@logto/schemas 1.39.0 → 1.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/alterations/1.40.0-1776516232-add-account-center-profile-fields.ts +20 -0
  2. package/alterations/1.40.0-1778318116-add-custom-ui-csp-to-sie.ts +20 -0
  3. package/alterations/1.40.0-1778500000-add-organization-user-relations-user-id-index.ts +41 -0
  4. package/alterations/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.ts +43 -0
  5. package/alterations/1.40.0-1779421396-add-application-access-control-schema.ts +90 -0
  6. package/alterations-js/1.40.0-1776516232-add-account-center-profile-fields.js +16 -0
  7. package/alterations-js/1.40.0-1778318116-add-custom-ui-csp-to-sie.js +16 -0
  8. package/alterations-js/1.40.0-1778500000-add-organization-user-relations-user-id-index.js +37 -0
  9. package/alterations-js/1.40.0-1778500001-add-organization-role-user-relations-org-user-index.js +39 -0
  10. package/alterations-js/1.40.0-1779421396-add-application-access-control-schema.js +82 -0
  11. package/lib/consts/application.d.ts +1 -0
  12. package/lib/consts/application.js +1 -0
  13. package/lib/consts/index.d.ts +1 -0
  14. package/lib/consts/index.js +1 -0
  15. package/lib/db-entries/account-center.d.ts +6 -2
  16. package/lib/db-entries/account-center.js +5 -1
  17. package/lib/db-entries/application-access-control-org-role-relation.d.ts +22 -0
  18. package/lib/db-entries/application-access-control-org-role-relation.js +33 -0
  19. package/lib/db-entries/application-access-control-organization-relation.d.ts +20 -0
  20. package/lib/db-entries/application-access-control-organization-relation.js +29 -0
  21. package/lib/db-entries/application-access-control-user-relation.d.ts +20 -0
  22. package/lib/db-entries/application-access-control-user-relation.js +29 -0
  23. package/lib/db-entries/application-access-control-user-role-relation.d.ts +20 -0
  24. package/lib/db-entries/application-access-control-user-role-relation.js +29 -0
  25. package/lib/db-entries/application.d.ts +3 -1
  26. package/lib/db-entries/application.js +4 -0
  27. package/lib/db-entries/index.d.ts +4 -0
  28. package/lib/db-entries/index.js +4 -0
  29. package/lib/db-entries/sign-in-experience.d.ts +4 -2
  30. package/lib/db-entries/sign-in-experience.js +5 -1
  31. package/lib/foundations/jsonb-types/account-centers.d.ts +26 -0
  32. package/lib/foundations/jsonb-types/account-centers.js +4 -0
  33. package/lib/foundations/jsonb-types/applications.d.ts +3 -0
  34. package/lib/foundations/jsonb-types/applications.js +4 -0
  35. package/lib/foundations/jsonb-types/applications.test.d.ts +1 -0
  36. package/lib/foundations/jsonb-types/applications.test.js +23 -0
  37. package/lib/foundations/jsonb-types/sign-in-experience.d.ts +1 -1
  38. package/lib/foundations/jsonb-types/sign-in-experience.js +1 -0
  39. package/lib/foundations/jsonb-types/sign-in-experience.test.d.ts +1 -0
  40. package/lib/foundations/jsonb-types/sign-in-experience.test.js +18 -0
  41. package/lib/seeds/application.js +2 -0
  42. package/lib/seeds/sign-in-experience.d.ts +13 -1
  43. package/lib/seeds/sign-in-experience.js +10 -1
  44. package/lib/seeds/sign-in-experience.test.d.ts +1 -0
  45. package/lib/seeds/sign-in-experience.test.js +27 -0
  46. package/lib/types/application.d.ts +99 -0
  47. package/lib/types/application.js +55 -0
  48. package/lib/types/application.test.d.ts +1 -0
  49. package/lib/types/application.test.js +120 -0
  50. package/lib/types/consent.d.ts +6 -0
  51. package/lib/types/logto-config/index.d.ts +38 -0
  52. package/lib/types/logto-config/jwt-customizer.d.ts +65 -0
  53. package/lib/types/saml-application.d.ts +3 -0
  54. package/lib/types/sign-in-experience.d.ts +14 -0
  55. package/lib/types/sign-in-experience.js +1 -0
  56. package/lib/types/system.d.ts +46 -7
  57. package/lib/types/system.js +9 -0
