@logto/schemas 1.5.0 → 1.6.0

package/alterations/1.6.0-1685691718-domain-unique.ts

@@ -0,0 +1,20 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (tenant_id, domain);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (domain);
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.6.0-1685691718-domain-unique.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.6.0-1685691718-domain-unique.js

@@ -0,0 +1,16 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (tenant_id, domain);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (domain);
+    `);
+    },
+};
+export default alteration;

package/lib/consts/date.d.ts

@@ -0,0 +1,5 @@
+export declare const inSeconds: Readonly<{
+    oneMinute: 60;
+    oneHour: number;
+    oneDay: number;
+}>;

package/lib/consts/date.js

@@ -0,0 +1 @@
+export const inSeconds = Object.freeze({ oneMinute: 60, oneHour: 60 * 60, oneDay: 24 * 60 * 60 });

package/lib/consts/index.d.ts

@@ -1,3 +1,4 @@
 export * from './cookie.js';
 export * from './system.js';
 export * from './oidc.js';
+export * from './date.js';

package/lib/consts/index.js

@@ -1,3 +1,4 @@
 export * from './cookie.js';
 export * from './system.js';
 export * from './oidc.js';
+export * from './date.js';

package/lib/consts/oidc.d.ts

@@ -1 +1,6 @@
 export declare const tenantIdKey = "tenant_id";
+export declare const customClientMetadataDefault: Readonly<{
+    readonly idTokenTtl: number;
+    readonly refreshTokenTtlInDays: 14;
+    readonly rotateRefreshToken: true;
+}>;

package/lib/consts/oidc.js

@@ -1 +1,7 @@
+import { inSeconds } from './date.js';
 export const tenantIdKey = 'tenant_id';
+export const customClientMetadataDefault = Object.freeze({
+    idTokenTtl: inSeconds.oneHour,
+    refreshTokenTtlInDays: 14,
+    rotateRefreshToken: true,
+});

package/lib/db-entries/domain.d.ts

@@ -1,9 +1,9 @@
-import { DomainDnsRecords, CloudflareData, GeneratedSchema } from './../foundations/index.js';
+import { DomainStatus, DomainDnsRecords, CloudflareData, GeneratedSchema } from './../foundations/index.js';
 export type CreateDomain = {
     tenantId?: string;
     id: string;
     domain: string;
-    status?: string;
+    status?: DomainStatus;
     errorMessage?: string | null;
     dnsRecords?: DomainDnsRecords;
     cloudflareData?: CloudflareData | null;
@@ -14,7 +14,7 @@ export type Domain = {
     tenantId: string;
     id: string;
     domain: string;
-    status: string;
+    status: DomainStatus;
     errorMessage: string | null;
     dnsRecords: DomainDnsRecords;
     cloudflareData: CloudflareData | null;

package/lib/db-entries/domain.js

@@ -1,11 +1,11 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
-import { domainDnsRecordsGuard, cloudflareDataGuard } from './../foundations/index.js';
+import { domainStatusGuard, domainDnsRecordsGuard, cloudflareDataGuard } from './../foundations/index.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
     id: z.string().min(1).max(21),
     domain: z.string().min(1).max(256),
-    status: z.string().min(1).max(32).optional(),
+    status: domainStatusGuard.optional(),
     errorMessage: z.string().max(1024).nullable().optional(),
     dnsRecords: domainDnsRecordsGuard.optional(),
     cloudflareData: cloudflareDataGuard.nullable().optional(),
@@ -16,7 +16,7 @@ const guard = z.object({
     tenantId: z.string().max(21),
     id: z.string().min(1).max(21),
     domain: z.string().min(1).max(256),
-    status: z.string().max(32),
+    status: domainStatusGuard,
     errorMessage: z.string().max(1024).nullable(),
     dnsRecords: domainDnsRecordsGuard,
     cloudflareData: cloudflareDataGuard.nullable(),

