npm - @logto/schemas - Versions diffs - 1.18.0 → 1.20.0 - Mend

@logto/schemas 1.18.0 → 1.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (257) hide show

package/alterations/1.19.0-1720253939-add-organization-branding.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table organizations add column branding jsonb not null default '{}'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table organizations drop column branding;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.19.0-1720345784-add-color-to-app-sie.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table application_sign_in_experiences add column color jsonb not null default '{}'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table application_sign_in_experiences drop column color;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.19.0-1720505152-update-custom-ui-assets.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences drop column custom_ui_asset_id;
+      alter table sign_in_experiences add column custom_ui_assets jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences add column custom_ui_asset_id varchar(21);
+      alter table sign_in_experiences drop column custom_ui_assets;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.19.0-1721483240-multiple-app-secrets.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      -- Remove existing constraint
+      alter table organization_application_relations drop constraint application_type;
+      -- Drop the function
+      drop function check_application_type;
+      -- Create a new function that accepts a variadic array of application types
+      create function check_application_type(
+        application_id varchar(21),
+        variadic target_type application_type[]
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = any(target_type);
+      end; $$ language plpgsql set search_path = public;
+      -- Add back the constraint
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+      -- Create the new table
+      create table application_secrets (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        /** The name of the secret. Should be unique within the application. */
+        name varchar(256) not null,
+        value varchar(64) not null,
+        expires_at timestamptz,
+        created_at timestamptz not null default now(),
+        primary key (tenant_id, application_id, name),
+        constraint application_type
+          check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'))
+      );
+    `);
+    await applyTableRls(pool, 'application_secrets');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'application_secrets');
+    await pool.query(sql`
+      -- Remove the table
+      drop table application_secrets;
+      -- Remove the constraint
+      alter table organization_application_relations drop constraint application_type;
+      -- Drop the function
+      drop function check_application_type;
+      -- Restore the original function
+      create function check_application_type(
+        application_id varchar(21),
+        target_type application_type
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = target_type;
+      end; $$ language plpgsql set search_path = public;
+      -- Add back the constraint
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+    `);
+  },
+};
+export default alteration;

package/alterations/1.19.0-1721645392-add-application-custom-data-column.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table applications add column custom_data jsonb not null default '{}'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table applications drop column custom_data;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.19.0-1722926389-argon2d-argon2id.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter type users_password_encryption_method add value 'Argon2id';
+      alter type users_password_encryption_method add value 'Argon2d';
+    `);
+  },
+  down: async (pool) => {
+    const { rows } = await pool.query(sql`
+      select id from users
+      where password_encryption_method = ${'Argon2id'}
+      or password_encryption_method = ${'Argon2d'}
+    `);
+    if (rows.length > 0) {
+      throw new Error('There are users with password encryption methods Argon2id or Argon2d.');
+    }
+    await pool.query(sql`
+      create type users_password_encryption_method_revised as enum ('Argon2i', 'SHA1', 'SHA256', 'MD5', 'Bcrypt');
+      alter table users
+      alter column password_encryption_method type users_password_encryption_method_revised
+      using password_encryption_method::text::users_password_encryption_method_revised;
+      drop type users_password_encryption_method;
+      alter type users_password_encryption_method_revised rename to users_password_encryption_method;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.20.0-1723448981-personal-access-tokens.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table personal_access_tokens (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        user_id varchar(21) not null
+          references users (id) on update cascade on delete cascade,
+        /** The name of the secret. Should be unique within the user. */
+        name varchar(256) not null,
+        value varchar(64) not null,
+        created_at timestamptz not null default now(),
+        expires_at timestamptz,
+        primary key (tenant_id, user_id, name)
+      );
+      create index personal_access_token__value on personal_access_tokens (tenant_id, value);
+    `);
+    await applyTableRls(pool, 'personal_access_tokens');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'personal_access_tokens');
+    await pool.query(sql`
+      drop table personal_access_tokens;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.20.0-1724229102-add-report-sub-updates-cloud-scope.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { generateStandardId } from './utils/1716643968-id-generation.js';
+type Resource = {
+  tenantId: string;
+  id: string;
+  name: string;
+  indicator: string;
+  isDefault: boolean;
+};
+type Scope = {
+  tenantId: string;
+  id: string;
+  resourceId: string;
+  name: string;
+  description: string;
+};
+type Role = {
+  tenantId: string;
+  id: string;
+  name: string;
+  description: string;
+};
+const cloudApiIndicator = 'https://cloud.logto.io/api';
+const cloudConnectionAppRoleName = 'tenantApplication';
+const adminTenantId = 'admin';
+const reportSubscriptionUpdatesScopeName = 'report:subscription:updates';
+const reportSubscriptionUpdatesScopeDescription =
+  'Allow reporting changes on Stripe subscription to Logto Cloud.';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Get the Cloud API resource
+    const cloudApiResource = await pool.maybeOne<Resource>(sql`
+      select * from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = ${cloudApiIndicator}
+    `);
+    if (!cloudApiResource) {
+      return;
+    }
+    // Get cloud connection application role
+    const tenantApplicationRole = await pool.one<Role>(sql`
+      select * from roles
+      where tenant_id = ${adminTenantId}
+      and name = ${cloudConnectionAppRoleName} and type = 'MachineToMachine'
+    `);
+    // Create the `report:subscription:updates` scope
+    const reportSubscriptionUpdatesCloudScope = await pool.one<Scope>(sql`
+      insert into scopes (id, tenant_id, resource_id, name, description)
+      values (${generateStandardId()}, ${adminTenantId}, ${
+        cloudApiResource.id
+      }, ${reportSubscriptionUpdatesScopeName}, ${reportSubscriptionUpdatesScopeDescription})
+      on conflict (tenant_id, name, resource_id) do nothing
+      returning *;
+    `);
+    // Assign the `report:subscription:updates` scope to cloud connection application role
+    await pool.query(sql`
+      insert into roles_scopes (id, tenant_id, role_id, scope_id)
+      values (${generateStandardId()}, ${adminTenantId}, ${tenantApplicationRole.id}, ${
+        reportSubscriptionUpdatesCloudScope.id
+      }) on conflict (tenant_id, role_id, scope_id) do nothing;
+    `);
+  },
+  down: async (pool) => {
+    // Get the Cloud API resource
+    const cloudApiResource = await pool.maybeOne<Resource>(sql`
+      select * from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = ${cloudApiIndicator}
+    `);
+    if (!cloudApiResource) {
+      return;
+    }
+    // Remove the `report:subscription:updates` scope
+    await pool.query(sql`
+      delete from scopes
+      where
+        tenant_id = ${adminTenantId} and
+        name = ${reportSubscriptionUpdatesScopeName} and
+        description = ${reportSubscriptionUpdatesScopeDescription} and
+        resource_id = ${cloudApiResource.id}
+    `);
+  },
+};
+export default alteration;

