@logto/schemas 1.5.0 → 1.7.0

package/LICENSE

@@ -1,9 +1,3 @@
-Portions of this software are licensed as follows:
-
-* All content that resides under the "packages/cloud" directory of this repository, if that directory exists, is licensed under the license defined in "packages/cloud/LICENSE" (Elastic-2.0).
-* All third party components incorporated into this software are licensed under the original license provided by the owner of the applicable component.
-* Content outside of the above mentioned directories or restrictions above is available under the "MPL-2.0" license as defined below.
-
 Mozilla Public License Version 2.0
 ==================================
 

package/alterations/1.6.0-1685691718-domain-unique.ts

@@ -0,0 +1,20 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (tenant_id, domain);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (domain);
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.7.0-1688375200-sync-cloud-m2m-to-logto-config.ts

@@ -0,0 +1,85 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const adminTenantId = 'admin';
+
+const cloudServiceApplicationName = 'Cloud Service';
+
+const cloudConnectionResourceIndicator = 'https://cloud.logto.io/api';
+
+enum ApplicationType {
+  Native = 'Native',
+  SPA = 'SPA',
+  Traditional = 'Traditional',
+  MachineToMachine = 'MachineToMachine',
+}
+
+const cloudConnectionConfigKey = 'cloudConnection';
+
+type Application = {
+  tenantId: string;
+  id: string;
+  name: string;
+  secret: string;
+  description: string;
+  type: ApplicationType;
+  oidcClientMetadata: unknown;
+  customClientMetadata: {
+    tenantId: string;
+  };
+  createdAt: number;
+};
+
+type CloudConnectionConfig = {
+  tenantId: string;
+  key: string;
+  value: unknown;
+};
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const { rows } = await pool.query<Application>(
+      sql`select * from applications where type = ${ApplicationType.MachineToMachine} and tenant_id = ${adminTenantId} and name = ${cloudServiceApplicationName}`
+    );
+
+    const { rows: existingCloudConnections } = await pool.query<CloudConnectionConfig>(sql`
+      select * from logto_configs where key = ${cloudConnectionConfigKey}
+    `);
+    const tenantIdsWithExistingRecords = new Set(
+      existingCloudConnections.map(({ tenantId }) => tenantId)
+    );
+    const filteredRows = rows.filter(
+      ({ customClientMetadata: { tenantId } }) => !tenantIdsWithExistingRecords.has(tenantId)
+    );
+
+    if (filteredRows.length === 0) {
+      return;
+    }
+
+    await pool.query(sql`
+      insert into logto_configs (tenant_id, key, value) values ${sql.join(
+        filteredRows.map(({ id, secret, customClientMetadata }) => {
+          const { tenantId } = customClientMetadata;
+          const cloudConnectionValue = {
+            appId: id,
+            appSecret: secret,
+            resource: cloudConnectionResourceIndicator,
+          };
+
+          return sql`(${tenantId}, ${cloudConnectionConfigKey}, ${JSON.stringify(
+            cloudConnectionValue
+          )})`;
+        }),
+        sql`,`
+      )}
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      delete from logto_configs where key = ${cloudConnectionConfigKey}
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.7.0-1688613459-remove-m2m-credentials-from-existing-logto-email-connector-config.ts

