@logto/schemas 1.6.0 → 1.8.0

package/LICENSE

@@ -1,9 +1,3 @@
-Portions of this software are licensed as follows:
-
-* All content that resides under the "packages/cloud" directory of this repository, if that directory exists, is licensed under the license defined in "packages/cloud/LICENSE" (Elastic-2.0).
-* All third party components incorporated into this software are licensed under the original license provided by the owner of the applicable component.
-* Content outside of the above mentioned directories or restrictions above is available under the "MPL-2.0" license as defined below.
-
 Mozilla Public License Version 2.0
 ==================================
 

package/alterations/1.7.0-1688375200-sync-cloud-m2m-to-logto-config.ts

@@ -0,0 +1,85 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const adminTenantId = 'admin';
+
+const cloudServiceApplicationName = 'Cloud Service';
+
+const cloudConnectionResourceIndicator = 'https://cloud.logto.io/api';
+
+enum ApplicationType {
+  Native = 'Native',
+  SPA = 'SPA',
+  Traditional = 'Traditional',
+  MachineToMachine = 'MachineToMachine',
+}
+
+const cloudConnectionConfigKey = 'cloudConnection';
+
+type Application = {
+  tenantId: string;
+  id: string;
+  name: string;
+  secret: string;
+  description: string;
+  type: ApplicationType;
+  oidcClientMetadata: unknown;
+  customClientMetadata: {
+    tenantId: string;
+  };
+  createdAt: number;
+};
+
+type CloudConnectionConfig = {
+  tenantId: string;
+  key: string;
+  value: unknown;
+};
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const { rows } = await pool.query<Application>(
+      sql`select * from applications where type = ${ApplicationType.MachineToMachine} and tenant_id = ${adminTenantId} and name = ${cloudServiceApplicationName}`
+    );
+
+    const { rows: existingCloudConnections } = await pool.query<CloudConnectionConfig>(sql`
+      select * from logto_configs where key = ${cloudConnectionConfigKey}
+    `);
+    const tenantIdsWithExistingRecords = new Set(
+      existingCloudConnections.map(({ tenantId }) => tenantId)
+    );
+    const filteredRows = rows.filter(
+      ({ customClientMetadata: { tenantId } }) => !tenantIdsWithExistingRecords.has(tenantId)
+    );
+
+    if (filteredRows.length === 0) {
+      return;
+    }
+
+    await pool.query(sql`
+      insert into logto_configs (tenant_id, key, value) values ${sql.join(
+        filteredRows.map(({ id, secret, customClientMetadata }) => {
+          const { tenantId } = customClientMetadata;
+          const cloudConnectionValue = {
+            appId: id,
+            appSecret: secret,
+            resource: cloudConnectionResourceIndicator,
+          };
+
+          return sql`(${tenantId}, ${cloudConnectionConfigKey}, ${JSON.stringify(
+            cloudConnectionValue
+          )})`;
+        }),
+        sql`,`
+      )}
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      delete from logto_configs where key = ${cloudConnectionConfigKey}
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.7.0-1688613459-remove-m2m-credentials-from-existing-logto-email-connector-config.ts