package/alterations/1.20.0-1724316971-add-verified-identifier-to-verification-statuses.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table verification_statuses add column verified_identifier varchar(255);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table verification_statuses drop column verified_identifier;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.20.0-1725971571-add-verification-record.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table verification_records (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        user_id varchar(21)
+          references users (id) on update cascade on delete cascade,
+        created_at timestamptz not null default(now()),
+        expires_at timestamptz not null,
+        data jsonb /* @use VerificationRecordData */ not null default '{}'::jsonb,
+        primary key (id)
+      );
+      create index verification_records__id
+        on verification_records (tenant_id, id);
+    `);
+    await applyTableRls(pool, 'verification_records');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'verification_records');
+    await pool.query(sql`
+      drop table verification_records;
+    `);
+  },
+};
+export default alteration;

package/alterations-js/1.19.0-1720253939-add-organization-branding.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table organizations add column branding jsonb not null default '{}'::jsonb;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table organizations drop column branding;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.19.0-1720345784-add-color-to-app-sie.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table application_sign_in_experiences add column color jsonb not null default '{}'::jsonb;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table application_sign_in_experiences drop column color;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.19.0-1720505152-update-custom-ui-assets.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences drop column custom_ui_asset_id;
+      alter table sign_in_experiences add column custom_ui_assets jsonb;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences add column custom_ui_asset_id varchar(21);
+      alter table sign_in_experiences drop column custom_ui_assets;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.19.0-1721483240-multiple-app-secrets.js ADDED Viewed

