@logto/schemas 1.40.0 → 1.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/alterations/1.41.0-1779864280-add-password-expiration-policy.ts +23 -0
  2. package/alterations/1.41.0-1779864281-add-is-password-expired-to-users.ts +18 -0
  3. package/alterations/1.41.0-1780358400-drop-oidc-model-instances-legacy-grant-id-index.ts +25 -0
  4. package/alterations/1.41.0-1780381219-add-username-policy.ts +41 -0
  5. package/alterations/1.41.0-1780643665-set-sign-up-profile-fields-default.ts +20 -0
  6. package/alterations/1.41.0-1780906060-add-verification-code-policy.ts +19 -0
  7. package/alterations/1.41.0-1781689400-add-sentinel-activities-created-at-index.ts +25 -0
  8. package/alterations/1.41.0-1782354362-set-admin-account-center-profile-fields.ts +28 -0
  9. package/alterations/1.41.0-1782375106-cover-service-logs-tenant-type-index-with-created-at.ts +36 -0
  10. package/alterations-js/1.41.0-1779864280-add-password-expiration-policy.js +19 -0
  11. package/alterations-js/1.41.0-1779864281-add-is-password-expired-to-users.js +14 -0
  12. package/alterations-js/1.41.0-1780358400-drop-oidc-model-instances-legacy-grant-id-index.js +21 -0
  13. package/alterations-js/1.41.0-1780381219-add-username-policy.js +37 -0
  14. package/alterations-js/1.41.0-1780643665-set-sign-up-profile-fields-default.js +16 -0
  15. package/alterations-js/1.41.0-1780906060-add-verification-code-policy.js +15 -0
  16. package/alterations-js/1.41.0-1781689400-add-sentinel-activities-created-at-index.js +21 -0
  17. package/alterations-js/1.41.0-1782354362-set-admin-account-center-profile-fields.js +23 -0
  18. package/alterations-js/1.41.0-1782375106-cover-service-logs-tenant-type-index-with-created-at.js +32 -0
  19. package/lib/consts/experience.d.ts +2 -0
  20. package/lib/consts/experience.js +2 -0
  21. package/lib/consts/index.d.ts +2 -0
  22. package/lib/consts/index.js +2 -0
  23. package/lib/consts/message-rate-limit.d.ts +65 -0
  24. package/lib/consts/message-rate-limit.js +29 -0
  25. package/lib/consts/message-rate-limit.test.d.ts +1 -0
  26. package/lib/consts/message-rate-limit.test.js +20 -0
  27. package/lib/consts/verification-code.d.ts +10 -0
  28. package/lib/consts/verification-code.js +10 -0
  29. package/lib/db-entries/sign-in-experience.d.ts +10 -4
  30. package/lib/db-entries/sign-in-experience.js +13 -1
  31. package/lib/db-entries/user.d.ts +5 -1
  32. package/lib/db-entries/user.js +8 -0
  33. package/lib/foundations/jsonb-types/account-centers.d.ts +3 -0
  34. package/lib/foundations/jsonb-types/account-centers.js +1 -0
  35. package/lib/foundations/jsonb-types/hooks.d.ts +4 -4
  36. package/lib/foundations/jsonb-types/hooks.js +1 -0
  37. package/lib/foundations/jsonb-types/sentinel.d.ts +16 -1
  38. package/lib/foundations/jsonb-types/sentinel.js +15 -0
  39. package/lib/foundations/jsonb-types/sign-in-experience.d.ts +74 -2
  40. package/lib/foundations/jsonb-types/sign-in-experience.js +19 -0
  41. package/lib/foundations/jsonb-types/sign-in-experience.test.js +49 -1