@@ -0,0 +1,88 @@
+import { GlobalValues } from '@logto/shared';
+import { appendPath } from '@silverhand/essentials';
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+type M2mCredentials = {
+  appSecret: string;
+  appId: string;
+  endpoint: string;
+  tokenEndpoint: string;
+  resource: string;
+};
+
+type EmailServiceConnector = {
+  tenantId: string;
+  config: Partial<M2mCredentials> & Record<string, unknown>;
+};
+type CloudConnectionData = {
+  tenantId: string;
+  value: { appSecret: string; appId: string; resource: string };
+};
+
+enum ServiceConnector {
+  Email = 'logto-email',
+}
+
+const cloudConnectionKey = 'cloudConnection';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const { rows: rawConnectors } = await pool.query<EmailServiceConnector>(sql`
+      select tenant_id, config from connectors where connector_id = ${ServiceConnector.Email};
+    `);
+    const connectors = rawConnectors.map((rawConnector) => {
+      const {
+        tenantId,
+        config: { appSecret, appId, endpoint, tokenEndpoint, resource, ...rest },
+      } = rawConnector;
+      return { tenantId, config: rest };
+    });
+    for (const connector of connectors) {
+      const { tenantId, config } = connector;
+      // eslint-disable-next-line no-await-in-loop
+      await pool.query(sql`
+        update connectors set config = ${JSON.stringify(
+          config
+        )} where tenant_id = ${tenantId} and connector_id = ${ServiceConnector.Email};
+      `);
+    }
+  },
+  down: async (pool) => {
+    const { rows: cloudConnections } = await pool.query<CloudConnectionData>(sql`
+      select tenant_id, value from logto_configs where key = ${cloudConnectionKey};
+    `);
+
+    /** Get `endpoint` and `tokenEndpoints` */
+    const globalValues = new GlobalValues();
+    const { cloudUrlSet, adminUrlSet } = globalValues;
+    const endpoint = appendPath(cloudUrlSet.endpoint, 'api').toString();
+    const tokenEndpoint = appendPath(adminUrlSet.endpoint, 'oidc/token').toString();
+
+    const { rows: rawEmailServiceConnectors } = await pool.query<EmailServiceConnector>(sql`
+      select tenant_id, config from connectors where connector_id = ${ServiceConnector.Email};
+    `);
+    const tenantIdsWithM2mCredentials = new Set(cloudConnections.map(({ tenantId }) => tenantId));
+    const emailServiceConnectors = rawEmailServiceConnectors.filter(({ tenantId }) =>
+      tenantIdsWithM2mCredentials.has(tenantId)
+    );
+    for (const emailServiceConnector of emailServiceConnectors) {
+      const { tenantId: currentTenantId, config } = emailServiceConnector;
+      const newConfig = {
+        ...config,
+        endpoint,
+        tokenEndpoint,
+        ...cloudConnections.find(({ tenantId }) => tenantId === currentTenantId)?.value,
+      };
+      // eslint-disable-next-line no-await-in-loop
+      await pool.query(sql`
+        update connectors set config = ${JSON.stringify(
+          newConfig
+        )} where tenant_id = ${currentTenantId} and connector_id = ${ServiceConnector.Email};
+      `);
+    }
+  },
+};
+
+export default alteration;

package/alterations/1.7.0-1688627407-daily-active-users.ts

@@ -0,0 +1,61 @@
+import { type CommonQueryMethods, sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const getId = (value: string) => sql.identifier([value]);
+
+const getDatabaseName = async (pool: CommonQueryMethods) => {
+  const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
+    select current_database();
+  `);
+
+  return currentDatabase.replaceAll('-', '_');
+};
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const database = await getDatabaseName(pool);
+    const baseRoleId = getId(`logto_tenant_${database}`);
+
+    await pool.query(sql`
+      create table daily_active_users (
+        id varchar(21) not null,
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        user_id varchar(21) not null,
+        date timestamptz not null,
+        primary key (id),
+        constraint daily_active_users__user_id_date
+          unique (user_id, date)
+      );
+
+      create index daily_active_users__id
+        on daily_active_users (tenant_id, id);
+
+      create trigger set_tenant_id before insert on daily_active_users
+        for each row execute procedure set_tenant_id();
+
+      alter table daily_active_users enable row level security;
+
+      create policy daily_active_users_tenant_id on daily_active_users
+        as restrictive
+        using (tenant_id = (select id from tenants where db_user = current_user));
+      create policy daily_active_users_modification on daily_active_users
+        using (true);
+
+      grant select, insert, update, delete on daily_active_users to ${baseRoleId};
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop policy daily_active_users_tenant_id on daily_active_users;
+      drop policy daily_active_users_modification on daily_active_users;
+
+      alter table daily_active_users disable row level security;
+
+      drop table daily_active_users;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.8.0-1692088012-add-is-suspend-column-to-tenants-table.ts