  58. package/lib/types/user-assets.d.ts +1 -1
  59. package/lib/types/user-sessions.d.ts +2516 -0
  60. package/lib/types/user-sessions.js +21 -0
  61. package/package.json +4 -4
  62. package/tables/account_centers.sql +2 -0
  63. package/tables/application_access_control_org_role_relations.sql +16 -0
  64. package/tables/application_access_control_organization_relations.sql +12 -0
  65. package/tables/application_access_control_user_relations.sql +12 -0
  66. package/tables/application_access_control_user_role_relations.sql +14 -0
  67. package/tables/applications.sql +1 -0
  68. package/tables/organization_role_user_relations.sql +3 -0
  69. package/tables/organization_user_relations.sql +3 -0
  70. package/tables/sign_in_experiences.sql +1 -0
@@ -35,6 +35,27 @@ export const getUserSessionsResponseGuard = z.object({
35
35
  sessions: z.array(userExtendedSessionGuard),
36
36
  });
37
37
  export const getUserSessionResponseGuard = userExtendedSessionGuard;
38
+ /**
39
+ * Account-API-specific extension of `userExtendedSessionGuard`.
40
+ *
41
+ * Adds `isCurrent` so a caller that has its own OIDC session uid (i.e. the Account API)
42
+ * can mark which entry in the list is the session backing the request. Kept separate
43
+ * from `userExtendedSessionGuard` because the management/admin endpoints have no
44
+ * "current session" concept and shouldn't surface this field in their contracts.
45
+ */
46
+ export const accountUserExtendedSessionGuard = userExtendedSessionGuard.extend({
47
+ /**
48
+ * `true` for the entry whose `payload.uid` matches the calling session, `false` for
49
+ * the others. At most one entry is `true` per response. Zero entries are tagged when
50
+ * the calling access token has no matching session uid — for example, the caller has
51
+ * revoked its own session but the token has not yet expired, or the token was issued
52
+ * from a non-session-backed grant.
53
+ */
54
+ isCurrent: z.boolean(),
55
+ });
56
+ export const getAccountUserSessionsResponseGuard = z.object({
57
+ sessions: z.array(accountUserExtendedSessionGuard),
58
+ });
38
59
  export const userApplicationGrantPayloadGuard = z
39
60
  .object({
40
61
  /** Expiration time of the grant in seconds since the epoch */
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@logto/schemas",
3
- "version": "1.39.0",
3
+ "version": "1.40.0",
4
4
  "author": "Silverhand Inc. <contact@silverhand.io>",
5
5
  "license": "MPL-2.0",
6
6
  "type": "module",
@@ -65,11 +65,11 @@
65
65
  "dependencies": {
66
66
  "@withtyped/server": "^0.14.0",
67
67
  "nanoid": "^5.0.9",
68
+ "@logto/connector-kit": "^5.0.1",
69
+ "@logto/language-kit": "^1.3.0",
68
70
  "@logto/core-kit": "^2.9.0",
69
- "@logto/connector-kit": "^5.0.0",
71
+ "@logto/phrases-experience": "^1.13.2",
70
72
  "@logto/phrases": "^1.28.0",
71
- "@logto/language-kit": "^1.3.0",
72
- "@logto/phrases-experience": "^1.13.1",
73
73
  "@logto/shared": "^3.4.0"
74
74
  },
75
75
  "peerDependencies": {
@@ -11,5 +11,7 @@ create table account_centers (
11
11
  delete_account_url varchar(2048),
12
12
  /** User-defined custom CSS for the account center */
13
13
  custom_css text,
14
+ /** Ordered list of custom profile fields to show in the prebuilt account center */
15
+ profile_fields jsonb /* @use AccountCenterProfileFields */,
14
16
  primary key (tenant_id, id)
15
17
  );
@@ -0,0 +1,16 @@
1
+ /* init_order = 2 */
2
+
3
+ /** The organization role allow relations for application-level access control. */
4
+ create table application_access_control_org_role_relations (
5
+ tenant_id varchar(21) not null
6
+ references tenants (id) on update cascade on delete cascade,
7
+ application_id varchar(21) not null
8
+ references applications (id) on update cascade on delete cascade,
9
+ organization_id varchar(21) not null
10
+ references organizations (id) on update cascade on delete cascade,