  42. package/lib/foundations/jsonb-types/users.d.ts +9 -0
  43. package/lib/foundations/jsonb-types/users.js +1 -0
  44. package/lib/seeds/account-center.js +1 -0
  45. package/lib/seeds/sign-in-experience.js +1 -0
  46. package/lib/seeds/sign-in-experience.test.js +5 -1
  47. package/lib/types/consent.d.ts +8 -0
  48. package/lib/types/custom-profile-fields.d.ts +4 -0
  49. package/lib/types/hook.d.ts +2 -2
  50. package/lib/types/interactions.js +3 -1
  51. package/lib/types/logto-config/index.d.ts +69 -4
  52. package/lib/types/logto-config/index.js +12 -0
  53. package/lib/types/logto-config/index.test.js +25 -1
  54. package/lib/types/logto-config/inline-hook.d.ts +76 -0
  55. package/lib/types/logto-config/inline-hook.js +25 -0
  56. package/lib/types/logto-config/jwt-customizer.d.ts +133 -1
  57. package/lib/types/logto-config/jwt-customizer.js +14 -0
  58. package/lib/types/saml-application.d.ts +3 -0
  59. package/lib/types/saml-application.js +3 -0
  60. package/lib/types/sign-in-experience.d.ts +9 -0
  61. package/lib/types/ssr.d.ts +11 -0
  62. package/lib/types/user-assets.d.ts +10 -0
  63. package/lib/types/user-assets.js +17 -0
  64. package/lib/types/user-sessions.d.ts +231 -5
  65. package/lib/types/user-sessions.js +5 -0
  66. package/lib/types/user.d.ts +15 -0
  67. package/lib/types/user.js +1 -0
  68. package/package.json +8 -8
  69. package/tables/oidc_model_instances.sql +0 -8
  70. package/tables/sentinel_activities.sql +4 -0
  71. package/tables/service_logs.sql +2 -2
  72. package/tables/sign_in_experiences.sql +15 -2
  73. package/tables/users.sql +7 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@logto/schemas",
3
- "version": "1.40.0",
3
+ "version": "1.41.0",
4
4
  "author": "Silverhand Inc. <contact@silverhand.io>",
5
5
  "license": "MPL-2.0",
6
6
  "type": "module",
@@ -31,7 +31,7 @@
31
31
  "@types/inquirer": "^9.0.0",
32
32
  "@types/node": "^22.14.0",
33
33
  "@types/pluralize": "^0.0.33",
34
- "@vitest/coverage-v8": "^3.1.1",
34
+ "@vitest/coverage-v8": "^4.1.8",
35
35
  "camelcase": "^8.0.0",
36
36
  "chalk": "^5.3.0",
37
37
  "eslint": "^8.56.0",
@@ -40,7 +40,7 @@
40
40
  "prettier": "^3.5.3",
41
41
  "roarr": "^7.11.0",
42
42
  "typescript": "^5.5.3",
43
- "vitest": "^3.1.1"
43
+ "vitest": "^4.1.8"
44
44
  },
45
45
  "eslintConfig": {
46
46
  "extends": "@silverhand",
@@ -65,12 +65,12 @@
65
65
  "dependencies": {
66
66
  "@withtyped/server": "^0.14.0",
67
67
  "nanoid": "^5.0.9",
68
- "@logto/connector-kit": "^5.0.1",
68
+ "@logto/connector-kit": "^5.1.0",
69
69
  "@logto/language-kit": "^1.3.0",
70
- "@logto/core-kit": "^2.9.0",
71
- "@logto/phrases-experience": "^1.13.2",
72
- "@logto/phrases": "^1.28.0",
73
- "@logto/shared": "^3.4.0"
70
+ "@logto/phrases": "^1.29.0",
71
+ "@logto/core-kit": "^2.11.0",
72
+ "@logto/phrases-experience": "^1.14.0",
73
+ "@logto/shared": "^3.4.1"
74
74
  },
75
75
  "peerDependencies": {
76
76
  "zod": "3.24.3"
@@ -27,14 +27,6 @@ create index oidc_model_instances__model_name_payload_uid
27
27
  (payload->>'uid')
28
28
  );
29
29
 