@@ -0,0 +1,18 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table tenants add column is_suspended boolean not null default false;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table tenants drop column is_suspended;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.8.0-1692194751-add-affiliate-scopes.ts

@@ -0,0 +1,57 @@
+import { generateStandardId } from '@logto/shared/universal';
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const adminTenantId = 'admin';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    // Get `resourceId` of the admin tenant's resource whose indicator is `https://cloud.logto.io/api`.
+    const { id: resourceId } = await pool.one<{ id: string }>(sql`
+      select id from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = 'https://cloud.logto.io/api'
+    `);
+
+    const { id: roleId } = await pool.one<{ id: string }>(sql`
+      select id from roles
+      where tenant_id = ${adminTenantId}
+      and name = 'admin:admin'
+    `);
+
+    const createAffiliateId = generateStandardId();
+    const manageAffiliateId = generateStandardId();
+
+    await pool.query(sql`
+      insert into scopes (tenant_id, id, name, description, resource_id)
+        values (
+          ${adminTenantId},
+          ${createAffiliateId},
+          'create:affiliate',
+          'Allow creating new affiliates and logs.',
+          ${resourceId}
+        ), (
+          ${adminTenantId},
+          ${manageAffiliateId},
+          'manage:affiliate',
+          'Allow managing affiliates, including create, update, and delete.',
+          ${resourceId}
+        );
+    `);
+
+    await pool.query(sql`
+      insert into roles_scopes (tenant_id, id, role_id, scope_id) values
+        (${adminTenantId}, ${generateStandardId()}, ${roleId}, ${createAffiliateId}),
+        (${adminTenantId}, ${generateStandardId()}, ${roleId}, ${manageAffiliateId});
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      delete from scopes
+      where tenant_id = ${adminTenantId} and name = any(array['create:affiliate', 'manage:affiliate']);
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.7.0-1688375200-sync-cloud-m2m-to-logto-config.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.7.0-1688375200-sync-cloud-m2m-to-logto-config.js

@@ -0,0 +1,42 @@
+import { sql } from 'slonik';
+const adminTenantId = 'admin';
+const cloudServiceApplicationName = 'Cloud Service';
+const cloudConnectionResourceIndicator = 'https://cloud.logto.io/api';
+var ApplicationType;
+(function (ApplicationType) {
+    ApplicationType["Native"] = "Native";
+    ApplicationType["SPA"] = "SPA";
+    ApplicationType["Traditional"] = "Traditional";
+    ApplicationType["MachineToMachine"] = "MachineToMachine";
+})(ApplicationType || (ApplicationType = {}));
+const cloudConnectionConfigKey = 'cloudConnection';
+const alteration = {
+    up: async (pool) => {
+        const { rows } = await pool.query(sql `select * from applications where type = ${ApplicationType.MachineToMachine} and tenant_id = ${adminTenantId} and name = ${cloudServiceApplicationName}`);
+        const { rows: existingCloudConnections } = await pool.query(sql `
+      select * from logto_configs where key = ${cloudConnectionConfigKey}
+    `);
+        const tenantIdsWithExistingRecords = new Set(existingCloudConnections.map(({ tenantId }) => tenantId));
+        const filteredRows = rows.filter(({ customClientMetadata: { tenantId } }) => !tenantIdsWithExistingRecords.has(tenantId));
+        if (filteredRows.length === 0) {
+            return;
+        }
+        await pool.query(sql `
+      insert into logto_configs (tenant_id, key, value) values ${sql.join(filteredRows.map(({ id, secret, customClientMetadata }) => {
+            const { tenantId } = customClientMetadata;
+            const cloudConnectionValue = {
+                appId: id,
+                appSecret: secret,
+                resource: cloudConnectionResourceIndicator,
+            };
+            return sql `(${tenantId}, ${cloudConnectionConfigKey}, ${JSON.stringify(cloudConnectionValue)})`;
+        }), sql `,`)}
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      delete from logto_configs where key = ${cloudConnectionConfigKey}
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.7.0-1688613459-remove-m2m-credentials-from-existing-logto-email-connector-config.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.7.0-1688613459-remove-m2m-credentials-from-existing-logto-email-connector-config.js