@@ -0,0 +1,88 @@
+import { GlobalValues } from '@logto/shared';
+import { appendPath } from '@silverhand/essentials';
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+type M2mCredentials = {
+  appSecret: string;
+  appId: string;
+  endpoint: string;
+  tokenEndpoint: string;
+  resource: string;
+};
+
+type EmailServiceConnector = {
+  tenantId: string;
+  config: Partial<M2mCredentials> & Record<string, unknown>;
+};
+type CloudConnectionData = {
+  tenantId: string;
+  value: { appSecret: string; appId: string; resource: string };
+};
+
+enum ServiceConnector {
+  Email = 'logto-email',
+}
+
+const cloudConnectionKey = 'cloudConnection';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const { rows: rawConnectors } = await pool.query<EmailServiceConnector>(sql`
+      select tenant_id, config from connectors where connector_id = ${ServiceConnector.Email};
+    `);
+    const connectors = rawConnectors.map((rawConnector) => {
+      const {
+        tenantId,
+        config: { appSecret, appId, endpoint, tokenEndpoint, resource, ...rest },
+      } = rawConnector;
+      return { tenantId, config: rest };
+    });
+    for (const connector of connectors) {
+      const { tenantId, config } = connector;
+      // eslint-disable-next-line no-await-in-loop
+      await pool.query(sql`
+        update connectors set config = ${JSON.stringify(
+          config
+        )} where tenant_id = ${tenantId} and connector_id = ${ServiceConnector.Email};
+      `);
+    }
+  },
+  down: async (pool) => {
+    const { rows: cloudConnections } = await pool.query<CloudConnectionData>(sql`
+      select tenant_id, value from logto_configs where key = ${cloudConnectionKey};
+    `);
+
+    /** Get `endpoint` and `tokenEndpoints` */
+    const globalValues = new GlobalValues();
+    const { cloudUrlSet, adminUrlSet } = globalValues;
+    const endpoint = appendPath(cloudUrlSet.endpoint, 'api').toString();
+    const tokenEndpoint = appendPath(adminUrlSet.endpoint, 'oidc/token').toString();
+
+    const { rows: rawEmailServiceConnectors } = await pool.query<EmailServiceConnector>(sql`
+      select tenant_id, config from connectors where connector_id = ${ServiceConnector.Email};
+    `);
+    const tenantIdsWithM2mCredentials = new Set(cloudConnections.map(({ tenantId }) => tenantId));
+    const emailServiceConnectors = rawEmailServiceConnectors.filter(({ tenantId }) =>
+      tenantIdsWithM2mCredentials.has(tenantId)
+    );
+    for (const emailServiceConnector of emailServiceConnectors) {
+      const { tenantId: currentTenantId, config } = emailServiceConnector;
+      const newConfig = {
+        ...config,
+        endpoint,
+        tokenEndpoint,
+        ...cloudConnections.find(({ tenantId }) => tenantId === currentTenantId)?.value,
+      };
+      // eslint-disable-next-line no-await-in-loop
+      await pool.query(sql`
+        update connectors set config = ${JSON.stringify(
+          newConfig
+        )} where tenant_id = ${currentTenantId} and connector_id = ${ServiceConnector.Email};
+      `);
+    }
+  },
+};
+
+export default alteration;

package/alterations/1.7.0-1688627407-daily-active-users.ts

@@ -0,0 +1,61 @@
+import { type CommonQueryMethods, sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const getId = (value: string) => sql.identifier([value]);
+
+const getDatabaseName = async (pool: CommonQueryMethods) => {
+  const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
+    select current_database();
+  `);
+
+  return currentDatabase.replaceAll('-', '_');
+};
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const database = await getDatabaseName(pool);
+    const baseRoleId = getId(`logto_tenant_${database}`);
+
+    await pool.query(sql`
+      create table daily_active_users (
+        id varchar(21) not null,
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        user_id varchar(21) not null,
+        date timestamptz not null,
+        primary key (id),
+        constraint daily_active_users__user_id_date
+          unique (user_id, date)
+      );
+
+      create index daily_active_users__id
+        on daily_active_users (tenant_id, id);
+
+      create trigger set_tenant_id before insert on daily_active_users
+        for each row execute procedure set_tenant_id();
+
+      alter table daily_active_users enable row level security;
+
+      create policy daily_active_users_tenant_id on daily_active_users
+        as restrictive
+        using (tenant_id = (select id from tenants where db_user = current_user));
+      create policy daily_active_users_modification on daily_active_users
+        using (true);
+
+      grant select, insert, update, delete on daily_active_users to ${baseRoleId};
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop policy daily_active_users_tenant_id on daily_active_users;
+      drop policy daily_active_users_modification on daily_active_users;
+
+      alter table daily_active_users disable row level security;
+
+      drop table daily_active_users;
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.6.0-1685691718-domain-unique.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.6.0-1685691718-domain-unique.js

@@ -0,0 +1,16 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (tenant_id, domain);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table domains drop constraint domains__domain;
+      alter table domains add constraint domains__domain unique (domain);
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.7.0-1688375200-sync-cloud-m2m-to-logto-config.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.7.0-1688375200-sync-cloud-m2m-to-logto-config.js

