@logto/schemas 1.2.3 → 1.5.0

package/alterations/1.3.0-1683292832-update-hooks.ts

@@ -0,0 +1,105 @@
+import { generateStandardId } from '@logto/shared';
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+enum HookEvent {
+  PostRegister = 'PostRegister',
+  PostSignIn = 'PostSignIn',
+  PostResetPassword = 'PostResetPassword',
+}
+
+type HookConfig = {
+  url: string;
+  headers?: Record<string, string>;
+  retries?: number;
+};
+
+type Hook = {
+  tenantId: string;
+  id: string;
+  name: string;
+  event: HookEvent | null;
+  events: HookEvent[];
+  config: HookConfig;
+  signingKey: string;
+  enabled: boolean;
+  createdAt: number;
+};
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table hooks
+        add column name varchar(256) not null default '',
+        add column events jsonb not null default '[]'::jsonb,
+        add column signing_key varchar(64) not null default '',
+        add column enabled boolean not null default true,
+        alter column event drop not null;
+      drop index hooks__event;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      delete from hooks where enabled = false;
+    `);
+
+    const { rows: hooks } = await pool.query<Hook>(sql`
+      select * from hooks;
+    `);
+
+    /* eslint-disable no-await-in-loop */
+    for (const { id, tenantId, events, config } of hooks) {
+      const { retries, ...rest } = config;
+
+      const updatedConfig = {
+        ...rest,
+        retries: retries ?? 3,
+      };
+
+      if (events.length === 0) {
+        await pool.query(sql`
+          update hooks
+          set config = ${JSON.stringify(updatedConfig)}
+          where id = ${id} and tenant_id = ${tenantId};
+        `);
+
+        continue;
+      }
+
+      for (const [index, event] of events.entries()) {
+        if (index === 0) {
+          await pool.query(sql`
+            update hooks
+            set event = ${event},
+            config = ${JSON.stringify(updatedConfig)}
+            where id = ${id} and tenant_id = ${tenantId};
+          `);
+
+          continue;
+        }
+
+        // Create new hook when there are multiple events
+        const hookId = generateStandardId();
+
+        await pool.query(sql`
+          insert into hooks (id, tenant_id,  event, config)
+          values (${hookId}, ${tenantId}, ${event}, ${JSON.stringify(updatedConfig)});
+        `);
+      }
+    }
+    /* eslint-enable no-await-in-loop */
+
+    await pool.query(sql`
+      alter table hooks
+        alter column event set not null,
+        drop column name,
+        drop column events,
+        drop column signing_key,
+        drop column enabled;
+      create index hooks__event on hooks (tenant_id, event);
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.5.0-1684382842-add-name-tag-created-at-for-tenants-table.ts

@@ -0,0 +1,22 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Add new tenant columns for name, tag, and created_at.
+    await pool.query(sql`
+      alter table tenants add column name varchar(128) not null default 'My Project';
+      alter table tenants add column tag varchar(64) not null default 'development';
+      alter table tenants add column created_at timestamptz not null default(now());
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table tenants drop column name;
+      alter table tenants drop column tag;
+      alter table tenants drop column created_at;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.5.0-1684739802-create-hook-id-index-for-logs.ts

@@ -0,0 +1,18 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index logs__hook_id on logs (tenant_id, (payload->>'hookId'));
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index logs__hook_id;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.5.0-1684822341-init-domains.ts

@@ -0,0 +1,66 @@
+import type { CommonQueryMethods } from 'slonik';
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const getId = (value: string) => sql.identifier([value]);
+
+const getDatabaseName = async (pool: CommonQueryMethods) => {
+  const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
+    select current_database();
+  `);
+
+  return currentDatabase.replaceAll('-', '_');
+};
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const database = await getDatabaseName(pool);
+    const baseRoleId = getId(`logto_tenant_${database}`);
+
+    await pool.query(sql`
+      create table domains (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        domain varchar(256) not null,
+        status varchar(32) not null default('PendingVerification'),
+        error_message varchar(1024),
+        dns_records jsonb /* @use DomainDnsRecords */ not null default '[]'::jsonb,
+        cloudflare_data jsonb /* @use CloudflareData */,
+        updated_at timestamptz not null default(now()),
+        created_at timestamptz not null default(now()),
+        primary key (id),
+        constraint domains__domain
+          unique (domain)
+      );
+
+      create index domains__id on domains (tenant_id, id);
+
+      create trigger set_tenant_id before insert on domains
+        for each row execute procedure set_tenant_id();
+
+      alter table domains enable row level security;
+
+      create policy domains_tenant_id on domains
+        as restrictive
+        using (tenant_id = (select id from tenants where db_user = current_user));
+      create policy domains_modification on domains
+        using (true);
+
+      grant select, insert, update, delete on domains to ${baseRoleId};
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop policy domains_tenant_id on domains;
+      drop policy domains_modification on domains;
+
+      alter table domains disable row level security;
+
+      drop table domains;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.5.0-1684837981-add-manage-tenant-self-scope-to-user-role.ts