package/lib/foundations/jsonb-types.d.ts

@@ -40,7 +40,9 @@ export type OidcClientMetadata = z.infer<typeof oidcClientMetadataGuard>;
 export declare enum CustomClientMetadataKey {
     CorsAllowedOrigins = "corsAllowedOrigins",
     IdTokenTtl = "idTokenTtl",
+    /** @deprecated Use {@link RefreshTokenTtlInDays} instead. */
     RefreshTokenTtl = "refreshTokenTtl",
+    RefreshTokenTtlInDays = "refreshTokenTtlInDays",
     TenantId = "tenantId",
     /**
      * Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request.
@@ -49,26 +51,38 @@ export declare enum CustomClientMetadataKey {
      *
      * This config is for the third-party integrations that do not strictly follow OpenID Connect standards due to some reasons (e.g. they only know OAuth, but requires a Refresh Token to be returned anyway).
      */
-    AlwaysIssueRefreshToken = "alwaysIssueRefreshToken"
+    AlwaysIssueRefreshToken = "alwaysIssueRefreshToken",
+    /**
+     * When enabled (default), Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed.
+     *
+     * It can be turned off for only traditional web apps for enhanced security.
+     */
+    RotateRefreshToken = "rotateRefreshToken"
 }
 export declare const customClientMetadataGuard: z.ZodObject<{
     corsAllowedOrigins: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     idTokenTtl: z.ZodOptional<z.ZodNumber>;
     refreshTokenTtl: z.ZodOptional<z.ZodNumber>;
+    refreshTokenTtlInDays: z.ZodOptional<z.ZodNumber>;
     tenantId: z.ZodOptional<z.ZodString>;
     alwaysIssueRefreshToken: z.ZodOptional<z.ZodBoolean>;
+    rotateRefreshToken: z.ZodOptional<z.ZodBoolean>;
 }, "strip", z.ZodTypeAny, {
     corsAllowedOrigins?: string[] | undefined;
     idTokenTtl?: number | undefined;
     refreshTokenTtl?: number | undefined;
+    refreshTokenTtlInDays?: number | undefined;
     tenantId?: string | undefined;
     alwaysIssueRefreshToken?: boolean | undefined;
+    rotateRefreshToken?: boolean | undefined;
 }, {
     corsAllowedOrigins?: string[] | undefined;
     idTokenTtl?: number | undefined;
     refreshTokenTtl?: number | undefined;
+    refreshTokenTtlInDays?: number | undefined;
     tenantId?: string | undefined;
     alwaysIssueRefreshToken?: boolean | undefined;
+    rotateRefreshToken?: boolean | undefined;
 }>;
 /**
  * @see {@link CustomClientMetadataKey} for key descriptions.
@@ -301,8 +315,6 @@ export declare const cloudflareDataGuard: z.ZodObject<{
     status: z.ZodString;
     ssl: z.ZodObject<{
         status: z.ZodString;
-        txt_name: z.ZodOptional<z.ZodString>;
-        txt_value: z.ZodOptional<z.ZodString>;
         validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
             message: z.ZodString;
         }, "strip", z.ZodUnknown, {
@@ -314,8 +326,6 @@ export declare const cloudflareDataGuard: z.ZodObject<{
         }>, "many">>;
     }, "strip", z.ZodUnknown, {
         [x: string]: unknown;
-        txt_name?: string | undefined;
-        txt_value?: string | undefined;
         validation_errors?: {
             [x: string]: unknown;
             message: string;
@@ -323,45 +333,20 @@ export declare const cloudflareDataGuard: z.ZodObject<{
         status: string;
     }, {
         [x: string]: unknown;
-        txt_name?: string | undefined;
-        txt_value?: string | undefined;
         validation_errors?: {
             [x: string]: unknown;
             message: string;
         }[] | undefined;
         status: string;
     }>;
-    ownership_verification: z.ZodOptional<z.ZodObject<{
-        name: z.ZodString;
-        type: z.ZodString;
-        value: z.ZodString;
-    }, "strip", z.ZodUnknown, {
-        [x: string]: unknown;
-        type: string;
-        value: string;
-        name: string;
-    }, {
-        [x: string]: unknown;
-        type: string;
-        value: string;
-        name: string;
-    }>>;
     verification_errors: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
 }, "strip", z.ZodUnknown, {
     [x: string]: unknown;
-    ownership_verification?: {
-        [x: string]: unknown;
-        type: string;
-        value: string;
-        name: string;
-    } | undefined;
     verification_errors?: string[] | undefined;
     status: string;
     id: string;
     ssl: {
         [x: string]: unknown;
-        txt_name?: string | undefined;
-        txt_value?: string | undefined;
         validation_errors?: {
             [x: string]: unknown;
             message: string;
@@ -370,19 +355,11 @@ export declare const cloudflareDataGuard: z.ZodObject<{
     };
 }, {
     [x: string]: unknown;
-    ownership_verification?: {
-        [x: string]: unknown;
-        type: string;
-        value: string;
-        name: string;
-    } | undefined;
     verification_errors?: string[] | undefined;
     status: string;
     id: string;
     ssl: {
         [x: string]: unknown;
-        txt_name?: string | undefined;
-        txt_value?: string | undefined;
         validation_errors?: {
             [x: string]: unknown;
             message: string;
@@ -391,3 +368,10 @@ export declare const cloudflareDataGuard: z.ZodObject<{
     };
 }>;
 export type CloudflareData = z.infer<typeof cloudflareDataGuard>;
+export declare enum DomainStatus {
+    PendingVerification = "PendingVerification",
+    PendingSsl = "PendingSsl",
+    Active = "Active",
+    Error = "Error"
+}
+export declare const domainStatusGuard: z.ZodNativeEnum<typeof DomainStatus>;