@@ -0,0 +1,72 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      -- Remove existing constraint
+      alter table organization_application_relations drop constraint application_type;
+      -- Drop the function
+      drop function check_application_type;
+      -- Create a new function that accepts a variadic array of application types
+      create function check_application_type(
+        application_id varchar(21),
+        variadic target_type application_type[]
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = any(target_type);
+      end; $$ language plpgsql set search_path = public;
+      -- Add back the constraint
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+      -- Create the new table
+      create table application_secrets (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        /** The name of the secret. Should be unique within the application. */
+        name varchar(256) not null,
+        value varchar(64) not null,
+        expires_at timestamptz,
+        created_at timestamptz not null default now(),
+        primary key (tenant_id, application_id, name),
+        constraint application_type
+          check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'))
+      );
+    `);
+        await applyTableRls(pool, 'application_secrets');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'application_secrets');
+        await pool.query(sql `
+      -- Remove the table
+      drop table application_secrets;
+      -- Remove the constraint
+      alter table organization_application_relations drop constraint application_type;
+      -- Drop the function
+      drop function check_application_type;
+      -- Restore the original function
+      create function check_application_type(
+        application_id varchar(21),
+        target_type application_type
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = target_type;
+      end; $$ language plpgsql set search_path = public;
+      -- Add back the constraint
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.19.0-1721645392-add-application-custom-data-column.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table applications add column custom_data jsonb not null default '{}'::jsonb;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table applications drop column custom_data;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.19.0-1722926389-argon2d-argon2id.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter type users_password_encryption_method add value 'Argon2id';
+      alter type users_password_encryption_method add value 'Argon2d';
+    `);
+    },
+    down: async (pool) => {
+        const { rows } = await pool.query(sql `
+      select id from users
+      where password_encryption_method = ${'Argon2id'}
+      or password_encryption_method = ${'Argon2d'}
+    `);
+        if (rows.length > 0) {
+            throw new Error('There are users with password encryption methods Argon2id or Argon2d.');
+        }
+        await pool.query(sql `
+      create type users_password_encryption_method_revised as enum ('Argon2i', 'SHA1', 'SHA256', 'MD5', 'Bcrypt');
+      alter table users
+      alter column password_encryption_method type users_password_encryption_method_revised
+      using password_encryption_method::text::users_password_encryption_method_revised;
+      drop type users_password_encryption_method;
+      alter type users_password_encryption_method_revised rename to users_password_encryption_method;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.20.0-1723448981-personal-access-tokens.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table personal_access_tokens (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        user_id varchar(21) not null
+          references users (id) on update cascade on delete cascade,
+        /** The name of the secret. Should be unique within the user. */
+        name varchar(256) not null,
+        value varchar(64) not null,
+        created_at timestamptz not null default now(),
+        expires_at timestamptz,
+        primary key (tenant_id, user_id, name)
+      );
+      create index personal_access_token__value on personal_access_tokens (tenant_id, value);
+    `);
+        await applyTableRls(pool, 'personal_access_tokens');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'personal_access_tokens');
+        await pool.query(sql `
+      drop table personal_access_tokens;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.20.0-1724229102-add-report-sub-updates-cloud-scope.js ADDED Viewed

@@ -0,0 +1,59 @@
+import { sql } from '@silverhand/slonik';
+import { generateStandardId } from './utils/1716643968-id-generation.js';
+const cloudApiIndicator = 'https://cloud.logto.io/api';
+const cloudConnectionAppRoleName = 'tenantApplication';
+const adminTenantId = 'admin';
+const reportSubscriptionUpdatesScopeName = 'report:subscription:updates';
+const reportSubscriptionUpdatesScopeDescription = 'Allow reporting changes on Stripe subscription to Logto Cloud.';
+const alteration = {
+    up: async (pool) => {
+        // Get the Cloud API resource
+        const cloudApiResource = await pool.maybeOne(sql `
+      select * from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = ${cloudApiIndicator}
+    `);
+        if (!cloudApiResource) {
+            return;
+        }
+        // Get cloud connection application role
+        const tenantApplicationRole = await pool.one(sql `
+      select * from roles
+      where tenant_id = ${adminTenantId}
+      and name = ${cloudConnectionAppRoleName} and type = 'MachineToMachine'
+    `);
+        // Create the `report:subscription:updates` scope
+        const reportSubscriptionUpdatesCloudScope = await pool.one(sql `
+      insert into scopes (id, tenant_id, resource_id, name, description)
+      values (${generateStandardId()}, ${adminTenantId}, ${cloudApiResource.id}, ${reportSubscriptionUpdatesScopeName}, ${reportSubscriptionUpdatesScopeDescription})
+      on conflict (tenant_id, name, resource_id) do nothing
+      returning *;
+    `);
+        // Assign the `report:subscription:updates` scope to cloud connection application role
+        await pool.query(sql `
+      insert into roles_scopes (id, tenant_id, role_id, scope_id)
+      values (${generateStandardId()}, ${adminTenantId}, ${tenantApplicationRole.id}, ${reportSubscriptionUpdatesCloudScope.id}) on conflict (tenant_id, role_id, scope_id) do nothing;
+    `);
+    },
+    down: async (pool) => {
+        // Get the Cloud API resource
+        const cloudApiResource = await pool.maybeOne(sql `
+      select * from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = ${cloudApiIndicator}
+    `);
+        if (!cloudApiResource) {
+            return;
+        }
+        // Remove the `report:subscription:updates` scope
+        await pool.query(sql `
+      delete from scopes
+      where
+        tenant_id = ${adminTenantId} and
+        name = ${reportSubscriptionUpdatesScopeName} and
+        description = ${reportSubscriptionUpdatesScopeDescription} and
+        resource_id = ${cloudApiResource.id}
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.20.0-1724316971-add-verified-identifier-to-verification-statuses.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table verification_statuses add column verified_identifier varchar(255);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table verification_statuses drop column verified_identifier;
+    `);
+    },
+};
+export default alteration;