.app/api`;
65
+ name: string;
66
+ };
67
+ scopes: {
68
+ tenantId: string;
69
+ id: string;
70
+ name: PredefinedScope;
71
+ description: string;
72
+ resourceId: string;
73
+ }[];
74
+ /** @deprecated This role will be removed soon. */
75
+ role: {
76
+ tenantId: string;
77
+ id: string;
78
+ name: InternalRole;
79
+ description: string;
80
+ type: RoleType.MachineToMachine;
81
+ };
82
+ }>;
83
+ /** Create a set of admin data for Management API of the given tenant ID for the admin tenant. */
84
+ export declare const createAdminDataInAdminTenant: (tenantId: string) => Readonly<{
85
+ resource: {
86
+ tenantId: string;
87
+ id: string;
88
+ indicator: `https://${string}.logto.app/api`;
89
+ name: string;
90
+ };
91
+ scopes: {
92
+ tenantId: string;
93
+ id: string;
94
+ name: PredefinedScope;
95
+ description: string;
96
+ resourceId: string;
97
+ }[];
98
+ /** The machine-to-machine role for the Management API proxy of the given tenant ID. */
99
+ role: Readonly<import("../db-entries/role.js").Role>;
100
+ }>;
101
+ export declare const createMeApiInAdminTenant: () => Readonly<{
102
+ resource: {
103
+ tenantId: string;
104
+ id: string;
105
+ indicator: "https://admin.logto.app/me";
106
+ name: string;
107
+ };
108
+ scopes: {
109
+ tenantId: string;
110
+ id: string;
111
+ name: PredefinedScope;
112
+ description: string;
113
+ resourceId: string;
114
+ }[];
115
+ role: {
116
+ tenantId: string;
117
+ id: string;
118
+ name: AdminTenantRole;
119
+ description: string;
120
+ type: RoleType.User;
121
+ };
122
+ }>;
package/lib/seeds/management-api.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { generateStandardId } from '@logto/shared/universal';
2
2
  import { RoleType, } from '../db-entries/index.js';
3
- import { PredefinedScope, InternalRole, AdminTenantRole } from '../types/index.js';
3
+ import { PredefinedScope, InternalRole, AdminTenantRole, getMapiProxyRole, } from '../types/index.js';
4
4
  import { adminTenantId, defaultTenantId } from './tenant.js';
5
5
  // Consider remove the dependency of IDs
6
6
  const defaultResourceId = 'management-api';
@@ -31,6 +31,10 @@ export const defaultManagementApi = Object.freeze({
31
31
  resourceId: defaultResourceId,
32
32
  },
33
33
  ],
34
+ /**
35
+ * An internal user role for Management API of the `default` tenant.
36
+ * @deprecated This role will be removed soon.
37
+ */
34
38
  role: {
35
39
  tenantId: defaultTenantId,
36
40
  /** @deprecated You should not rely on this constant. Change to something else. */
@@ -43,7 +47,11 @@ export const defaultManagementApi = Object.freeze({
43
47
  export function getManagementApiResourceIndicator(tenantId, path = 'api') {
44
48
  return `https://${tenantId}.logto.app/${path}`;
45
49
  }
46
- export const getManagementApiAdminName = (tenantId) => `${tenantId}:${AdminTenantRole.Admin}`;
50
+ /**
51
+ * The fixed Management API user role for `default` tenant in the admin tenant. It is used for
52
+ * OSS only.
53
+ */
54
+ export const defaultManagementApiAdminName = `${defaultTenantId}:admin`;
47
55
  /** Create a set of admin data for Management API of the given tenant ID. */
48
56
  export const createAdminData = (tenantId) => {
49
57
  const resourceId = generateStandardId();
@@ -63,6 +71,7 @@ export const createAdminData = (tenantId) => {
63
71
  resourceId,
64
72
  },
65
73
  ],
74
+ /** @deprecated This role will be removed soon. */
66
75
  role: {
67
76
  tenantId,
68
77
  id: generateStandardId(),
@@ -72,7 +81,7 @@ export const createAdminData = (tenantId) => {
72
81
  },
73
82
  });
74
83
  };
75
- /** Create a set of admin data for Management API of the given tenant ID for `admin` tenant. */
84
+ /** Create a set of admin data for Management API of the given tenant ID for the admin tenant. */
76
85
  export const createAdminDataInAdminTenant = (tenantId) => {
77
86
  const resourceId = generateStandardId();
78
87
  return Object.freeze({
@@ -91,13 +100,8 @@ export const createAdminDataInAdminTenant = (tenantId) => {
91
100
  resourceId,
92
101
  },
93
102
  ],
94
- role: {
95
- tenantId: adminTenantId,
96
- id: generateStandardId(),
97
- name: getManagementApiAdminName(tenantId),
98
- description: `Admin tenant admin role for Logto tenant ${tenantId}.`,
99
- type: RoleType.User,
100
- },
103
+ /** The machine-to-machine role for the Management API proxy of the given tenant ID. */
104
+ role: getMapiProxyRole(tenantId),
101
105
  });
102
106
  };
103
107
  export const createMeApiInAdminTenant = () => {