package/lib/foundations/jsonb-types.js

@@ -45,7 +45,9 @@ export var CustomClientMetadataKey;
 (function (CustomClientMetadataKey) {
     CustomClientMetadataKey["CorsAllowedOrigins"] = "corsAllowedOrigins";
     CustomClientMetadataKey["IdTokenTtl"] = "idTokenTtl";
+    /** @deprecated Use {@link RefreshTokenTtlInDays} instead. */
     CustomClientMetadataKey["RefreshTokenTtl"] = "refreshTokenTtl";
+    CustomClientMetadataKey["RefreshTokenTtlInDays"] = "refreshTokenTtlInDays";
     CustomClientMetadataKey["TenantId"] = "tenantId";
     /**
      * Enabling this configuration will allow Logto to always issue Refresh Tokens, regardless of whether `prompt=consent` is presented in the authentication request.
@@ -55,13 +57,21 @@ export var CustomClientMetadataKey;
      * This config is for the third-party integrations that do not strictly follow OpenID Connect standards due to some reasons (e.g. they only know OAuth, but requires a Refresh Token to be returned anyway).
      */
     CustomClientMetadataKey["AlwaysIssueRefreshToken"] = "alwaysIssueRefreshToken";
+    /**
+     * When enabled (default), Logto will issue a new Refresh Token for token requests when 70% of the original Time to Live (TTL) has passed.
+     *
+     * It can be turned off for only traditional web apps for enhanced security.
+     */
+    CustomClientMetadataKey["RotateRefreshToken"] = "rotateRefreshToken";
 })(CustomClientMetadataKey || (CustomClientMetadataKey = {}));
 export const customClientMetadataGuard = z.object({
     [CustomClientMetadataKey.CorsAllowedOrigins]: z.string().url().array().optional(),
     [CustomClientMetadataKey.IdTokenTtl]: z.number().optional(),
     [CustomClientMetadataKey.RefreshTokenTtl]: z.number().optional(),
+    [CustomClientMetadataKey.RefreshTokenTtlInDays]: z.number().int().min(1).max(90).optional(),
     [CustomClientMetadataKey.TenantId]: z.string().optional(),
     [CustomClientMetadataKey.AlwaysIssueRefreshToken]: z.boolean().optional(),
+    [CustomClientMetadataKey.RotateRefreshToken]: z.boolean().optional(),
 });
 /* === Users === */
 export const roleNamesGuard = z.string().array();
@@ -166,8 +176,6 @@ export const cloudflareDataGuard = z
     ssl: z
         .object({
         status: z.string(),
-        txt_name: z.string().optional(),
-        txt_value: z.string().optional(),
         validation_errors: z
             .object({
             message: z.string(),
@@ -177,7 +185,14 @@ export const cloudflareDataGuard = z
             .optional(),
     })
         .catchall(z.unknown()),
-    ownership_verification: domainDnsRecordGuard.catchall(z.unknown()).optional(),
     verification_errors: z.string().array().optional(),
 })
     .catchall(z.unknown());
+export var DomainStatus;
+(function (DomainStatus) {
+    DomainStatus["PendingVerification"] = "PendingVerification";
+    DomainStatus["PendingSsl"] = "PendingSsl";
+    DomainStatus["Active"] = "Active";
+    DomainStatus["Error"] = "Error";
+})(DomainStatus || (DomainStatus = {}));
+export const domainStatusGuard = z.nativeEnum(DomainStatus);