@@ -0,0 +1,55 @@
+import { GlobalValues } from '@logto/shared';
+import { appendPath } from '@silverhand/essentials';
+import { sql } from 'slonik';
+var ServiceConnector;
+(function (ServiceConnector) {
+    ServiceConnector["Email"] = "logto-email";
+})(ServiceConnector || (ServiceConnector = {}));
+const cloudConnectionKey = 'cloudConnection';
+const alteration = {
+    up: async (pool) => {
+        const { rows: rawConnectors } = await pool.query(sql `
+      select tenant_id, config from connectors where connector_id = ${ServiceConnector.Email};
+    `);
+        const connectors = rawConnectors.map((rawConnector) => {
+            const { tenantId, config: { appSecret, appId, endpoint, tokenEndpoint, resource, ...rest }, } = rawConnector;
+            return { tenantId, config: rest };
+        });
+        for (const connector of connectors) {
+            const { tenantId, config } = connector;
+            // eslint-disable-next-line no-await-in-loop
+            await pool.query(sql `
+        update connectors set config = ${JSON.stringify(config)} where tenant_id = ${tenantId} and connector_id = ${ServiceConnector.Email};
+      `);
+        }
+    },
+    down: async (pool) => {
+        const { rows: cloudConnections } = await pool.query(sql `
+      select tenant_id, value from logto_configs where key = ${cloudConnectionKey};
+    `);
+        /** Get `endpoint` and `tokenEndpoints` */
+        const globalValues = new GlobalValues();
+        const { cloudUrlSet, adminUrlSet } = globalValues;
+        const endpoint = appendPath(cloudUrlSet.endpoint, 'api').toString();
+        const tokenEndpoint = appendPath(adminUrlSet.endpoint, 'oidc/token').toString();
+        const { rows: rawEmailServiceConnectors } = await pool.query(sql `
+      select tenant_id, config from connectors where connector_id = ${ServiceConnector.Email};
+    `);
+        const tenantIdsWithM2mCredentials = new Set(cloudConnections.map(({ tenantId }) => tenantId));
+        const emailServiceConnectors = rawEmailServiceConnectors.filter(({ tenantId }) => tenantIdsWithM2mCredentials.has(tenantId));
+        for (const emailServiceConnector of emailServiceConnectors) {
+            const { tenantId: currentTenantId, config } = emailServiceConnector;
+            const newConfig = {
+                ...config,
+                endpoint,
+                tokenEndpoint,
+                ...cloudConnections.find(({ tenantId }) => tenantId === currentTenantId)?.value,
+            };
+            // eslint-disable-next-line no-await-in-loop
+            await pool.query(sql `
+        update connectors set config = ${JSON.stringify(newConfig)} where tenant_id = ${currentTenantId} and connector_id = ${ServiceConnector.Email};
+      `);
+        }
+    },
+};
+export default alteration;

package/alterations-js/1.7.0-1688627407-daily-active-users.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.7.0-1688627407-daily-active-users.js

@@ -0,0 +1,53 @@
+import { sql } from 'slonik';
+const getId = (value) => sql.identifier([value]);
+const getDatabaseName = async (pool) => {
+    const { currentDatabase } = await pool.one(sql `
+    select current_database();
+  `);
+    return currentDatabase.replaceAll('-', '_');
+};
+const alteration = {
+    up: async (pool) => {
+        const database = await getDatabaseName(pool);
+        const baseRoleId = getId(`logto_tenant_${database}`);
+        await pool.query(sql `
+      create table daily_active_users (
+        id varchar(21) not null,
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        user_id varchar(21) not null,
+        date timestamptz not null,
+        primary key (id),
+        constraint daily_active_users__user_id_date
+          unique (user_id, date)
+      );
+
+      create index daily_active_users__id
+        on daily_active_users (tenant_id, id);
+
+      create trigger set_tenant_id before insert on daily_active_users
+        for each row execute procedure set_tenant_id();
+
+      alter table daily_active_users enable row level security;
+
+      create policy daily_active_users_tenant_id on daily_active_users
+        as restrictive
+        using (tenant_id = (select id from tenants where db_user = current_user));
+      create policy daily_active_users_modification on daily_active_users
+        using (true);
+
+      grant select, insert, update, delete on daily_active_users to ${baseRoleId};
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop policy daily_active_users_tenant_id on daily_active_users;
+      drop policy daily_active_users_modification on daily_active_users;
+
+      alter table daily_active_users disable row level security;
+
+      drop table daily_active_users;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.8.0-1692088012-add-is-suspend-column-to-tenants-table.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.8.0-1692088012-add-is-suspend-column-to-tenants-table.js