30
- /* TODO: Consider dropping this full data index if the partial index proves to be effective and safe. */
31
- create index oidc_model_instances__model_name_payload_grant_id
32
- on oidc_model_instances (
33
- tenant_id,
34
- model_name,
35
- (payload->>'grantId')
36
- );
37
-
38
30
  create index oidc_model_instances__model_name_payload_grant_id_partial
39
31
  on oidc_model_instances (tenant_id, model_name, (payload->>'grantId'))
40
32
  where payload ? 'grantId';
@@ -33,3 +33,7 @@ create index sentinel_activities__target_type_target_hash
33
33
 
34
34
  create index sentinel_activities__target_type_target_hash_action_action_result_decision
35
35
  on sentinel_activities (tenant_id, target_type, target_hash, action, action_result, decision);
36
+
37
+ /** Supports the cross-tenant retention prune of stale activity rows by age. */
38
+ create index sentinel_activities__created_at
39
+ on sentinel_activities (created_at);
@@ -10,7 +10,7 @@ create table service_logs (
10
10
  create index service_logs__id
11
11
  on service_logs (id);
12
12
 
13
- create index service_logs__tenant_id__type
14
- on service_logs (tenant_id, type);
13
+ create index service_logs__tenant_id__type__created_at
14
+ on service_logs (tenant_id, type, created_at);
15
15
 
16
16
  /* no_after_each */
@@ -32,9 +32,22 @@ create table sign_in_experiences (
32
32
  captcha_policy jsonb /* @use CaptchaPolicy */ not null default '{}'::jsonb,
33
33
  sentinel_policy jsonb /* @use SentinelPolicy */ not null default '{}'::jsonb,
34
34
  email_blocklist_policy jsonb /* @use EmailBlocklistPolicy */ not null default '{}'::jsonb,
35
+ verification_code_policy jsonb /* @use VerificationCodePolicy */ not null default '{}'::jsonb,
35
36
  forgot_password_methods jsonb /* @use ForgotPasswordMethods */ default '[]'::jsonb,
36
37
  passkey_sign_in jsonb /* @use PasskeySignIn */ not null default '{}'::jsonb,
37
- /** Nullable by design: null keeps legacy full-catalog behavior and [] collects no custom profile fields. */
38
- sign_up_profile_fields jsonb /* @use SignUpProfileFields */,
38
+ /** Nullable by design: null keeps legacy full-catalog behavior, and new rows default to [] to collect no custom profile fields. */
39
+ sign_up_profile_fields jsonb /* @use SignUpProfileFields */ default '[]'::jsonb,
40
+ password_expiration jsonb /* @use PasswordExpirationPolicy */ not null default '{}'::jsonb,
41
+ username_policy jsonb /* @use UsernamePolicy */ not null default ('{
42
+ "caseSensitive": true,
43
+ "minLength": 1,
44
+ "maxLength": 128,
45
+ "allowedChars": {
46
+ "lowercase": true,
47
+ "uppercase": true,
48
+ "numbers": true,
49
+ "underscore": true
50
+ }
51
+ }'::jsonb),
39
52
  primary key (tenant_id, id)
40
53
  );
package/tables/users.sql CHANGED
@@ -22,7 +22,9 @@ create table users (
22
22
  logto_config jsonb /* @use JsonObject */ not null default '{}'::jsonb,
23
23
  mfa_verifications jsonb /* @use MfaVerifications */ not null default '[]'::jsonb,
24
24
  is_suspended boolean not null default false,
25
+ is_password_expired boolean not null default false,
25
26
  last_sign_in_at timestamptz,
27
+ password_updated_at timestamptz,
26
28
  created_at timestamptz not null default (now()),
27
29
  updated_at timestamptz not null default (now()),
28
30
  primary key (id),
@@ -44,6 +46,11 @@ create index users__name
44
46
  create index users_mfa_verifications_gin
45
47
  on users using gin (mfa_verifications jsonb_path_ops);
46
48
 
49
+ /* Supports case-insensitive username lookups and case-flip conflict detection. */
50
+ create index users__tenant_lower_username
51
+ on users (tenant_id, lower(username))
52
+ where username is not null;
53
+
47
54
  create trigger set_updated_at
48
55
  before update on users
49
56
  for each row