npm - @logto/schemas - Versions diffs - 1.34.0 → 1.36.0 - Mend

@logto/schemas 1.34.0 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

package/alterations/1.35.0-1764580455-remove-daily-active-users-foreign-key.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+/**
+ * Remove foreign key constraint from daily_active_users table to allow
+ * historical billing data to persist even after tenant deletion.
+ * This supports the MAU-based billing system requirements.
+ *
+ * Index optimizations:
+ * 1. Removes redundant (tenant_id, id) index (id is already primary key)
+ * 2. Adds optimized index (tenant_id, date, user_id) for aggregation queries
+ * 3. Replaces problematic partial index with BRIN index
+ */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Drop the existing foreign key constraint
+    await pool.query(sql`
+      alter table daily_active_users
+      drop constraint if exists daily_active_users_tenant_id_fkey
+    `);
+    // Remove the redundant (tenant_id, id) index since id is already primary key
+    await pool.query(sql`
+      drop index if exists daily_active_users__id
+    `);
+    // Add optimized index for aggregation queries with better write performance
+    await pool.query(sql`
+      create index daily_active_users__tenant_date_user
+      on daily_active_users (tenant_id, date, user_id)
+    `);
+    // Add BRIN index for time-series date range queries
+    // Optimized for sequential data insertion and range scans (date >= ?)
+    await pool.query(sql`
+      create index daily_active_users__date_brin
+      on daily_active_users using brin (date)
+    `);
+  },
+  down: async (pool) => {
+    // Drop the new indexes we created
+    await pool.query(sql`
+      drop index if exists daily_active_users__date_brin
+    `);
+    await pool.query(sql`
+      drop index if exists daily_active_users__tenant_date_user
+    `);
+    // Recreate the original redundant index
+    await pool.query(sql`
+      create index daily_active_users__id
+      on daily_active_users (tenant_id, id)
+    `);
+    // Recreate the foreign key constraint
+    await pool.query(sql`
+      alter table daily_active_users
+      add constraint daily_active_users_tenant_id_fkey
+      foreign key (tenant_id) references tenants(id)
+      on update cascade on delete cascade
+    `);
+  },
+};
+export default alteration;

package/alterations/1.35.0-1764580589-create-aggregated-daily-active-users-table.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+/**
+ * Create aggregated_daily_active_users table for MAU-based billing system.
+ * This table consolidates daily user activities for efficient billing calculations.
+ */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Create the aggregated daily active users table
+    await pool.query(sql`
+      create table aggregated_daily_active_users (
+        tenant_id varchar(21) not null,
+        activity_date date not null,
+        user_id varchar(21) not null,
+        activity_count integer not null,
+        primary key (tenant_id, activity_date, user_id)
+      );
+    `);
+    // Index for billing cycle range queries
+    await pool.query(sql`
+      create index aggregated_daily_active_users__tenant_date
+        on aggregated_daily_active_users (tenant_id, activity_date);
+    `);
+    // Index for tenant-specific user activity queries
+    await pool.query(sql`
+      create index aggregated_daily_active_users__tenant_user_date
+        on aggregated_daily_active_users (tenant_id, user_id, activity_date desc);
+    `);
+    await applyTableRls(pool, 'aggregated_daily_active_users');
+  },
+  down: async (pool) => {
+    // Drop RLS policies first
+    await dropTableRls(pool, 'aggregated_daily_active_users');
+    // Drop the table and all its indexes
+    await pool.query(sql`
+      drop table aggregated_daily_active_users;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.35.0-1764653048-update-daily-token-usage-mau-support.ts ADDED Viewed