@@ -0,0 +1,42 @@
+import { sql } from 'slonik';
+const adminTenantId = 'admin';
+const cloudServiceApplicationName = 'Cloud Service';
+const cloudConnectionResourceIndicator = 'https://cloud.logto.io/api';
+var ApplicationType;
+(function (ApplicationType) {
+    ApplicationType["Native"] = "Native";
+    ApplicationType["SPA"] = "SPA";
+    ApplicationType["Traditional"] = "Traditional";
+    ApplicationType["MachineToMachine"] = "MachineToMachine";
+})(ApplicationType || (ApplicationType = {}));
+const cloudConnectionConfigKey = 'cloudConnection';
+const alteration = {
+    up: async (pool) => {
+        const { rows } = await pool.query(sql `select * from applications where type = ${ApplicationType.MachineToMachine} and tenant_id = ${adminTenantId} and name = ${cloudServiceApplicationName}`);
+        const { rows: existingCloudConnections } = await pool.query(sql `
+      select * from logto_configs where key = ${cloudConnectionConfigKey}
+    `);
+        const tenantIdsWithExistingRecords = new Set(existingCloudConnections.map(({ tenantId }) => tenantId));
+        const filteredRows = rows.filter(({ customClientMetadata: { tenantId } }) => !tenantIdsWithExistingRecords.has(tenantId));
+        if (filteredRows.length === 0) {
+            return;
+        }
+        await pool.query(sql `
+      insert into logto_configs (tenant_id, key, value) values ${sql.join(filteredRows.map(({ id, secret, customClientMetadata }) => {
+            const { tenantId } = customClientMetadata;
+            const cloudConnectionValue = {
+                appId: id,
+                appSecret: secret,
+                resource: cloudConnectionResourceIndicator,
+            };
+            return sql `(${tenantId}, ${cloudConnectionConfigKey}, ${JSON.stringify(cloudConnectionValue)})`;
+        }), sql `,`)}
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      delete from logto_configs where key = ${cloudConnectionConfigKey}
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.7.0-1688613459-remove-m2m-credentials-from-existing-logto-email-connector-config.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.7.0-1688613459-remove-m2m-credentials-from-existing-logto-email-connector-config.js

@@ -0,0 +1,55 @@
+import { GlobalValues } from '@logto/shared';
+import { appendPath } from '@silverhand/essentials';
+import { sql } from 'slonik';
+var ServiceConnector;
+(function (ServiceConnector) {
+    ServiceConnector["Email"] = "logto-email";
+})(ServiceConnector || (ServiceConnector = {}));
+const cloudConnectionKey = 'cloudConnection';
+const alteration = {
+    up: async (pool) => {
+        const { rows: rawConnectors } = await pool.query(sql `
+      select tenant_id, config from connectors where connector_id = ${ServiceConnector.Email};
+    `);
+        const connectors = rawConnectors.map((rawConnector) => {
+            const { tenantId, config: { appSecret, appId, endpoint, tokenEndpoint, resource, ...rest }, } = rawConnector;
+            return { tenantId, config: rest };
+        });
+        for (const connector of connectors) {
+            const { tenantId, config } = connector;
+            // eslint-disable-next-line no-await-in-loop
+            await pool.query(sql `
+        update connectors set config = ${JSON.stringify(config)} where tenant_id = ${tenantId} and connector_id = ${ServiceConnector.Email};
+      `);
+        }
+    },
+    down: async (pool) => {
+        const { rows: cloudConnections } = await pool.query(sql `
+      select tenant_id, value from logto_configs where key = ${cloudConnectionKey};
+    `);
+        /** Get `endpoint` and `tokenEndpoints` */
+        const globalValues = new GlobalValues();
+        const { cloudUrlSet, adminUrlSet } = globalValues;
+        const endpoint = appendPath(cloudUrlSet.endpoint, 'api').toString();
+        const tokenEndpoint = appendPath(adminUrlSet.endpoint, 'oidc/token').toString();
+        const { rows: rawEmailServiceConnectors } = await pool.query(sql `
+      select tenant_id, config from connectors where connector_id = ${ServiceConnector.Email};
+    `);
+        const tenantIdsWithM2mCredentials = new Set(cloudConnections.map(({ tenantId }) => tenantId));
+        const emailServiceConnectors = rawEmailServiceConnectors.filter(({ tenantId }) => tenantIdsWithM2mCredentials.has(tenantId));
+        for (const emailServiceConnector of emailServiceConnectors) {
+            const { tenantId: currentTenantId, config } = emailServiceConnector;
+            const newConfig = {
+                ...config,
+                endpoint,
+                tokenEndpoint,
+                ...cloudConnections.find(({ tenantId }) => tenantId === currentTenantId)?.value,
+            };
+            // eslint-disable-next-line no-await-in-loop
+            await pool.query(sql `
+        update connectors set config = ${JSON.stringify(newConfig)} where tenant_id = ${currentTenantId} and connector_id = ${ServiceConnector.Email};
+      `);
+        }
+    },
+};
+export default alteration;