@@ -0,0 +1,56 @@
+import { generateStandardId } from '@logto/shared/universal';
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const adminTenantId = 'admin';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Get `resourceId` of the admin tenant's resource whose indicator is `https://cloud.logto.io/api`.
+    const { id: resourceId } = await pool.one<{ id: string }>(sql`
+      select id from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = 'https://cloud.logto.io/api'
+    `);
+
+    // Get `roleId` of the admin tenant's role whose name is `user`.
+    const { id: roleId } = await pool.one<{ id: string }>(sql`
+      select id from roles
+      where tenant_id = ${adminTenantId}
+      and name = 'user';
+    `);
+
+    // Insert `manage:tenant:self` scope.
+    const scopeId = generateStandardId();
+    await pool.query(sql`
+      insert into scopes (tenant_id, id, name, description, resource_id)
+        values (
+          ${adminTenantId},
+          ${scopeId},
+          'manage:tenant:self',
+          'Allow managing tenant itself, including update and delete.',
+          ${resourceId}
+        );
+    `);
+    // Assign `manage:tenant:self` scope to `user` role.
+    await pool.query(sql`
+      insert into roles_scopes (tenant_id, id, role_id, scope_id)
+        values (
+          ${adminTenantId},
+          ${generateStandardId()},
+          ${roleId},
+          ${scopeId}
+      );
+    `);
+  },
+  down: async (pool) => {
+    // Delete `manage:tenant:self` scope.
+    // No need to delete `roles_scopes` because it will be cascade deleted.
+    await pool.query(sql`
+      delete from scopes
+      where tenant_id = ${adminTenantId} and name = 'manage:tenant:self';
+    `);
+  },
+};
+export default alteration;

package/alterations/1.5.0-1685285719-support-default-resource.ts

@@ -0,0 +1,23 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table resources
+        add column is_default boolean not null default (false);
+      create unique index resources__is_default_true
+        on resources (tenant_id)
+        where is_default = true;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table resources
+        drop is_default; 
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.3.0-1683292832-update-hooks.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.3.0-1683292832-update-hooks.js

@@ -0,0 +1,73 @@
+import { generateStandardId } from '@logto/shared';
+import { sql } from 'slonik';
+var HookEvent;
+(function (HookEvent) {
+    HookEvent["PostRegister"] = "PostRegister";
+    HookEvent["PostSignIn"] = "PostSignIn";
+    HookEvent["PostResetPassword"] = "PostResetPassword";
+})(HookEvent || (HookEvent = {}));
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table hooks
+        add column name varchar(256) not null default '',
+        add column events jsonb not null default '[]'::jsonb,
+        add column signing_key varchar(64) not null default '',
+        add column enabled boolean not null default true,
+        alter column event drop not null;
+      drop index hooks__event;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      delete from hooks where enabled = false;
+    `);
+        const { rows: hooks } = await pool.query(sql `
+      select * from hooks;
+    `);
+        /* eslint-disable no-await-in-loop */
+        for (const { id, tenantId, events, config } of hooks) {
+            const { retries, ...rest } = config;
+            const updatedConfig = {
+                ...rest,
+                retries: retries ?? 3,
+            };
+            if (events.length === 0) {
+                await pool.query(sql `
+          update hooks
+          set config = ${JSON.stringify(updatedConfig)}
+          where id = ${id} and tenant_id = ${tenantId};
+        `);
+                continue;
+            }
+            for (const [index, event] of events.entries()) {
+                if (index === 0) {
+                    await pool.query(sql `
+            update hooks
+            set event = ${event},
+            config = ${JSON.stringify(updatedConfig)}
+            where id = ${id} and tenant_id = ${tenantId};
+          `);
+                    continue;
+                }
+                // Create new hook when there are multiple events
+                const hookId = generateStandardId();
+                await pool.query(sql `
+          insert into hooks (id, tenant_id,  event, config)
+          values (${hookId}, ${tenantId}, ${event}, ${JSON.stringify(updatedConfig)});
+        `);
+            }
+        }
+        /* eslint-enable no-await-in-loop */
+        await pool.query(sql `
+      alter table hooks
+        alter column event set not null,
+        drop column name,
+        drop column events,
+        drop column signing_key,
+        drop column enabled;
+      create index hooks__event on hooks (tenant_id, event);
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1684382842-add-name-tag-created-at-for-tenants-table.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1684382842-add-name-tag-created-at-for-tenants-table.js