package/lib/models/tenants.d.ts

@@ -1,8 +1,20 @@
-export declare const Tenants: import("@withtyped/server").Model<"tenants", {
+import type { InferModelType } from '@withtyped/server/model';
+import { z } from 'zod';
+export declare enum TenantTag {
+    Development = "development",
+    Staging = "staging",
+    Production = "production"
+}
+export declare const Tenants: import("@withtyped/server/model").default<"tenants", {
     id: string;
     dbUser: string | null;
     dbUserPassword: string | null;
     name: string;
-    tag: string;
+    tag: TenantTag;
     createdAt: Date;
-}, "name" | "createdAt" | "tag", never>;
+}, "name" | "createdAt" | "tag", "createdAt">;
+export type TenantModel = InferModelType<typeof Tenants>;
+export type TenantInfo = Pick<TenantModel, 'id' | 'name' | 'tag'> & {
+    indicator: string;
+};
+export declare const tenantInfoGuard: z.ZodType<TenantInfo>;

package/lib/models/tenants.js

@@ -1,5 +1,11 @@
-import { createModel } from '@withtyped/server';
-import { TenantTag } from '../index.js';
+import { createModel } from '@withtyped/server/model';
+import { z } from 'zod';
+export var TenantTag;
+(function (TenantTag) {
+    TenantTag["Development"] = "development";
+    TenantTag["Staging"] = "staging";
+    TenantTag["Production"] = "production";
+})(TenantTag || (TenantTag = {}));
 export const Tenants = createModel(/* sql */ `
   /* init_order = 0 */
   create table tenants (
@@ -14,4 +20,9 @@ export const Tenants = createModel(/* sql */ `
       unique (db_user)
   );
   /* no_after_each */
-`);
+`)
+    .extend('tag', z.nativeEnum(TenantTag))
+    .extend('createdAt', { readonly: true });
+export const tenantInfoGuard = Tenants.guard('model')
+    .pick({ id: true, name: true, tag: true })
+    .extend({ indicator: z.string() });

package/lib/seeds/tenant.d.ts

@@ -1,5 +1,3 @@
-import type { InferModelType } from '@withtyped/server';
-import type { Tenants } from '../models/tenants.js';
+export type { TenantModel } from '../models/tenants.js';
 export declare const defaultTenantId = "default";
 export declare const adminTenantId = "admin";
-export type TenantModel = InferModelType<typeof Tenants>;

package/lib/types/connector.d.ts

@@ -899,6 +899,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
 }>, {
     type: z.ZodNativeEnum<typeof ConnectorType>;
     isDemo: z.ZodOptional<z.ZodBoolean>;
+    extraInfo: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }>, "strip", z.ZodTypeAny, {
     isStandard?: boolean | undefined;
     configTemplate?: string | undefined;
@@ -936,6 +937,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
         label: string;
     })[] | undefined;
     isDemo?: boolean | undefined;
+    extraInfo?: Record<string, unknown> | undefined;
     type: ConnectorType;
     name: {
         en: string;
@@ -1366,6 +1368,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
         label: string;
     })[] | undefined;
     isDemo?: boolean | undefined;
+    extraInfo?: Record<string, unknown> | undefined;
     type: ConnectorType;
     name: {
         en: string;

package/lib/types/connector.js

@@ -14,6 +14,7 @@ export const connectorResponseGuard = Connectors.guard
     .merge(z.object({
     type: z.nativeEnum(ConnectorType),
     isDemo: z.boolean().optional(),
+    extraInfo: z.record(z.unknown()).optional(),
 }));
 export const connectorFactoryResponseGuard = z
     .object({

