npm - @logto/schemas - Versions diffs - 1.20.0 → 1.22.0 - Mend

@logto/schemas 1.20.0 → 1.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

package/alterations/1.21.0-1728357690-add-sso-connector-idp-initated-auth-configs-table.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table sso_connector_idp_initiated_auth_configs (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the SSO connector. */
+        connector_id varchar(128) not null
+          references sso_connectors (id) on update cascade on delete cascade,
+        /** The default Logto application id. */
+        default_application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        /** OIDC sign-in redirect URI. */
+        redirect_uri text,
+        /** Additional OIDC auth parameters. */
+        auth_parameters jsonb /* @use IdpInitiatedAuthParams */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        primary key (tenant_id, connector_id),
+        /** Insure the application type is Traditional. */
+        constraint application_type
+          check (check_application_type(default_application_id, 'Traditional'))
+      );
+    `);
+    await applyTableRls(pool, 'sso_connector_idp_initiated_auth_configs');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'sso_connector_idp_initiated_auth_configs');
+    await pool.query(sql`
+      drop table sso_connector_idp_initiated_auth_configs;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.21.0-1728526649-add-idp-initiated-saml-sso-sessions-table.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table idp_initiated_saml_sso_sessions (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the assertion record. */
+        id varchar(21) not null,
+        /** The identifier of the SAML SSO connector. */
+        connector_id varchar(128) not null
+          references sso_connectors (id) on update cascade on delete cascade,
+        /** The SAML assertion. */
+        assertion_content jsonb /* @use SsoSamlAssertionContent */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        /** The expiration time of the assertion. */
+        expires_at timestamptz not null,
+        primary key (tenant_id, id)
+      );
+    `);
+    await applyTableRls(pool, 'idp_initiated_saml_sso_sessions');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'idp_initiated_saml_sso_sessions');
+    await pool.query(sql`
+      drop table idp_initiated_saml_sso_sessions;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.21.0-1728887713-add-client-idp-initiated-auth-callback-uri-columns.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sso_connector_idp_initiated_auth_configs
+        add column client_idp_initiated_auth_callback_uri text;
+      alter table sso_connector_idp_initiated_auth_configs
+        add column auto_send_authorization_request boolean not null default false;
+      alter table sso_connector_idp_initiated_auth_configs
+        drop constraint application_type;
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+          check (check_application_type(default_application_id, 'Traditional', 'SPA'));
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sso_connector_idp_initiated_auth_configs
+        drop constraint application_type;
+      alter table sso_connector_idp_initiated_auth_configs
+        drop column client_idp_initiated_auth_callback_uri;
+      alter table sso_connector_idp_initiated_auth_configs
+        drop column auto_send_authorization_request;
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+          check (check_application_type(default_application_id, 'Traditional'));
+    `);
+  },
+};
+export default alteration;

package/alterations/1.22.0-1730689363-add-account-center.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table account_centers (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        /** The whole feature can be disabled */
+        enabled boolean not null default false,
+        /** Control each fields */
+        fields jsonb /* @use AccountCenterFieldControl */ not null default '{}'::jsonb,
+        primary key (tenant_id, id)
+      );
+    `);
+    await applyTableRls(pool, 'account_centers');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'account_centers');
+    await pool.query(sql`
+      drop table account_centers;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.22.0-1731054001-init-account-center.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Process in chunks of 1000 tenants
+    const batchSize = 1000;
+    // eslint-disable-next-line @silverhand/fp/no-let
+    let offset = 0;
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition, no-constant-condition
+    while (true) {
+      // eslint-disable-next-line no-await-in-loop
+      const tenants = await pool.any<{ id: string }>(sql`
+        select id from tenants
+        order by created_at asc, id asc
+        limit ${batchSize} offset ${offset};
+      `);
+      if (tenants.length === 0) {
+        break;
+      }
+      const values = tenants.map((tenant) => sql`(${tenant.id}, 'default')`);
+      // eslint-disable-next-line no-await-in-loop
+      await pool.query(sql`
+        insert into account_centers (tenant_id, id)
+        values ${sql.join(values, sql`, `)}
+      `);
+      // eslint-disable-next-line @silverhand/fp/no-mutation
+      offset += batchSize;
+    }
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      delete from account_centers where id = 'default';
+    `);
+  },
+};
+export default alteration;