@@ -0,0 +1,37 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Add new columns for user and m2m token usage tracking
+    await pool.query(sql`
+      alter table daily_token_usage
+      add column user_token_usage bigint not null default 0,
+      add column m2m_token_usage bigint not null default 0;
+    `);
+    // Remove foreign key constraint to support enterprise tenant deletion requirements
+    await pool.query(sql`
+      alter table daily_token_usage
+      drop constraint if exists daily_token_usage_tenant_id_fkey;
+    `);
+  },
+  down: async (pool) => {
+    // Remove the new columns
+    await pool.query(sql`
+      alter table daily_token_usage
+      drop column if exists user_token_usage,
+      drop column if exists m2m_token_usage;
+    `);
+    // Re-add the foreign key constraint
+    await pool.query(sql`
+      alter table daily_token_usage
+      add constraint daily_token_usage_tenant_id_fkey
+      foreign key (tenant_id) references tenants (id) on update cascade on delete cascade;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.35.0-1765183934-add-logs-created-at-id-index.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  beforeUp: async (pool) => {
+    /**
+     * Use 'if not exists' to ensure idempotency.
+     * If the subsequent transaction in 'up' fails, the migration can be safely re-run without failing on an already created index.
+     */
+    await pool.query(sql`
+      create index concurrently if not exists logs__created_at_id
+      on logs (tenant_id, created_at, id);
+    `);
+  },
+  up: async () => {
+    /**
+     * The index on the logs table must be created outside of a transaction to avoid table locks.
+     * 'concurrently' cannot be used inside a transaction, so this up is intentionally left empty.
+     */
+  },
+  beforeDown: async (pool) => {
+    /**
+     * Use 'if exists' to ensure idempotency. If the subsequent transaction in 'down' fails,
+     * the rollback can be safely re-run without failing on a non-existent index.
+     */
+    await pool.query(sql`
+      drop index concurrently if exists logs__created_at_id;
+    `);
+  },
+  down: async () => {
+    /**
+     * The index on the logs table must be dropped outside of a transaction to avoid table locks.
+     * 'concurrently' cannot be used inside a transaction, so this down is intentionally left empty.
+     */
+  },
+};
+export default alteration;

package/alterations/1.35.0-1765255453-update-saml-session-relay-state-to-varchar-512.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+/**
+ * Update saml_application_sessions.relay_state column type from varchar(256) to text
+ * to support longer relay state values that may be used in SAML authentication flows.
+ *
+ * The relay state parameter in SAML can contain arbitrary data that needs to be
+ * preserved and returned to the service provider, and 256 characters may not be
+ * sufficient for all use cases.
+ */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table saml_application_sessions
+      alter column relay_state type varchar(512)
+    `);
+  },
+  down: async (pool) => {
+    // The down migration may fail or cause data loss if any existing relay_state values exceed 256 characters. Consider adding a USING clause to safely truncate values during rollback, this ensures the rollback operation won't fail due to data that's too long for the varchar(256) constraint.
+    await pool.query(sql`
+      alter table saml_application_sessions
+      alter column relay_state type varchar(256) using left(relay_state, 256)
+    `);
+  },
+};
+export default alteration;

package/alterations/1.35.0-1765631949-drop-redundant-logs-id-index.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+/**
+ * The `logs__id` index on (tenant_id, id) is redundant because:
+ * 1. `id` is already the primary key, which can efficiently lookup by id
+ * 2. `logs__created_at_id` index on (tenant_id, created_at, id) already covers tenant_id queries
+ *
+ * Removing this index reduces write IOPS during log deletion operations,
+ * as each DELETE no longer needs to update this redundant index.
+ */
+const alteration: AlterationScript = {
+  beforeUp: async (pool) => {
+    /**
+     * Use 'if exists' to ensure idempotency.
+     * 'concurrently' avoids table locks during index drop.
+     */
+    await pool.query(sql`
+      drop index concurrently if exists logs__id;
+    `);
+  },
+  up: async () => {
+    /**
+     * The index must be dropped outside of a transaction to avoid table locks.
+     * 'concurrently' cannot be used inside a transaction, so this up is intentionally left empty.
+     */
+  },
+  beforeDown: async (pool) => {
+    /**
+     * Recreate the index if rolling back.
+     * Use 'if not exists' to ensure idempotency.
+     */
+    await pool.query(sql`
+      create index concurrently if not exists logs__id
+      on logs (tenant_id, id);
+    `);
+  },
+  down: async () => {
+    /**
+     * The index must be created outside of a transaction to avoid table locks.
+     * 'concurrently' cannot be used inside a transaction, so this down is intentionally left empty.
+     */
+  },
+};
+export default alteration;

package/alterations/1.35.0-1766028646-grant-tenants-table-tag-column-read-permission.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { type CommonQueryMethods, sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const getDatabaseName = async (pool: CommonQueryMethods) => {
+  const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
+    select current_database();
+  `);
+  return currentDatabase.replaceAll('-', '_');
+};
+/**
+ * Grant read permission to the tag column in the tenants table to the logto_tenant_<databaseName> role.
+ */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const databaseName = await getDatabaseName(pool);
+    const baseRoleId = sql.identifier([`logto_tenant_${databaseName}`]);
+    await pool.query(sql`
+      grant select (tag)
+        on table tenants
+        to ${baseRoleId}
+    `);
+  },
+  down: async (pool) => {
+    const databaseName = await getDatabaseName(pool);
+    const baseRoleId = sql.identifier([`logto_tenant_${databaseName}`]);
+    await pool.query(sql`
+      revoke select (tag)
+        on table tenants
+        from ${baseRoleId}
+    `);
+  },
+};
+export default alteration;