package/lib/types/domain.d.ts

@@ -4,7 +4,7 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
     tenantId: z.ZodType<string, z.ZodTypeDef, string>;
     id: z.ZodType<string, z.ZodTypeDef, string>;
     domain: z.ZodType<string, z.ZodTypeDef, string>;
-    status: z.ZodType<string, z.ZodTypeDef, string>;
+    status: z.ZodType<import("../index.js").DomainStatus, z.ZodTypeDef, import("../index.js").DomainStatus>;
     errorMessage: z.ZodType<string | null, z.ZodTypeDef, string | null>;
     dnsRecords: z.ZodType<{
         type: string;
@@ -17,19 +17,11 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
     }[]>;
     cloudflareData: z.ZodType<{
         [x: string]: unknown;
-        ownership_verification?: {
-            [x: string]: unknown;
-            type: string;
-            value: string;
-            name: string;
-        } | undefined;
         verification_errors?: string[] | undefined;
         status: string;
         id: string;
         ssl: {
             [x: string]: unknown;
-            txt_name?: string | undefined;
-            txt_value?: string | undefined;
             validation_errors?: {
                 [x: string]: unknown;
                 message: string;
@@ -38,19 +30,11 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
         };
     } | null, z.ZodTypeDef, {
         [x: string]: unknown;
-        ownership_verification?: {
-            [x: string]: unknown;
-            type: string;
-            value: string;
-            name: string;
-        } | undefined;
         verification_errors?: string[] | undefined;
         status: string;
         id: string;
         ssl: {
             [x: string]: unknown;
-            txt_name?: string | undefined;
-            txt_value?: string | undefined;
             validation_errors?: {
                 [x: string]: unknown;
                 message: string;
@@ -61,7 +45,7 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
     updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
     createdAt: z.ZodType<number, z.ZodTypeDef, number>;
 }, "status" | "id" | "domain" | "errorMessage" | "dnsRecords">, "strip", z.ZodTypeAny, {
-    status: string;
+    status: import("../index.js").DomainStatus;
     id: string;
     domain: string;
     errorMessage: string | null;
@@ -71,7 +55,7 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
         name: string;
     }[];
 }, {
-    status: string;
+    status: import("../index.js").DomainStatus;
     id: string;
     domain: string;
     errorMessage: string | null;
@@ -82,9 +66,3 @@ export declare const domainResponseGuard: z.ZodObject<Pick<{
     }[];
 }>;
 export type DomainResponse = z.infer<typeof domainResponseGuard>;
-export declare enum DomainStatus {
-    PendingVerification = "PendingVerification",
-    PendingSsl = "PendingSsl",
-    Active = "Active",
-    Error = "Error"
-}

package/lib/types/domain.js

@@ -13,10 +13,3 @@ export const domainResponseGuard = Domains.guard.pick({
     errorMessage: true,
     dnsRecords: true,
 });
-export var DomainStatus;
-(function (DomainStatus) {
-    DomainStatus["PendingVerification"] = "PendingVerification";
-    DomainStatus["PendingSsl"] = "PendingSsl";
-    DomainStatus["Active"] = "Active";
-    DomainStatus["Error"] = "Error";
-})(DomainStatus || (DomainStatus = {}));

package/lib/types/index.d.ts

@@ -11,7 +11,6 @@ export * from './role.js';
 export * from './verification-code.js';
 export * from './application.js';
 export * from './system.js';
-export * from './tenant.js';
 export * from './user-assets.js';
 export * from './hook.js';
 export * from './service-log.js';

package/lib/types/index.js

@@ -11,7 +11,6 @@ export * from './role.js';
 export * from './verification-code.js';
 export * from './application.js';
 export * from './system.js';
-export * from './tenant.js';
 export * from './user-assets.js';
 export * from './hook.js';
 export * from './service-log.js';