package/alterations/1.22.0-1731304920-add-support-email-and-website-to-sie-table.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column support_email text,
+        add column support_website_url text;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column support_email,
+        drop column support_website_url;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.22.0-1731377260-add-unknown-session-redirect-url-to-sie.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column unknown_session_redirect_url text;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column unknown_session_redirect_url;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.22.0-1731900596-add-saml-application-type.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter type application_type add value 'SAML';
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table organization_application_relations drop constraint application_type;
+      alter table application_secrets drop constraint application_type;
+      alter table sso_connector_idp_initiated_auth_configs drop constraint application_type;
+      drop function check_application_type;
+      create type application_type_new as enum ('Native', 'SPA', 'Traditional', 'MachineToMachine', 'Protected');
+      delete from applications where "type"='SAML';
+      alter table applications
+        alter column "type" type application_type_new
+          using ("type"::text::application_type_new);
+      drop type application_type;
+      alter type application_type_new rename to application_type;
+      create function check_application_type(
+        application_id varchar(21),
+        variadic target_type application_type[]
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = any(target_type);
+      end; $$ language plpgsql set search_path = public;
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+      alter table application_secrets
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'));
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+        check (check_application_type(default_application_id, 'Traditional', 'SPA'));
+    `);
+  },
+};
+export default alteration;

package/alterations/1.22.0-1731900631-add-saml-app-third-party-consistency-check.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table applications
+        add constraint check_saml_app_third_party_consistency
+          check (type != 'SAML' OR (type = 'SAML' AND is_third_party = true));
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table applications drop constraint check_saml_app_third_party_consistency;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.22.0-1731901231-add-saml-application-secrets-table.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table saml_application_secrets (
+        id varchar(21) not null,
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        private_key text not null,
+        certificate text not null,
+        created_at timestamptz not null default now(),
+        expires_at timestamptz not null,
+        active boolean not null,
+        primary key (tenant_id, application_id, id),
+        constraint application_type
+          check (check_application_type(application_id, 'SAML'))
+      );
+      create unique index saml_application_secrets__unique_active_secret
+        on saml_application_secrets (tenant_id, application_id, active)
+        where active;
+    `);
+    await applyTableRls(pool, 'saml_application_secrets');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'saml_application_secrets');
+    await pool.query(sql`
+      drop table saml_application_secrets;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.22.0-1731904029-add-saml-application-configs-table.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table saml_application_configs (
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        attribute_mapping jsonb /* @use SamlAttributeMapping */ not null default '{}'::jsonb,
+        entity_id varchar(128),
+        acs_url jsonb /* @use SamlAcsUrl */,
+        primary key (tenant_id, application_id),
+        constraint application_type
+          check (check_application_type(application_id, 'SAML'))
+      );
+    `);
+    await applyTableRls(pool, 'saml_application_configs');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'saml_application_configs');
+    await pool.query(sql`
+      drop table saml_application_configs;
+    `);
+  },
+};
+export default alteration;

package/alterations-js/1.21.0-1728357690-add-sso-connector-idp-initated-auth-configs-table.js ADDED Viewed

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table sso_connector_idp_initiated_auth_configs (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the SSO connector. */
+        connector_id varchar(128) not null
+          references sso_connectors (id) on update cascade on delete cascade,
+        /** The default Logto application id. */
+        default_application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        /** OIDC sign-in redirect URI. */
+        redirect_uri text,
+        /** Additional OIDC auth parameters. */
+        auth_parameters jsonb /* @use IdpInitiatedAuthParams */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        primary key (tenant_id, connector_id),
+        /** Insure the application type is Traditional. */
+        constraint application_type
+          check (check_application_type(default_application_id, 'Traditional'))
+      );
+    `);
+        await applyTableRls(pool, 'sso_connector_idp_initiated_auth_configs');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'sso_connector_idp_initiated_auth_configs');
+        await pool.query(sql `
+      drop table sso_connector_idp_initiated_auth_configs;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.21.0-1728526649-add-idp-initiated-saml-sso-sessions-table.js ADDED Viewed

