@logto/schemas 1.3.0 → 1.6.0

package/alterations/1.5.0-1684382842-add-name-tag-created-at-for-tenants-table.ts

@@ -0,0 +1,22 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Add new tenant columns for name, tag, and created_at.
+    await pool.query(sql`
+      alter table tenants add column name varchar(128) not null default 'My Project';
+      alter table tenants add column tag varchar(64) not null default 'development';
+      alter table tenants add column created_at timestamptz not null default(now());
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table tenants drop column name;
+      alter table tenants drop column tag;
+      alter table tenants drop column created_at;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.5.0-1684739802-create-hook-id-index-for-logs.ts

@@ -0,0 +1,18 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index logs__hook_id on logs (tenant_id, (payload->>'hookId'));
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index logs__hook_id;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.5.0-1684822341-init-domains.ts

@@ -0,0 +1,66 @@
+import type { CommonQueryMethods } from 'slonik';
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const getId = (value: string) => sql.identifier([value]);
+
+const getDatabaseName = async (pool: CommonQueryMethods) => {
+  const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
+    select current_database();
+  `);
+
+  return currentDatabase.replaceAll('-', '_');
+};
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const database = await getDatabaseName(pool);
+    const baseRoleId = getId(`logto_tenant_${database}`);
+
+    await pool.query(sql`
+      create table domains (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        domain varchar(256) not null,
+        status varchar(32) not null default('PendingVerification'),
+        error_message varchar(1024),
+        dns_records jsonb /* @use DomainDnsRecords */ not null default '[]'::jsonb,
+        cloudflare_data jsonb /* @use CloudflareData */,
+        updated_at timestamptz not null default(now()),
+        created_at timestamptz not null default(now()),
+        primary key (id),
+        constraint domains__domain
+          unique (domain)
+      );
+
+      create index domains__id on domains (tenant_id, id);
+
+      create trigger set_tenant_id before insert on domains
+        for each row execute procedure set_tenant_id();
+
+      alter table domains enable row level security;
+
+      create policy domains_tenant_id on domains
+        as restrictive
+        using (tenant_id = (select id from tenants where db_user = current_user));
+      create policy domains_modification on domains
+        using (true);
+
+      grant select, insert, update, delete on domains to ${baseRoleId};
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop policy domains_tenant_id on domains;
+      drop policy domains_modification on domains;
+
+      alter table domains disable row level security;
+
+      drop table domains;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.5.0-1684837981-add-manage-tenant-self-scope-to-user-role.ts

@@ -0,0 +1,56 @@
+import { generateStandardId } from '@logto/shared/universal';
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const adminTenantId = 'admin';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Get `resourceId` of the admin tenant's resource whose indicator is `https://cloud.logto.io/api`.
+    const { id: resourceId } = await pool.one<{ id: string }>(sql`
+      select id from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = 'https://cloud.logto.io/api'
+    `);
+
+    // Get `roleId` of the admin tenant's role whose name is `user`.
+    const { id: roleId } = await pool.one<{ id: string }>(sql`
+      select id from roles
+      where tenant_id = ${adminTenantId}
+      and name = 'user';
+    `);
+
+    // Insert `manage:tenant:self` scope.
+    const scopeId = generateStandardId();
+    await pool.query(sql`
+      insert into scopes (tenant_id, id, name, description, resource_id)
+        values (
+          ${adminTenantId},
+          ${scopeId},
+          'manage:tenant:self',
+          'Allow managing tenant itself, including update and delete.',
+          ${resourceId}
+        );
+    `);
+    // Assign `manage:tenant:self` scope to `user` role.
+    await pool.query(sql`
+      insert into roles_scopes (tenant_id, id, role_id, scope_id)
+        values (
+          ${adminTenantId},
+          ${generateStandardId()},
+          ${roleId},
+          ${scopeId}
+      );
+    `);
+  },
+  down: async (pool) => {
+    // Delete `manage:tenant:self` scope.
+    // No need to delete `roles_scopes` because it will be cascade deleted.
+    await pool.query(sql`
+      delete from scopes
+      where tenant_id = ${adminTenantId} and name = 'manage:tenant:self';
+    `);
+  },
+};
+export default alteration;

package/alterations/1.5.0-1685285719-support-default-resource.ts

@@ -0,0 +1,23 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table resources
+        add column is_default boolean not null default (false);
+      create unique index resources__is_default_true
+        on resources (tenant_id)
+        where is_default = true;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table resources
+        drop is_default; 
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.6.0-1685691718-domain-unique.ts