11
+ organization_role_id varchar(21) not null
12
+ references organization_roles (id) on update cascade on delete cascade,
13
+ primary key (tenant_id, application_id, organization_id, organization_role_id),
14
+ constraint application_access_control_org_role_relations__role_type
15
+ check (check_organization_role_type(organization_role_id, 'User'))
16
+ );
@@ -0,0 +1,12 @@
1
+ /* init_order = 2 */
2
+
3
+ /** The organization membership allow relations for application-level access control. */
4
+ create table application_access_control_organization_relations (
5
+ tenant_id varchar(21) not null
6
+ references tenants (id) on update cascade on delete cascade,
7
+ application_id varchar(21) not null
8
+ references applications (id) on update cascade on delete cascade,
9
+ organization_id varchar(21) not null
10
+ references organizations (id) on update cascade on delete cascade,
11
+ primary key (tenant_id, application_id, organization_id)
12
+ );
@@ -0,0 +1,12 @@
1
+ /* init_order = 2 */
2
+
3
+ /** The direct user allow relations for application-level access control. */
4
+ create table application_access_control_user_relations (
5
+ tenant_id varchar(21) not null
6
+ references tenants (id) on update cascade on delete cascade,
7
+ application_id varchar(21) not null
8
+ references applications (id) on update cascade on delete cascade,
9
+ user_id varchar(21) not null
10
+ references users (id) on update cascade on delete cascade,
11
+ primary key (tenant_id, application_id, user_id)
12
+ );
@@ -0,0 +1,14 @@
1
+ /* init_order = 2 */
2
+
3
+ /** The user role allow relations for application-level access control. */
4
+ create table application_access_control_user_role_relations (
5
+ tenant_id varchar(21) not null
6
+ references tenants (id) on update cascade on delete cascade,
7
+ application_id varchar(21) not null
8
+ references applications (id) on update cascade on delete cascade,
9
+ role_id varchar(21) not null
10
+ references roles (id) on update cascade on delete cascade,
11
+ primary key (tenant_id, application_id, role_id),
12
+ constraint application_access_control_user_role_relations__role_type
13
+ check (public.check_role_type(role_id, 'User'))
14
+ );
@@ -16,6 +16,7 @@ create table applications (
16
16
  protected_app_metadata jsonb /* @use ProtectedAppMetadata */,
17
17
  custom_data jsonb /* @use JsonObject */ not null default '{}'::jsonb,
18
18
  is_third_party boolean not null default false,
19
+ app_level_access_control_enabled boolean not null default false,
19
20
  created_at timestamptz not null default(now()),
20
21
  primary key (id)
21
22
  );
@@ -16,3 +16,6 @@ create table organization_role_user_relations (
16
16
  constraint organization_role_user_relations__role_type
17
17
  check (check_organization_role_type(organization_role_id, 'User'))
18
18
  );
19
+
20
+ create index organization_role_user_relations__tenant_id_org_id_user_id
21
+ on organization_role_user_relations (tenant_id, organization_id, user_id);
@@ -13,3 +13,6 @@ create table organization_user_relations (
13
13
  foreign key (tenant_id, user_id)
14
14
  references users (tenant_id, id) on update cascade on delete cascade
15
15
  );
16
+
17
+ create index organization_user_relations__tenant_id_user_id
18
+ on organization_user_relations (tenant_id, user_id);
@@ -21,6 +21,7 @@ create table sign_in_experiences (
21
21
  custom_css text,
22
22
  custom_content jsonb /* @use CustomContent */ not null default '{}'::jsonb,
23
23
  custom_ui_assets jsonb /* @use CustomUiAssets */,
24
+ custom_ui_csp jsonb /* @use CustomUiCsp */ not null default '{}'::jsonb,
24
25
  password_policy jsonb /* @use PartialPasswordPolicy */ not null default '{}'::jsonb,
25
26
  mfa jsonb /* @use Mfa */ not null default '{}'::jsonb,
26
27
  adaptive_mfa jsonb /* @use AdaptiveMfa */ not null default '{}'::jsonb,