@@ -0,0 +1,19 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        // Add new tenant columns for name, tag, and created_at.
+        await pool.query(sql `
+      alter table tenants add column name varchar(128) not null default 'My Project';
+      alter table tenants add column tag varchar(64) not null default 'development';
+      alter table tenants add column created_at timestamptz not null default(now());
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table tenants drop column name;
+      alter table tenants drop column tag;
+      alter table tenants drop column created_at;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1684739802-create-hook-id-index-for-logs.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1684739802-create-hook-id-index-for-logs.js

@@ -0,0 +1,14 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index logs__hook_id on logs (tenant_id, (payload->>'hookId'));
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index logs__hook_id;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1684822341-init-domains.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1684822341-init-domains.js

@@ -0,0 +1,57 @@
+import { sql } from 'slonik';
+const getId = (value) => sql.identifier([value]);
+const getDatabaseName = async (pool) => {
+    const { currentDatabase } = await pool.one(sql `
+    select current_database();
+  `);
+    return currentDatabase.replaceAll('-', '_');
+};
+const alteration = {
+    up: async (pool) => {
+        const database = await getDatabaseName(pool);
+        const baseRoleId = getId(`logto_tenant_${database}`);
+        await pool.query(sql `
+      create table domains (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        domain varchar(256) not null,
+        status varchar(32) not null default('PendingVerification'),
+        error_message varchar(1024),
+        dns_records jsonb /* @use DomainDnsRecords */ not null default '[]'::jsonb,
+        cloudflare_data jsonb /* @use CloudflareData */,
+        updated_at timestamptz not null default(now()),
+        created_at timestamptz not null default(now()),
+        primary key (id),
+        constraint domains__domain
+          unique (domain)
+      );
+
+      create index domains__id on domains (tenant_id, id);
+
+      create trigger set_tenant_id before insert on domains
+        for each row execute procedure set_tenant_id();
+
+      alter table domains enable row level security;
+
+      create policy domains_tenant_id on domains
+        as restrictive
+        using (tenant_id = (select id from tenants where db_user = current_user));
+      create policy domains_modification on domains
+        using (true);
+
+      grant select, insert, update, delete on domains to ${baseRoleId};
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop policy domains_tenant_id on domains;
+      drop policy domains_modification on domains;
+
+      alter table domains disable row level security;
+
+      drop table domains;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1684837981-add-manage-tenant-self-scope-to-user-role.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1684837981-add-manage-tenant-self-scope-to-user-role.js

@@ -0,0 +1,50 @@
+import { generateStandardId } from '@logto/shared/universal';
+import { sql } from 'slonik';
+const adminTenantId = 'admin';
+const alteration = {
+    up: async (pool) => {
+        // Get `resourceId` of the admin tenant's resource whose indicator is `https://cloud.logto.io/api`.
+        const { id: resourceId } = await pool.one(sql `
+      select id from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = 'https://cloud.logto.io/api'
+    `);
+        // Get `roleId` of the admin tenant's role whose name is `user`.
+        const { id: roleId } = await pool.one(sql `
+      select id from roles
+      where tenant_id = ${adminTenantId}
+      and name = 'user';
+    `);
+        // Insert `manage:tenant:self` scope.
+        const scopeId = generateStandardId();
+        await pool.query(sql `
+      insert into scopes (tenant_id, id, name, description, resource_id)
+        values (
+          ${adminTenantId},
+          ${scopeId},
+          'manage:tenant:self',
+          'Allow managing tenant itself, including update and delete.',
+          ${resourceId}
+        );
+    `);
+        // Assign `manage:tenant:self` scope to `user` role.
+        await pool.query(sql `
+      insert into roles_scopes (tenant_id, id, role_id, scope_id)
+        values (
+          ${adminTenantId},
+          ${generateStandardId()},
+          ${roleId},
+          ${scopeId}
+      );
+    `);
+    },
+    down: async (pool) => {
+        // Delete `manage:tenant:self` scope.
+        // No need to delete `roles_scopes` because it will be cascade deleted.
+        await pool.query(sql `
+      delete from scopes
+      where tenant_id = ${adminTenantId} and name = 'manage:tenant:self';
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1685285719-support-default-resource.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1685285719-support-default-resource.js

