npm - @logto/schemas - Versions diffs - 1.28.0 → 1.30.0 - Mend

@logto/schemas 1.28.0 → 1.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (129) hide show

package/alterations/1.29.0-1748832174-add-webauthn-related-origins.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table account_centers
+        add column webauthn_related_origins jsonb not null default '[]'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table account_centers
+        drop column webauthn_related_origins;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.29.0-1749005587-user-sso-identities-table-add-updated-at-column.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table user_sso_identities
+        add column updated_at timestamptz not null default(now());
+    `);
+    await pool.query(sql`
+      create trigger set_updated_at
+        before update on user_sso_identities
+        for each row
+        execute procedure set_updated_at();
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop trigger set_updated_at on user_sso_identities;
+    `);
+    await pool.query(sql`
+      alter table user_sso_identities
+        drop column updated_at;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.29.0-1749026308-add-oidc-session-extension-table.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table oidc_session_extensions (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        session_uid varchar(128) not null,
+        account_id varchar(12) not null
+          references users (id) on update cascade on delete cascade,
+        last_submission jsonb /* @use JsonObject */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        updated_at timestamptz not null default(now()),
+        primary key (tenant_id, session_uid)
+      );
+    `);
+    await pool.query(sql`
+      create trigger set_updated_at
+        before update on oidc_session_extensions
+        for each row
+        execute procedure set_updated_at();
+    `);
+    await applyTableRls(pool, 'oidc_session_extensions');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'oidc_session_extensions');
+    await pool.query(sql`
+      drop table oidc_session_extensions;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.29.0-1749523818-add-custom-profile-fields.ts ADDED Viewed

@@ -0,0 +1,58 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table custom_profile_fields (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        name varchar(128) not null,
+        type varchar(128) not null /* @use CustomProfileFieldType */,
+        label varchar(128) not null default '',
+        description varchar(256),
+        required boolean not null default false,
+        config jsonb /* @use CustomProfileFieldConfig */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        sie_order int2 not null default 0,
+        primary key (id),
+        constraint custom_profile_fields__name
+          unique (tenant_id, name),
+        constraint custom_profile_fields__sie_order
+          unique (tenant_id, sie_order)
+      );
+      create or replace function custom_profile_fields__increment_sie_order() returns trigger as
+      $$ begin
+        new.sie_order = (
+          select coalesce(max(sie_order), 0)
+          from custom_profile_fields
+          where tenant_id = (
+            select id from tenants where db_user = current_user
+          )
+        ) + 1;
+        return new;
+      end; $$ language plpgsql;
+      create trigger custom_profile_fields__increment_sie_order before insert on custom_profile_fields
+        for each row execute procedure custom_profile_fields__increment_sie_order();
+    `);
+    await applyTableRls(pool, 'custom_profile_fields');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'custom_profile_fields');
+    await pool.query(sql`
+      drop trigger custom_profile_fields__increment_sie_order on custom_profile_fields;
+      drop function custom_profile_fields__increment_sie_order;
+      drop table if exists custom_profile_fields;
+      drop type if exists custom_profile_field_type;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.29.0-1749724664-drop-sie-order-constraint-from-custom-profile-fields.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table custom_profile_fields
+        drop constraint custom_profile_fields__sie_order
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table custom_profile_fields
+        add constraint custom_profile_fields__sie_order unique (tenant_id, sie_order)
+    `);
+  },
+};
+export default alteration;

package/alterations/1.29.0-1750663091-change-user-password-encrypted-length.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table users alter column password_encrypted set data type varchar(256);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table users alter column password_encrypted set data type varchar(128);
+    `);
+  },
+};
+export default alteration;

package/alterations/1.29.0-1750744518-add-secrets-table.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table secrets (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null primary key,
+        user_id varchar(21) not null
+          references users (id) on update cascade on delete cascade,
+        type varchar(256) /* @user SecretType */ not null,
+        /** Encrypted data encryption key (DEK) for the secret. */
+        encrypted_dek bytea not null,
+        /** Initialization vector for the secret encryption. */
+        iv bytea not null,
+        /** Authentication tag for the secret encryption. */
+        auth_tag bytea not null,
+        /** The encrypted secret data. e.g. { access_token, refresh_token }*/
+        ciphertext bytea not null,
+        /** The metadata associated with the secret. */
+        metadata jsonb not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        updated_at timestamptz not null default(now())
+      );
+    `);
+    await pool.query(sql`
+      create trigger set_updated_at
+        before update on secrets
+        for each row
+        execute procedure set_updated_at();
+    `);
+    await applyTableRls(pool, 'secrets');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'secrets');
+    await pool.query(sql`
+      drop table secrets;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.29.0-1750744539-add-secret-connector-relations-table.ts ADDED Viewed