package/alterations-js/1.7.0-1688627407-daily-active-users.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.7.0-1688627407-daily-active-users.js

@@ -0,0 +1,53 @@
+import { sql } from 'slonik';
+const getId = (value) => sql.identifier([value]);
+const getDatabaseName = async (pool) => {
+    const { currentDatabase } = await pool.one(sql `
+    select current_database();
+  `);
+    return currentDatabase.replaceAll('-', '_');
+};
+const alteration = {
+    up: async (pool) => {
+        const database = await getDatabaseName(pool);
+        const baseRoleId = getId(`logto_tenant_${database}`);
+        await pool.query(sql `
+      create table daily_active_users (
+        id varchar(21) not null,
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        user_id varchar(21) not null,
+        date timestamptz not null,
+        primary key (id),
+        constraint daily_active_users__user_id_date
+          unique (user_id, date)
+      );
+
+      create index daily_active_users__id
+        on daily_active_users (tenant_id, id);
+
+      create trigger set_tenant_id before insert on daily_active_users
+        for each row execute procedure set_tenant_id();
+
+      alter table daily_active_users enable row level security;
+
+      create policy daily_active_users_tenant_id on daily_active_users
+        as restrictive
+        using (tenant_id = (select id from tenants where db_user = current_user));
+      create policy daily_active_users_modification on daily_active_users
+        using (true);
+
+      grant select, insert, update, delete on daily_active_users to ${baseRoleId};
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop policy daily_active_users_tenant_id on daily_active_users;
+      drop policy daily_active_users_modification on daily_active_users;
+
+      alter table daily_active_users disable row level security;
+
+      drop table daily_active_users;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/date.d.ts

@@ -0,0 +1,5 @@
+export declare const inSeconds: Readonly<{
+    oneMinute: 60;
+    oneHour: number;
+    oneDay: number;
+}>;

package/lib/consts/date.js

@@ -0,0 +1 @@
+export const inSeconds = Object.freeze({ oneMinute: 60, oneHour: 60 * 60, oneDay: 24 * 60 * 60 });

package/lib/consts/index.d.ts

@@ -1,3 +1,5 @@
 export * from './cookie.js';
 export * from './system.js';
 export * from './oidc.js';
+export * from './date.js';
+export * from './tenant.js';

package/lib/consts/index.js

@@ -1,3 +1,5 @@
 export * from './cookie.js';
 export * from './system.js';
 export * from './oidc.js';
+export * from './date.js';
+export * from './tenant.js';

package/lib/consts/oidc.d.ts

@@ -1 +1,6 @@
 export declare const tenantIdKey = "tenant_id";
+export declare const customClientMetadataDefault: Readonly<{
+    readonly idTokenTtl: number;
+    readonly refreshTokenTtlInDays: 14;
+    readonly rotateRefreshToken: true;
+}>;

package/lib/consts/oidc.js

@@ -1 +1,7 @@
+import { inSeconds } from './date.js';
 export const tenantIdKey = 'tenant_id';
+export const customClientMetadataDefault = Object.freeze({
+    idTokenTtl: inSeconds.oneHour,
+    refreshTokenTtlInDays: 14,
+    rotateRefreshToken: true,
+});