@@ -0,0 +1,20 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (tenant_id, domain);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (domain);
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.5.0-1684382842-add-name-tag-created-at-for-tenants-table.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1684382842-add-name-tag-created-at-for-tenants-table.js

@@ -0,0 +1,19 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        // Add new tenant columns for name, tag, and created_at.
+        await pool.query(sql `
+      alter table tenants add column name varchar(128) not null default 'My Project';
+      alter table tenants add column tag varchar(64) not null default 'development';
+      alter table tenants add column created_at timestamptz not null default(now());
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table tenants drop column name;
+      alter table tenants drop column tag;
+      alter table tenants drop column created_at;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1684739802-create-hook-id-index-for-logs.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1684739802-create-hook-id-index-for-logs.js

@@ -0,0 +1,14 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index logs__hook_id on logs (tenant_id, (payload->>'hookId'));
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index logs__hook_id;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1684822341-init-domains.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1684822341-init-domains.js

@@ -0,0 +1,57 @@
+import { sql } from 'slonik';
+const getId = (value) => sql.identifier([value]);
+const getDatabaseName = async (pool) => {
+    const { currentDatabase } = await pool.one(sql `
+    select current_database();
+  `);
+    return currentDatabase.replaceAll('-', '_');
+};
+const alteration = {
+    up: async (pool) => {
+        const database = await getDatabaseName(pool);
+        const baseRoleId = getId(`logto_tenant_${database}`);
+        await pool.query(sql `
+      create table domains (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        domain varchar(256) not null,
+        status varchar(32) not null default('PendingVerification'),
+        error_message varchar(1024),
+        dns_records jsonb /* @use DomainDnsRecords */ not null default '[]'::jsonb,
+        cloudflare_data jsonb /* @use CloudflareData */,
+        updated_at timestamptz not null default(now()),
+        created_at timestamptz not null default(now()),
+        primary key (id),
+        constraint domains__domain
+          unique (domain)
+      );
+
+      create index domains__id on domains (tenant_id, id);
+
+      create trigger set_tenant_id before insert on domains
+        for each row execute procedure set_tenant_id();
+
+      alter table domains enable row level security;
+
+      create policy domains_tenant_id on domains
+        as restrictive
+        using (tenant_id = (select id from tenants where db_user = current_user));
+      create policy domains_modification on domains
+        using (true);
+
+      grant select, insert, update, delete on domains to ${baseRoleId};
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop policy domains_tenant_id on domains;
+      drop policy domains_modification on domains;
+
+      alter table domains disable row level security;
+
+      drop table domains;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1684837981-add-manage-tenant-self-scope-to-user-role.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1684837981-add-manage-tenant-self-scope-to-user-role.js

@@ -0,0 +1,50 @@
+import { generateStandardId } from '@logto/shared/universal';
+import { sql } from 'slonik';
+const adminTenantId = 'admin';
+const alteration = {
+    up: async (pool) => {
+        // Get `resourceId` of the admin tenant's resource whose indicator is `https://cloud.logto.io/api`.
+        const { id: resourceId } = await pool.one(sql `
+      select id from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = 'https://cloud.logto.io/api'
+    `);
+        // Get `roleId` of the admin tenant's role whose name is `user`.
+        const { id: roleId } = await pool.one(sql `
+      select id from roles
+      where tenant_id = ${adminTenantId}
+      and name = 'user';
+    `);
+        // Insert `manage:tenant:self` scope.
+        const scopeId = generateStandardId();
+        await pool.query(sql `
+      insert into scopes (tenant_id, id, name, description, resource_id)
+        values (
+          ${adminTenantId},
+          ${scopeId},
+          'manage:tenant:self',
+          'Allow managing tenant itself, including update and delete.',
+          ${resourceId}
+        );
+    `);
+        // Assign `manage:tenant:self` scope to `user` role.
+        await pool.query(sql `
+      insert into roles_scopes (tenant_id, id, role_id, scope_id)
+        values (
+          ${adminTenantId},
+          ${generateStandardId()},
+          ${roleId},
+          ${scopeId}
+      );
+    `);
+    },
+    down: async (pool) => {
+        // Delete `manage:tenant:self` scope.
+        // No need to delete `roles_scopes` because it will be cascade deleted.
+        await pool.query(sql `
+      delete from scopes
+      where tenant_id = ${adminTenantId} and name = 'manage:tenant:self';
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.5.0-1685285719-support-default-resource.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.5.0-1685285719-support-default-resource.js