package/lib/types/system.d.ts

@@ -64,6 +64,97 @@ export type StorageProviderType = {
 export declare const storageProviderGuard: Readonly<{
     [key in StorageProviderKey]: ZodType<StorageProviderType[key]>;
 }>;
+export declare enum EmailServiceProvider {
+    SendGrid = "SendGrid"
+}
+/**
+ * `General` is now used as a fallback scenario.
+ * This will be extended in the future since we will send different emails for
+ * different purposes (such as webhook that inform users of suspicious account activities).
+ */
+export declare enum OtherEmailTemplate {
+    General = "General"
+}
+export declare const otherEmailTemplateGuard: z.ZodNativeEnum<typeof OtherEmailTemplate>;
+export declare const sendgridEmailServiceDataGuard: z.ZodObject<{
+    fromName: z.ZodString;
+    fromEmail: z.ZodString;
+    templates: z.ZodRecord<z.ZodUnion<[z.ZodNativeEnum<typeof import("@logto/connector-kit").VerificationCodeType>, z.ZodNativeEnum<typeof OtherEmailTemplate>]>, z.ZodObject<{
+        subject: z.ZodString;
+        content: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        subject: string;
+        content: string;
+    }, {
+        subject: string;
+        content: string;
+    }>>;
+    provider: z.ZodLiteral<EmailServiceProvider>;
+    apiKey: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    provider: EmailServiceProvider;
+    apiKey: string;
+    fromName: string;
+    fromEmail: string;
+    templates: Partial<Record<OtherEmailTemplate.General | import("@logto/connector-kit").VerificationCodeType, {
+        subject: string;
+        content: string;
+    }>>;
+}, {
+    provider: EmailServiceProvider;
+    apiKey: string;
+    fromName: string;
+    fromEmail: string;
+    templates: Partial<Record<OtherEmailTemplate.General | import("@logto/connector-kit").VerificationCodeType, {
+        subject: string;
+        content: string;
+    }>>;
+}>;
+export type SendgridEmailServiceData = z.infer<typeof sendgridEmailServiceDataGuard>;
+export declare const emailServiceDataGuard: z.ZodDiscriminatedUnion<"provider", [z.ZodObject<{
+    fromName: z.ZodString;
+    fromEmail: z.ZodString;
+    templates: z.ZodRecord<z.ZodUnion<[z.ZodNativeEnum<typeof import("@logto/connector-kit").VerificationCodeType>, z.ZodNativeEnum<typeof OtherEmailTemplate>]>, z.ZodObject<{
+        subject: z.ZodString;
+        content: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        subject: string;
+        content: string;
+    }, {
+        subject: string;
+        content: string;
+    }>>;
+    provider: z.ZodLiteral<EmailServiceProvider>;
+    apiKey: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    provider: EmailServiceProvider;
+    apiKey: string;
+    fromName: string;
+    fromEmail: string;
+    templates: Partial<Record<OtherEmailTemplate.General | import("@logto/connector-kit").VerificationCodeType, {
+        subject: string;
+        content: string;
+    }>>;
+}, {
+    provider: EmailServiceProvider;
+    apiKey: string;
+    fromName: string;
+    fromEmail: string;
+    templates: Partial<Record<OtherEmailTemplate.General | import("@logto/connector-kit").VerificationCodeType, {
+        subject: string;
+        content: string;
+    }>>;
+}>]>;
+export type EmailServiceData = z.infer<typeof emailServiceDataGuard>;
+export declare enum EmailServiceProviderKey {
+    EmailServiceProvider = "EmailServiceProvider"
+}
+export type EmailServiceProviderType = {
+    [EmailServiceProviderKey.EmailServiceProvider]: EmailServiceData;
+};
+export declare const emailServiceProviderGuard: Readonly<{
+    [key in EmailServiceProviderKey]: ZodType<EmailServiceProviderType[key]>;
+}>;
 export declare enum DemoSocialProvider {
     Google = "google",
     GitHub = "github",
@@ -101,15 +192,12 @@ export declare const demoSocialGuard: Readonly<{
 export declare const hostnameProviderDataGuard: z.ZodObject<{
     zoneId: z.ZodString;
     apiToken: z.ZodString;
-    fallbackOrigin: z.ZodString;
 }, "strip", z.ZodTypeAny, {
     zoneId: string;
     apiToken: string;
-    fallbackOrigin: string;
 }, {
     zoneId: string;
     apiToken: string;
-    fallbackOrigin: string;
 }>;
 export type HostnameProviderData = z.infer<typeof hostnameProviderDataGuard>;
 export declare enum CloudflareKey {
@@ -121,8 +209,8 @@ export type CloudflareType = {
 export declare const cloudflareGuard: Readonly<{
     [key in CloudflareKey]: ZodType<CloudflareType[key]>;
 }>;
-export type SystemKey = AlterationStateKey | StorageProviderKey | DemoSocialKey | CloudflareKey;
-export type SystemType = AlterationStateType | StorageProviderType | DemoSocialType | CloudflareType;
-export type SystemGuard = typeof alterationStateGuard & typeof storageProviderGuard & typeof demoSocialGuard & typeof cloudflareGuard;
+export type SystemKey = AlterationStateKey | StorageProviderKey | DemoSocialKey | CloudflareKey | EmailServiceProviderKey;
+export type SystemType = AlterationStateType | StorageProviderType | DemoSocialType | CloudflareType | EmailServiceProviderType;
+export type SystemGuard = typeof alterationStateGuard & typeof storageProviderGuard & typeof demoSocialGuard & typeof cloudflareGuard & typeof emailServiceProviderGuard;
 export declare const systemKeys: readonly SystemKey[];
 export declare const systemGuards: SystemGuard;