package/lib/consts/tenant.d.ts

@@ -0,0 +1 @@
+export declare const maxFreeTenantLimit = 10;

package/lib/consts/tenant.js

@@ -0,0 +1 @@
+export const maxFreeTenantLimit = 10;

package/lib/db-entries/daily-active-user.d.ts

@@ -0,0 +1,14 @@
+import { GeneratedSchema } from './../foundations/index.js';
+export type CreateDailyActiveUser = {
+    id: string;
+    tenantId?: string;
+    userId: string;
+    date: number;
+};
+export type DailyActiveUser = {
+    id: string;
+    tenantId: string;
+    userId: string;
+    date: number;
+};
+export declare const DailyActiveUsers: GeneratedSchema<CreateDailyActiveUser, DailyActiveUser>;

package/lib/db-entries/daily-active-user.js

@@ -0,0 +1,32 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+const createGuard = z.object({
+    id: z.string().min(1).max(21),
+    tenantId: z.string().max(21).optional(),
+    userId: z.string().min(1).max(21),
+    date: z.number(),
+});
+const guard = z.object({
+    id: z.string().min(1).max(21),
+    tenantId: z.string().max(21),
+    userId: z.string().min(1).max(21),
+    date: z.number(),
+});
+export const DailyActiveUsers = Object.freeze({
+    table: 'daily_active_users',
+    tableSingular: 'daily_active_user',
+    fields: {
+        id: 'id',
+        tenantId: 'tenant_id',
+        userId: 'user_id',
+        date: 'date',
+    },
+    fieldKeys: [
+        'id',
+        'tenantId',
+        'userId',
+        'date',
+    ],
+    createGuard,
+    guard,
+});

package/lib/db-entries/domain.d.ts

@@ -1,9 +1,9 @@
-import { DomainDnsRecords, CloudflareData, GeneratedSchema } from './../foundations/index.js';
+import { DomainStatus, DomainDnsRecords, CloudflareData, GeneratedSchema } from './../foundations/index.js';
 export type CreateDomain = {
     tenantId?: string;
     id: string;
     domain: string;
-    status?: string;
+    status?: DomainStatus;
     errorMessage?: string | null;
     dnsRecords?: DomainDnsRecords;
     cloudflareData?: CloudflareData | null;
@@ -14,7 +14,7 @@ export type Domain = {
     tenantId: string;
     id: string;
     domain: string;
-    status: string;
+    status: DomainStatus;
     errorMessage: string | null;
     dnsRecords: DomainDnsRecords;
     cloudflareData: CloudflareData | null;

package/lib/db-entries/domain.js

@@ -1,11 +1,11 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
-import { domainDnsRecordsGuard, cloudflareDataGuard } from './../foundations/index.js';
+import { domainStatusGuard, domainDnsRecordsGuard, cloudflareDataGuard } from './../foundations/index.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
     id: z.string().min(1).max(21),
     domain: z.string().min(1).max(256),
-    status: z.string().min(1).max(32).optional(),
+    status: domainStatusGuard.optional(),
     errorMessage: z.string().max(1024).nullable().optional(),
     dnsRecords: domainDnsRecordsGuard.optional(),
     cloudflareData: cloudflareDataGuard.nullable().optional(),
@@ -16,7 +16,7 @@ const guard = z.object({
     tenantId: z.string().max(21),
     id: z.string().min(1).max(21),
     domain: z.string().min(1).max(256),
-    status: z.string().max(32),
+    status: domainStatusGuard,
     errorMessage: z.string().max(1024).nullable(),
     dnsRecords: domainDnsRecordsGuard,
     cloudflareData: cloudflareDataGuard.nullable(),

package/lib/db-entries/index.d.ts

@@ -7,6 +7,7 @@ export * from './application.js';
 export * from './applications-role.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
+export * from './daily-active-user.js';
 export * from './domain.js';
 export * from './hook.js';
 export * from './log.js';

package/lib/db-entries/index.js

@@ -8,6 +8,7 @@ export * from './application.js';
 export * from './applications-role.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
+export * from './daily-active-user.js';
 export * from './domain.js';
 export * from './hook.js';
 export * from './log.js';