@@ -0,0 +1,31 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table idp_initiated_saml_sso_sessions (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the assertion record. */
+        id varchar(21) not null,
+        /** The identifier of the SAML SSO connector. */
+        connector_id varchar(128) not null
+          references sso_connectors (id) on update cascade on delete cascade,
+        /** The SAML assertion. */
+        assertion_content jsonb /* @use SsoSamlAssertionContent */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        /** The expiration time of the assertion. */
+        expires_at timestamptz not null,
+        primary key (tenant_id, id)
+      );
+    `);
+        await applyTableRls(pool, 'idp_initiated_saml_sso_sessions');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'idp_initiated_saml_sso_sessions');
+        await pool.query(sql `
+      drop table idp_initiated_saml_sso_sessions;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.21.0-1728887713-add-client-idp-initiated-auth-callback-uri-columns.js ADDED Viewed

@@ -0,0 +1,36 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sso_connector_idp_initiated_auth_configs
+        add column client_idp_initiated_auth_callback_uri text;
+      alter table sso_connector_idp_initiated_auth_configs
+        add column auto_send_authorization_request boolean not null default false;
+      alter table sso_connector_idp_initiated_auth_configs
+        drop constraint application_type;
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+          check (check_application_type(default_application_id, 'Traditional', 'SPA'));
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sso_connector_idp_initiated_auth_configs
+        drop constraint application_type;
+      alter table sso_connector_idp_initiated_auth_configs
+        drop column client_idp_initiated_auth_callback_uri;
+      alter table sso_connector_idp_initiated_auth_configs
+        drop column auto_send_authorization_request;
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+          check (check_application_type(default_application_id, 'Traditional'));
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.22.0-1730689363-add-account-center.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table account_centers (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        /** The whole feature can be disabled */
+        enabled boolean not null default false,
+        /** Control each fields */
+        fields jsonb /* @use AccountCenterFieldControl */ not null default '{}'::jsonb,
+        primary key (tenant_id, id)
+      );
+    `);
+        await applyTableRls(pool, 'account_centers');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'account_centers');
+        await pool.query(sql `
+      drop table account_centers;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.22.0-1731054001-init-account-center.js ADDED Viewed

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        // Process in chunks of 1000 tenants
+        const batchSize = 1000;
+        // eslint-disable-next-line @silverhand/fp/no-let
+        let offset = 0;
+        // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition, no-constant-condition
+        while (true) {
+            // eslint-disable-next-line no-await-in-loop
+            const tenants = await pool.any(sql `
+        select id from tenants
+        order by created_at asc, id asc
+        limit ${batchSize} offset ${offset};
+      `);
+            if (tenants.length === 0) {
+                break;
+            }
+            const values = tenants.map((tenant) => sql `(${tenant.id}, 'default')`);
+            // eslint-disable-next-line no-await-in-loop
+            await pool.query(sql `
+        insert into account_centers (tenant_id, id)
+        values ${sql.join(values, sql `, `)}
+      `);
+            // eslint-disable-next-line @silverhand/fp/no-mutation
+            offset += batchSize;
+        }
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      delete from account_centers where id = 'default';
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.22.0-1731304920-add-support-email-and-website-to-sie-table.js ADDED Viewed

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column support_email text,
+        add column support_website_url text;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column support_email,
+        drop column support_website_url;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.22.0-1731377260-add-unknown-session-redirect-url-to-sie.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column unknown_session_redirect_url text;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column unknown_session_redirect_url;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.22.0-1731900596-add-saml-application-type.js ADDED Viewed

@@ -0,0 +1,46 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter type application_type add value 'SAML';
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table organization_application_relations drop constraint application_type;
+      alter table application_secrets drop constraint application_type;
+      alter table sso_connector_idp_initiated_auth_configs drop constraint application_type;
+      drop function check_application_type;
+      create type application_type_new as enum ('Native', 'SPA', 'Traditional', 'MachineToMachine', 'Protected');
+      delete from applications where "type"='SAML';
+      alter table applications
+        alter column "type" type application_type_new
+          using ("type"::text::application_type_new);
+      drop type application_type;
+      alter type application_type_new rename to application_type;
+      create function check_application_type(
+        application_id varchar(21),
+        variadic target_type application_type[]
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = any(target_type);
+      end; $$ language plpgsql set search_path = public;
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+      alter table application_secrets
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'));
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+        check (check_application_type(default_application_id, 'Traditional', 'SPA'));
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.22.0-1731900631-add-saml-app-third-party-consistency-check.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table applications
+        add constraint check_saml_app_third_party_consistency
+          check (type != 'SAML' OR (type = 'SAML' AND is_third_party = true));
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table applications drop constraint check_saml_app_third_party_consistency;
+    `);
+    },
+};
+export default alteration;