@@ -0,0 +1,14 @@
+import { sql } from 'slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table tenants add column is_suspended boolean not null default false;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table tenants drop column is_suspended;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.8.0-1692194751-add-affiliate-scopes.d.ts

@@ -0,0 +1,3 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.8.0-1692194751-add-affiliate-scopes.js

@@ -0,0 +1,48 @@
+import { generateStandardId } from '@logto/shared/universal';
+import { sql } from 'slonik';
+const adminTenantId = 'admin';
+const alteration = {
+    up: async (pool) => {
+        // Get `resourceId` of the admin tenant's resource whose indicator is `https://cloud.logto.io/api`.
+        const { id: resourceId } = await pool.one(sql `
+      select id from resources
+      where tenant_id = ${adminTenantId}
+      and indicator = 'https://cloud.logto.io/api'
+    `);
+        const { id: roleId } = await pool.one(sql `
+      select id from roles
+      where tenant_id = ${adminTenantId}
+      and name = 'admin:admin'
+    `);
+        const createAffiliateId = generateStandardId();
+        const manageAffiliateId = generateStandardId();
+        await pool.query(sql `
+      insert into scopes (tenant_id, id, name, description, resource_id)
+        values (
+          ${adminTenantId},
+          ${createAffiliateId},
+          'create:affiliate',
+          'Allow creating new affiliates and logs.',
+          ${resourceId}
+        ), (
+          ${adminTenantId},
+          ${manageAffiliateId},
+          'manage:affiliate',
+          'Allow managing affiliates, including create, update, and delete.',
+          ${resourceId}
+        );
+    `);
+        await pool.query(sql `
+      insert into roles_scopes (tenant_id, id, role_id, scope_id) values
+        (${adminTenantId}, ${generateStandardId()}, ${roleId}, ${createAffiliateId}),
+        (${adminTenantId}, ${generateStandardId()}, ${roleId}, ${manageAffiliateId});
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      delete from scopes
+      where tenant_id = ${adminTenantId} and name = any(array['create:affiliate', 'manage:affiliate']);
+    `);
+    },
+};
+export default alteration;

package/lib/consts/index.d.ts

@@ -2,3 +2,4 @@ export * from './cookie.js';
 export * from './system.js';
 export * from './oidc.js';
 export * from './date.js';
+export * from './tenant.js';

package/lib/consts/index.js

@@ -2,3 +2,4 @@ export * from './cookie.js';
 export * from './system.js';
 export * from './oidc.js';
 export * from './date.js';
+export * from './tenant.js';

package/lib/consts/tenant.d.ts

@@ -0,0 +1 @@
+export declare const maxFreeTenantLimit = 10;

package/lib/consts/tenant.js

@@ -0,0 +1 @@
+export const maxFreeTenantLimit = 10;

package/lib/db-entries/daily-active-user.d.ts

@@ -0,0 +1,14 @@
+import { GeneratedSchema } from './../foundations/index.js';
+export type CreateDailyActiveUser = {
+    id: string;
+    tenantId?: string;
+    userId: string;
+    date: number;
+};
+export type DailyActiveUser = {
+    id: string;
+    tenantId: string;
+    userId: string;
+    date: number;
+};
+export declare const DailyActiveUsers: GeneratedSchema<CreateDailyActiveUser, DailyActiveUser>;