package/lib/types/system.js

@@ -1,3 +1,4 @@
+import { verificationCodeTypeGuard } from '@logto/connector-kit';
 import { z } from 'zod';
 // Alteration state
 export var AlterationStateKey;
@@ -42,6 +43,44 @@ export var StorageProviderKey;
 export const storageProviderGuard = Object.freeze({
     [StorageProviderKey.StorageProvider]: storageProviderDataGuard,
 });
+// Email service provider
+export var EmailServiceProvider;
+(function (EmailServiceProvider) {
+    EmailServiceProvider["SendGrid"] = "SendGrid";
+})(EmailServiceProvider || (EmailServiceProvider = {}));
+/**
+ * `General` is now used as a fallback scenario.
+ * This will be extended in the future since we will send different emails for
+ * different purposes (such as webhook that inform users of suspicious account activities).
+ */
+export var OtherEmailTemplate;
+(function (OtherEmailTemplate) {
+    OtherEmailTemplate["General"] = "General";
+})(OtherEmailTemplate || (OtherEmailTemplate = {}));
+export const otherEmailTemplateGuard = z.nativeEnum(OtherEmailTemplate);
+const emailServiceBasicConfig = {
+    fromName: z.string(),
+    fromEmail: z.string(),
+    templates: z.record(verificationCodeTypeGuard.or(otherEmailTemplateGuard), z.object({
+        subject: z.string(),
+        content: z.string(),
+    })),
+};
+export const sendgridEmailServiceDataGuard = z.object({
+    provider: z.literal(EmailServiceProvider.SendGrid),
+    apiKey: z.string(),
+    ...emailServiceBasicConfig,
+});
+export const emailServiceDataGuard = z.discriminatedUnion('provider', [
+    sendgridEmailServiceDataGuard,
+]);
+export var EmailServiceProviderKey;
+(function (EmailServiceProviderKey) {
+    EmailServiceProviderKey["EmailServiceProvider"] = "EmailServiceProvider";
+})(EmailServiceProviderKey || (EmailServiceProviderKey = {}));
+export const emailServiceProviderGuard = Object.freeze({
+    [EmailServiceProviderKey.EmailServiceProvider]: emailServiceDataGuard,
+});
 // Demo social connectors
 export var DemoSocialProvider;
 (function (DemoSocialProvider) {
@@ -68,8 +107,7 @@ export const demoSocialGuard = Object.freeze({
 // Cloudflare Hostnames
 export const hostnameProviderDataGuard = z.object({
     zoneId: z.string(),
-    apiToken: z.string(),
-    fallbackOrigin: z.string(), // A domain name
+    apiToken: z.string(), // Requires zone permission for "SSL and Certificates Edit"
 });
 export var CloudflareKey;
 (function (CloudflareKey) {
@@ -83,10 +121,12 @@ export const systemKeys = Object.freeze([
     ...Object.values(StorageProviderKey),
     ...Object.values(DemoSocialKey),
     ...Object.values(CloudflareKey),
+    ...Object.values(EmailServiceProviderKey),
 ]);
 export const systemGuards = Object.freeze({
     ...alterationStateGuard,
     ...storageProviderGuard,
     ...demoSocialGuard,
     ...cloudflareGuard,
+    ...emailServiceProviderGuard,
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -65,12 +65,14 @@
   "prettier": "@silverhand/eslint-config/.prettierrc",
   "dependencies": {
     "@logto/connector-kit": "^1.1.1",
-    "@logto/core-kit": "^2.0.0",
+    "@logto/core-kit": "^2.0.1",
     "@logto/language-kit": "^1.0.0",
-    "@logto/phrases": "^1.4.0",
+    "@logto/phrases": "^1.4.1",
     "@logto/phrases-ui": "^1.2.0",
     "@logto/shared": "^2.0.0",
-    "@withtyped/server": "^0.9.0",
+    "@withtyped/server": "^0.11.1"
+  },
+  "peerDependencies": {
     "zod": "^3.20.2"
   },
   "scripts": {