package/alterations/1.36.0-1767193412-allow-token-exchange.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    /**
+     * For backward compatibility, set allowTokenExchange = true for existing first-party
+     * Traditional, Native, and SPA applications.
+     * M2M applications were never allowed to use token exchange before this feature.
+     *
+     * The admin-console should keep token exchange disabled, so we skip it here.
+     */
+    await pool.query(sql`
+      update applications
+        set custom_client_metadata = custom_client_metadata || '{"allowTokenExchange": true}'::jsonb
+        where is_third_party = false
+        and type in ('Traditional', 'Native', 'SPA')
+        and id != 'admin-console';
+    `);
+  },
+  down: async (pool) => {
+    // Remove allowTokenExchange only from applications that were updated in the `up` migration
+    await pool.query(sql`
+      update applications
+        set custom_client_metadata = custom_client_metadata - 'allowTokenExchange'
+        where is_third_party = false
+        and type in ('Traditional', 'Native', 'SPA')
+        and id != 'admin-console';
+    `);
+  },
+};
+export default alteration;

package/alterations/1.36.0-1767859553-passkey-sign-in.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column passkey_sign_in jsonb /* @use PasskeySignIn */ not null default '{}'::jsonb;
+      create index users_mfa_verifications_gin on users using gin (mfa_verifications jsonb_path_ops);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences drop column passkey_sign_in;
+      drop index users_mfa_verifications_gin;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.36.0-1768192304-enable-account-center-for-admin-tenant.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const adminTenantId = 'admin';
+/**
+ * Enable the account center for the admin tenant and set all fields to Edit.
+ * This allows the console profile page to use the Account API.
+ */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      update account_centers
+      set enabled = true,
+          fields = '{"name": "Edit", "avatar": "Edit", "profile": "Edit", "email": "Edit", "phone": "Edit", "password": "Edit", "username": "Edit", "social": "Edit", "customData": "Edit", "mfa": "Edit"}'::jsonb
+      where tenant_id = ${adminTenantId}
+        and id = 'default'
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      update account_centers
+      set enabled = false,
+          fields = '{}'::jsonb
+      where tenant_id = ${adminTenantId}
+        and id = 'default'
+    `);
+  },
+};
+export default alteration;

package/alterations/1.36.0-1768464306-enable-mfa-for-admin-tenant.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const adminTenantId = 'admin';
+/**
+ * Enable MFA (TOTP and WebAuthn) for the admin tenant with NoPrompt policy.
+ * This allows users to optionally set up MFA via the account center.
+ */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      update sign_in_experiences
+      set mfa = '{"factors":["Totp","WebAuthn","BackupCode"],"policy":"NoPrompt"}'::jsonb
+      where tenant_id = ${adminTenantId}
+        and id = 'default'
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      update sign_in_experiences
+      set mfa = '{"factors":[],"policy":"UserControlled"}'::jsonb
+      where tenant_id = ${adminTenantId}
+        and id = 'default'
+    `);
+  },
+};
+export default alteration;

package/alterations/1.36.0-1768758295-add-user-geo-location.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table user_geo_locations (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        user_id varchar(12) not null
+          references users (id) on update cascade on delete cascade,
+        latitude numeric(9,6),
+        longitude numeric(9,6),
+        updated_at timestamptz not null default now(),
+        primary key (tenant_id, user_id),
+        check ((latitude is null) = (longitude is null))
+      );
+    `);
+    await applyTableRls(pool, 'user_geo_locations');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'user_geo_locations');
+    await pool.query(sql`
+      drop table user_geo_locations;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.36.0-1768891516-add-user-sign-in-countries-table.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table user_sign_in_countries (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        user_id varchar(12) not null
+          references users (id) on update cascade on delete cascade,
+        country varchar(16) not null,
+        last_sign_in_at timestamptz not null default(now()),
+        primary key (tenant_id, user_id, country)
+      );
+      create index user_sign_in_countries__tenant_user_last_sign_in_at
+        on user_sign_in_countries (tenant_id, user_id, last_sign_in_at desc);
+    `);
+    await applyTableRls(pool, 'user_sign_in_countries');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'user_sign_in_countries');
+    await pool.query(sql`
+      drop table user_sign_in_countries;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.36.0-1769067642-add-adaptive-mfa-configuration.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column adaptive_mfa jsonb not null default '{}'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences drop column adaptive_mfa;
+    `);
+  },
+};
+export default alteration;