@@ -0,0 +1,19 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table resources
+        add column is_default boolean not null default (false);
+      create unique index resources__is_default_true
+        on resources (tenant_id)
+        where is_default = true;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table resources
+        drop is_default; 
+    `);
+    },
+};
+export default alteration;

package/lib/db-entries/application.js

@@ -4,9 +4,9 @@ import { oidcClientMetadataGuard, customClientMetadataGuard } from './../foundat
 import { ApplicationType } from './custom-types.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
-    id: z.string().max(21),
-    name: z.string().max(256),
-    secret: z.string().max(64),
+    id: z.string().min(1).max(21),
+    name: z.string().min(1).max(256),
+    secret: z.string().min(1).max(64),
     description: z.string().nullable().optional(),
     type: z.nativeEnum(ApplicationType),
     oidcClientMetadata: oidcClientMetadataGuard,
@@ -15,9 +15,9 @@ const createGuard = z.object({
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(21),
-    name: z.string().max(256),
-    secret: z.string().max(64),
+    id: z.string().min(1).max(21),
+    name: z.string().min(1).max(256),
+    secret: z.string().min(1).max(64),
     description: z.string().nullable(),
     type: z.nativeEnum(ApplicationType),
     oidcClientMetadata: oidcClientMetadataGuard,

package/lib/db-entries/applications-role.js

@@ -2,15 +2,15 @@
 import { z } from 'zod';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
-    id: z.string().max(21),
-    applicationId: z.string().max(21),
-    roleId: z.string().max(21),
+    id: z.string().min(1).max(21),
+    applicationId: z.string().min(1).max(21),
+    roleId: z.string().min(1).max(21),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(21),
-    applicationId: z.string().max(21),
-    roleId: z.string().max(21),
+    id: z.string().min(1).max(21),
+    applicationId: z.string().min(1).max(21),
+    roleId: z.string().min(1).max(21),
 });
 export const ApplicationsRoles = Object.freeze({
     table: 'applications_roles',

package/lib/db-entries/connector.js

@@ -3,18 +3,18 @@ import { z } from 'zod';
 import { jsonObjectGuard, configurableConnectorMetadataGuard } from './../foundations/index.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
-    id: z.string().max(128),
+    id: z.string().min(1).max(128),
     syncProfile: z.boolean().optional(),
-    connectorId: z.string().max(128),
+    connectorId: z.string().min(1).max(128),
     config: jsonObjectGuard.optional(),
     metadata: configurableConnectorMetadataGuard.optional(),
     createdAt: z.number().optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(128),
+    id: z.string().min(1).max(128),
     syncProfile: z.boolean(),
-    connectorId: z.string().max(128),
+    connectorId: z.string().min(1).max(128),
     config: jsonObjectGuard,
     metadata: configurableConnectorMetadataGuard,
     createdAt: z.number(),

package/lib/db-entries/custom-phrase.js

@@ -3,14 +3,14 @@ import { z } from 'zod';
 import { translationGuard } from './../foundations/index.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
-    id: z.string().max(21),
-    languageTag: z.string().max(16),
+    id: z.string().min(1).max(21),
+    languageTag: z.string().min(1).max(16),
     translation: translationGuard,
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(21),
-    languageTag: z.string().max(16),
+    id: z.string().min(1).max(21),
+    languageTag: z.string().min(1).max(16),
     translation: translationGuard,
 });
 export const CustomPhrases = Object.freeze({