@@ -0,0 +1,109 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table secret_connector_relations (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        secret_id varchar(21) not null
+          references secrets (id) on update cascade on delete cascade,
+        /** Social connector ID foreign reference. Only present for secrets that store social connector tokens. Note: avoid directly cascading deletes here, need to delete the secrets first.*/
+        connector_id varchar(128)
+          references connectors (id) on update cascade,
+        /** SSO connector ID foreign reference. Only present for secrets that store SSO connector tokens. Note: avoid directly cascading deletes here, need to delete the secrets first.*/
+        sso_connector_id varchar(128)
+          references sso_connectors (id) on update cascade,
+        /** The target of the social connector. e.g. 'github', 'google', etc. */
+        social_connector_target varchar(256),
+        /** User social identity ID foreign reference. Only present for secrets that store social identity tokens. */
+        social_identity_id varchar(128),
+        /** User sso connector issuer. Only present for secrets that store SSO connector tokens. */
+        sso_connector_issuer varchar(256),
+        /** User SSO identity ID. Only present for secrets that store SSO identity tokens. */
+        sso_identity_id varchar(128),
+        primary key (tenant_id, secret_id),
+        /** Ensures that each social identity is associated with only one secret. */
+        constraint secret_connector_relations__target__social_identity_id
+          unique (tenant_id, social_connector_target, social_identity_id),
+        /** Ensures that each SSO identity is associated with only one secret. */
+        foreign key (tenant_id, sso_connector_issuer, sso_identity_id)
+          references user_sso_identities (tenant_id, issuer, identity_id) on update cascade,
+        /** Ensure that each secret is associated with a social connector or SSO connector, but not both at the same time. */
+        constraint secret_connector_relations__connector_id__sso_connector_id
+          check (
+            (
+              connector_id is not null and social_connector_target is not null and social_identity_id is not null and
+              sso_connector_id is null and sso_identity_id is null
+            ) or (
+              connector_id is null and social_connector_target is null and social_identity_id is null and
+              sso_connector_id is not null and sso_identity_id is not null
+            )
+          )
+      );
+    `);
+    /** Trigger function to delete secrets when the social connector is deleted. */
+    await pool.query(sql`
+      create function delete_secrets_on_social_connector_delete()
+      returns trigger as $$
+      begin
+        delete from secrets
+        where id in (
+          select secret_id from secret_connector_relations
+          where tenant_id = old.tenant_id and connector_id = old.id
+        );
+        return old;
+      end;
+      $$ language plpgsql;
+      create trigger delete_secrets_before_social_connector_delete
+        before delete on connectors
+        for each row
+        execute procedure delete_secrets_on_social_connector_delete();
+    `);
+    /** Trigger function to delete secrets when the SSO connector is deleted. */
+    await pool.query(sql`
+      create function delete_secrets_on_sso_connector_delete()
+      returns trigger as $$
+      begin
+        delete from secrets
+        where id in (
+          select secret_id from secret_connector_relations
+          where tenant_id = old.tenant_id and sso_connector_id = old.id
+        );
+        return old;
+      end;
+      $$ language plpgsql;
+      create trigger delete_secrets_before_sso_connector_delete
+        before delete on sso_connectors
+        for each row
+        execute procedure delete_secrets_on_sso_connector_delete();
+    `);
+    await applyTableRls(pool, 'secret_connector_relations');
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop trigger if exists delete_secrets_before_social_connector_delete on connectors;
+      drop function if exists delete_secrets_on_social_connector_delete;
+      drop trigger if exists delete_secrets_before_sso_connector_delete on sso_connectors;
+      drop function if exists delete_secrets_on_sso_connector_delete;
+    `);
+    await dropTableRls(pool, 'secret_connector_relations');
+    await pool.query(sql`
+      drop table secret_connector_relations;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.30.0-1750744685-add-triggers-to-delete-secrets-on-social-identities-deletion.ts ADDED Viewed

@@ -0,0 +1,81 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    /** Trigger function to delete secret when the SSO identity is deleted. */
+    await pool.query(sql`
+      create function delete_secret_on_sso_identity_delete()
+      returns trigger as $$
+      begin
+        delete from secrets
+        where id in (
+          select secret_id from secret_connector_relations
+          where tenant_id = old.tenant_id
+          and sso_connector_issuer = old.issuer
+          and sso_identity_id = old.identity_id
+        )
+        -- we also need to ensure that the secret is associated with the correct user
+        and user_id = old.user_id;
+        return old;
+      end;
+      $$ language plpgsql;
+      create trigger delete_secret_before_sso_identity_delete
+        before delete on user_sso_identities
+        for each row
+        execute procedure delete_secret_on_sso_identity_delete();
+    `);
+    /** Trigger function to delete associated secrets when social identities are deleted. */
+    await pool.query(sql`
+      create function delete_secrets_on_social_identity_delete()
+      returns trigger as $$
+      declare
+        target text;
+        old_identity jsonb;
+        new_identity jsonb;
+      begin
+        -- Loop over old identities to detect deletions or modifications
+        for target in select jsonb_object_keys(old.identities)
+        loop
+          old_identity := old.identities -> target;
+          new_identity := new.identities -> target;
+          -- If the identity was deleted or modified, delete the associated secret
+          if new_identity is null or (new_identity->>'userId') is distinct from (old_identity->>'userId') then
+            -- Identity was removed or changed, delete the corresponding secrets
+            delete from secrets
+            using secret_connector_relations
+            where secrets.id = secret_connector_relations.secret_id
+            -- Ensure we are deleting the correct social identity
+            and secret_connector_relations.social_connector_target = target
+            and secret_connector_relations.social_identity_id = old_identity->>'userId'
+            -- Ensure we delete the correct user's secret
+            and secrets.user_id = old.id;
+          end if;
+        end loop;
+        return new;
+      end;
+      $$ language plpgsql;
+      create trigger delete_secrets_before_social_identity_delete
+        before update of identities on users
+        for each row
+        execute procedure delete_secrets_on_social_identity_delete();
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop trigger if exists delete_secret_before_sso_identity_delete on user_sso_identities;
+      drop function if exists delete_secret_on_sso_identity_delete();
+      drop trigger if exists delete_secrets_before_social_identity_delete on users;
+      drop function if exists delete_secrets_on_social_identity_delete();
+    `);
+  },
+};
+export default alteration;

package/alterations/1.30.0-1750748516-add-enable-token-storage-column-to-connectors-table.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table connectors
+      add column enable_token_storage boolean not null default FALSE;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table connectors
+      drop column if exists enable_token_storage;
+    `);
+  },
+};
+export default alteration;