@@ -0,0 +1,19 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table resources
+        add column is_default boolean not null default (false);
+      create unique index resources__is_default_true
+        on resources (tenant_id)
+        where is_default = true;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table resources
+        drop is_default; 
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.6.0-1685691718-domain-unique.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.6.0-1685691718-domain-unique.js

@@ -0,0 +1,16 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (tenant_id, domain);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (domain);
+    `);
+    },
+};
+export default alteration;

package/lib/consts/date.d.ts

@@ -0,0 +1,5 @@
+export declare const inSeconds: Readonly<{
+    oneMinute: 60;
+    oneHour: number;
+    oneDay: number;
+}>;

package/lib/consts/date.js

@@ -0,0 +1 @@
+export const inSeconds = Object.freeze({ oneMinute: 60, oneHour: 60 * 60, oneDay: 24 * 60 * 60 });

package/lib/consts/index.d.ts

@@ -1,3 +1,4 @@
 export * from './cookie.js';
 export * from './system.js';
 export * from './oidc.js';
+export * from './date.js';

package/lib/consts/index.js

@@ -1,3 +1,4 @@
 export * from './cookie.js';
 export * from './system.js';
 export * from './oidc.js';
+export * from './date.js';

package/lib/consts/oidc.d.ts

@@ -1 +1,6 @@
 export declare const tenantIdKey = "tenant_id";
+export declare const customClientMetadataDefault: Readonly<{
+    readonly idTokenTtl: number;
+    readonly refreshTokenTtlInDays: 14;
+    readonly rotateRefreshToken: true;
+}>;

package/lib/consts/oidc.js

@@ -1 +1,7 @@
+import { inSeconds } from './date.js';
 export const tenantIdKey = 'tenant_id';
+export const customClientMetadataDefault = Object.freeze({
+    idTokenTtl: inSeconds.oneHour,
+    refreshTokenTtlInDays: 14,
+    rotateRefreshToken: true,
+});

package/lib/db-entries/application.js

@@ -15,9 +15,9 @@ const createGuard = z.object({
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(21),
-    name: z.string().max(256),
-    secret: z.string().max(64),
+    id: z.string().min(1).max(21),
+    name: z.string().min(1).max(256),
+    secret: z.string().min(1).max(64),
     description: z.string().nullable(),
     type: z.nativeEnum(ApplicationType),
     oidcClientMetadata: oidcClientMetadataGuard,

package/lib/db-entries/applications-role.js

@@ -8,9 +8,9 @@ const createGuard = z.object({
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(21),
-    applicationId: z.string().max(21),
-    roleId: z.string().max(21),
+    id: z.string().min(1).max(21),
+    applicationId: z.string().min(1).max(21),
+    roleId: z.string().min(1).max(21),
 });
 export const ApplicationsRoles = Object.freeze({
     table: 'applications_roles',

package/lib/db-entries/connector.js

@@ -12,9 +12,9 @@ const createGuard = z.object({
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(128),
+    id: z.string().min(1).max(128),
     syncProfile: z.boolean(),
-    connectorId: z.string().max(128),
+    connectorId: z.string().min(1).max(128),
     config: jsonObjectGuard,
     metadata: configurableConnectorMetadataGuard,
     createdAt: z.number(),

package/lib/db-entries/custom-phrase.js

@@ -9,8 +9,8 @@ const createGuard = z.object({
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(21),
-    languageTag: z.string().max(16),
+    id: z.string().min(1).max(21),
+    languageTag: z.string().min(1).max(16),
     translation: translationGuard,
 });
 export const CustomPhrases = Object.freeze({