package/tables/domains.sql

@@ -3,7 +3,7 @@ create table domains (
     references tenants (id) on update cascade on delete cascade,
   id varchar(21) not null,
   domain varchar(256) not null,
-  status varchar(32) not null default('PendingVerification'),
+  status varchar(32) /* @use DomainStatus */ not null default('PendingVerification'),
   error_message varchar(1024),
   dns_records jsonb /* @use DomainDnsRecords */ not null default '[]'::jsonb,
   cloudflare_data jsonb /* @use CloudflareData */,
@@ -11,7 +11,7 @@ create table domains (
   created_at timestamptz not null default(now()),
   primary key (id),
   constraint domains__domain
-    unique (domain)
+    unique (tenant_id, domain)
 );
 
 create index domains__id on domains (tenant_id, id);

package/lib/types/tenant.d.ts

@@ -1,37 +0,0 @@
-import { z } from 'zod';
-import { type TenantModel } from '../seeds/tenant.js';
-export declare enum TenantTag {
-    Development = "development",
-    Staging = "staging",
-    Production = "production"
-}
-export type PatchTenant = Partial<Pick<TenantModel, 'name' | 'tag'>>;
-export type CreateTenant = Pick<TenantModel, 'id' | 'dbUser' | 'dbUserPassword'> & PatchTenant & {
-    createdAt?: number;
-};
-export declare const createTenantGuard: z.ZodObject<{
-    id: z.ZodString;
-    dbUser: z.ZodString;
-    dbUserPassword: z.ZodString;
-    name: z.ZodOptional<z.ZodString>;
-    tag: z.ZodOptional<z.ZodNativeEnum<typeof TenantTag>>;
-    createdAt: z.ZodOptional<z.ZodNumber>;
-}, "strip", z.ZodTypeAny, {
-    name?: string | undefined;
-    createdAt?: number | undefined;
-    tag?: TenantTag | undefined;
-    id: string;
-    dbUser: string;
-    dbUserPassword: string;
-}, {
-    name?: string | undefined;
-    createdAt?: number | undefined;
-    tag?: TenantTag | undefined;
-    id: string;
-    dbUser: string;
-    dbUserPassword: string;
-}>;
-export type TenantInfo = Pick<TenantModel, 'id' | 'name' | 'tag'> & {
-    indicator: string;
-};
-export declare const tenantInfoGuard: z.ZodType<TenantInfo>;

package/lib/types/tenant.js

@@ -1,19 +0,0 @@
-import { z } from 'zod';
-export var TenantTag;
-(function (TenantTag) {
-    TenantTag["Development"] = "development";
-    TenantTag["Staging"] = "staging";
-    TenantTag["Production"] = "production";
-})(TenantTag || (TenantTag = {}));
-export const createTenantGuard = z.object({
-    id: z.string(),
-    dbUser: z.string(),
-    dbUserPassword: z.string(),
-    name: z.string().optional(),
-    tag: z.nativeEnum(TenantTag).optional(),
-    createdAt: z.number().optional(),
-});
-export const tenantInfoGuard = createTenantGuard
-    .pick({ id: true, name: true, tag: true })
-    .extend({ indicator: z.string() })
-    .required();