package/alterations/1.36.0-1769172677-enable-organization-mfa-policy-for-admin-tenant.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { sql } from '@silverhand/slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const adminTenantId = 'admin';
+/**
+ * Enable organization required MFA policy for the admin tenant.
+ * This allows tenant admins to require MFA for all tenant members
+ * by setting `isMfaRequired: true` on the organization.
+ */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      update sign_in_experiences
+      set mfa = jsonb_set(mfa, '{organizationRequiredMfaPolicy}', '"Mandatory"')
+      where tenant_id = ${adminTenantId}
+        and id = 'default'
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      update sign_in_experiences
+      set mfa = mfa - 'organizationRequiredMfaPolicy'
+      where tenant_id = ${adminTenantId}
+        and id = 'default'
+    `);
+  },
+};
+export default alteration;

package/alterations-js/1.35.0-1764580455-remove-daily-active-users-foreign-key.js ADDED Viewed

@@ -0,0 +1,57 @@
+import { sql } from '@silverhand/slonik';
+/**
+ * Remove foreign key constraint from daily_active_users table to allow
+ * historical billing data to persist even after tenant deletion.
+ * This supports the MAU-based billing system requirements.
+ *
+ * Index optimizations:
+ * 1. Removes redundant (tenant_id, id) index (id is already primary key)
+ * 2. Adds optimized index (tenant_id, date, user_id) for aggregation queries
+ * 3. Replaces problematic partial index with BRIN index
+ */
+const alteration = {
+    up: async (pool) => {
+        // Drop the existing foreign key constraint
+        await pool.query(sql `
+      alter table daily_active_users
+      drop constraint if exists daily_active_users_tenant_id_fkey
+    `);
+        // Remove the redundant (tenant_id, id) index since id is already primary key
+        await pool.query(sql `
+      drop index if exists daily_active_users__id
+    `);
+        // Add optimized index for aggregation queries with better write performance
+        await pool.query(sql `
+      create index daily_active_users__tenant_date_user
+      on daily_active_users (tenant_id, date, user_id)
+    `);
+        // Add BRIN index for time-series date range queries
+        // Optimized for sequential data insertion and range scans (date >= ?)
+        await pool.query(sql `
+      create index daily_active_users__date_brin
+      on daily_active_users using brin (date)
+    `);
+    },
+    down: async (pool) => {
+        // Drop the new indexes we created
+        await pool.query(sql `
+      drop index if exists daily_active_users__date_brin
+    `);
+        await pool.query(sql `
+      drop index if exists daily_active_users__tenant_date_user
+    `);
+        // Recreate the original redundant index
+        await pool.query(sql `
+      create index daily_active_users__id
+      on daily_active_users (tenant_id, id)
+    `);
+        // Recreate the foreign key constraint
+        await pool.query(sql `
+      alter table daily_active_users
+      add constraint daily_active_users_tenant_id_fkey
+      foreign key (tenant_id) references tenants(id)
+      on update cascade on delete cascade
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.35.0-1764580589-create-aggregated-daily-active-users-table.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+/**
+ * Create aggregated_daily_active_users table for MAU-based billing system.
+ * This table consolidates daily user activities for efficient billing calculations.
+ */
+const alteration = {
+    up: async (pool) => {
+        // Create the aggregated daily active users table
+        await pool.query(sql `
+      create table aggregated_daily_active_users (
+        tenant_id varchar(21) not null,
+        activity_date date not null,
+        user_id varchar(21) not null,
+        activity_count integer not null,
+        primary key (tenant_id, activity_date, user_id)
+      );
+    `);
+        // Index for billing cycle range queries
+        await pool.query(sql `
+      create index aggregated_daily_active_users__tenant_date
+        on aggregated_daily_active_users (tenant_id, activity_date);
+    `);
+        // Index for tenant-specific user activity queries
+        await pool.query(sql `
+      create index aggregated_daily_active_users__tenant_user_date
+        on aggregated_daily_active_users (tenant_id, user_id, activity_date desc);
+    `);
+        await applyTableRls(pool, 'aggregated_daily_active_users');
+    },
+    down: async (pool) => {
+        // Drop RLS policies first
+        await dropTableRls(pool, 'aggregated_daily_active_users');
+        // Drop the table and all its indexes
+        await pool.query(sql `
+      drop table aggregated_daily_active_users;
+    `);
+    },
+};
+export default alteration;