package/lib/db-entries/domain.d.ts

@@ -0,0 +1,24 @@
+import { DomainStatus, DomainDnsRecords, CloudflareData, GeneratedSchema } from './../foundations/index.js';
+export type CreateDomain = {
+    tenantId?: string;
+    id: string;
+    domain: string;
+    status?: DomainStatus;
+    errorMessage?: string | null;
+    dnsRecords?: DomainDnsRecords;
+    cloudflareData?: CloudflareData | null;
+    updatedAt?: number;
+    createdAt?: number;
+};
+export type Domain = {
+    tenantId: string;
+    id: string;
+    domain: string;
+    status: DomainStatus;
+    errorMessage: string | null;
+    dnsRecords: DomainDnsRecords;
+    cloudflareData: CloudflareData | null;
+    updatedAt: number;
+    createdAt: number;
+};
+export declare const Domains: GeneratedSchema<CreateDomain, Domain>;

package/lib/db-entries/domain.js

@@ -0,0 +1,53 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+import { domainStatusGuard, domainDnsRecordsGuard, cloudflareDataGuard } from './../foundations/index.js';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    id: z.string().min(1).max(21),
+    domain: z.string().min(1).max(256),
+    status: domainStatusGuard.optional(),
+    errorMessage: z.string().max(1024).nullable().optional(),
+    dnsRecords: domainDnsRecordsGuard.optional(),
+    cloudflareData: cloudflareDataGuard.nullable().optional(),
+    updatedAt: z.number().optional(),
+    createdAt: z.number().optional(),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    id: z.string().min(1).max(21),
+    domain: z.string().min(1).max(256),
+    status: domainStatusGuard,
+    errorMessage: z.string().max(1024).nullable(),
+    dnsRecords: domainDnsRecordsGuard,
+    cloudflareData: cloudflareDataGuard.nullable(),
+    updatedAt: z.number(),
+    createdAt: z.number(),
+});
+export const Domains = Object.freeze({
+    table: 'domains',
+    tableSingular: 'domain',
+    fields: {
+        tenantId: 'tenant_id',
+        id: 'id',
+        domain: 'domain',
+        status: 'status',
+        errorMessage: 'error_message',
+        dnsRecords: 'dns_records',
+        cloudflareData: 'cloudflare_data',
+        updatedAt: 'updated_at',
+        createdAt: 'created_at',
+    },
+    fieldKeys: [
+        'tenantId',
+        'id',
+        'domain',
+        'status',
+        'errorMessage',
+        'dnsRecords',
+        'cloudflareData',
+        'updatedAt',
+        'createdAt',
+    ],
+    createGuard,
+    guard,
+});

package/lib/db-entries/hook.js

@@ -4,17 +4,17 @@ import { hookEventGuard, hookEventsGuard, hookConfigGuard } from './../foundatio
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
     id: z.string().min(1).max(21),
-    name: z.string().max(256).optional(),
+    name: z.string().min(1).max(256).optional(),
     event: hookEventGuard.nullable().optional(),
     events: hookEventsGuard.optional(),
     config: hookConfigGuard,
-    signingKey: z.string().max(64).optional(),
+    signingKey: z.string().min(1).max(64).optional(),
     enabled: z.boolean().optional(),
     createdAt: z.number().optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(21),
+    id: z.string().min(1).max(21),
     name: z.string().max(256),
     event: hookEventGuard.nullable(),
     events: hookEventsGuard,

package/lib/db-entries/index.d.ts

@@ -7,6 +7,7 @@ export * from './application.js';
 export * from './applications-role.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
+export * from './domain.js';
 export * from './hook.js';
 export * from './log.js';
 export * from './logto-config.js';

package/lib/db-entries/index.js

@@ -8,6 +8,7 @@ export * from './application.js';
 export * from './applications-role.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
+export * from './domain.js';
 export * from './hook.js';
 export * from './log.js';
 export * from './logto-config.js';

package/lib/db-entries/log.js

@@ -10,8 +10,8 @@ const createGuard = z.object({
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    id: z.string().max(21),
-    key: z.string().max(128),
+    id: z.string().min(1).max(21),
+    key: z.string().min(1).max(128),
     payload: logContextPayloadGuard,
     createdAt: z.number(),
 });

package/lib/db-entries/logto-config.js

@@ -8,7 +8,7 @@ const createGuard = z.object({
 });
 const guard = z.object({
     tenantId: z.string().max(21),
-    key: z.string().max(256),
+    key: z.string().min(1).max(256),
     value: jsonObjectGuard,
 });
 export const LogtoConfigs = Object.freeze({