package/lib/db-entries/daily-active-user.js

@@ -0,0 +1,32 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+const createGuard = z.object({
+    id: z.string().min(1).max(21),
+    tenantId: z.string().max(21).optional(),
+    userId: z.string().min(1).max(21),
+    date: z.number(),
+});
+const guard = z.object({
+    id: z.string().min(1).max(21),
+    tenantId: z.string().max(21),
+    userId: z.string().min(1).max(21),
+    date: z.number(),
+});
+export const DailyActiveUsers = Object.freeze({
+    table: 'daily_active_users',
+    tableSingular: 'daily_active_user',
+    fields: {
+        id: 'id',
+        tenantId: 'tenant_id',
+        userId: 'user_id',
+        date: 'date',
+    },
+    fieldKeys: [
+        'id',
+        'tenantId',
+        'userId',
+        'date',
+    ],
+    createGuard,
+    guard,
+});

package/lib/db-entries/index.d.ts

@@ -7,6 +7,7 @@ export * from './application.js';
 export * from './applications-role.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
+export * from './daily-active-user.js';
 export * from './domain.js';
 export * from './hook.js';
 export * from './log.js';

package/lib/db-entries/index.js

@@ -8,6 +8,7 @@ export * from './application.js';
 export * from './applications-role.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
+export * from './daily-active-user.js';
 export * from './domain.js';
 export * from './hook.js';
 export * from './log.js';

package/lib/foundations/jsonb-types.js

@@ -65,7 +65,7 @@ export var CustomClientMetadataKey;
     CustomClientMetadataKey["RotateRefreshToken"] = "rotateRefreshToken";
 })(CustomClientMetadataKey || (CustomClientMetadataKey = {}));
 export const customClientMetadataGuard = z.object({
-    [CustomClientMetadataKey.CorsAllowedOrigins]: z.string().url().array().optional(),
+    [CustomClientMetadataKey.CorsAllowedOrigins]: z.string().min(1).array().optional(),
     [CustomClientMetadataKey.IdTokenTtl]: z.number().optional(),
     [CustomClientMetadataKey.RefreshTokenTtl]: z.number().optional(),
     [CustomClientMetadataKey.RefreshTokenTtlInDays]: z.number().int().min(1).max(90).optional(),

package/lib/models/tenants.d.ts

@@ -12,9 +12,30 @@ export declare const Tenants: import("@withtyped/server/model").default<"tenants
     name: string;
     tag: TenantTag;
     createdAt: Date;
-}, "name" | "createdAt" | "tag", "createdAt">;
+    isSuspended: boolean;
+}, "name" | "createdAt" | "isSuspended" | "tag", "createdAt">;
 export type TenantModel = InferModelType<typeof Tenants>;
-export type TenantInfo = Pick<TenantModel, 'id' | 'name' | 'tag'> & {
+export declare const tenantInfoGuard: z.ZodObject<z.extendShape<Pick<{
+    id: z.ZodType<string, z.ZodTypeDef, string>;
+    dbUser: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+    dbUserPassword: z.ZodType<string | null, z.ZodTypeDef, string | null>;
+    name: z.ZodType<string, z.ZodTypeDef, string>;
+    tag: z.ZodType<TenantTag, z.ZodTypeDef, TenantTag>;
+    createdAt: z.ZodType<Date, z.ZodTypeDef, Date>;
+    isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
+}, "name" | "id" | "isSuspended" | "tag">, {
+    indicator: z.ZodString;
+}>, "strip", z.ZodTypeAny, {
+    name: string;
+    id: string;
     indicator: string;
-};
-export declare const tenantInfoGuard: z.ZodType<TenantInfo>;
+    isSuspended: boolean;
+    tag: TenantTag;
+}, {
+    name: string;
+    id: string;
+    indicator: string;
+    isSuspended: boolean;
+    tag: TenantTag;
+}>;
+export type TenantInfo = z.infer<typeof tenantInfoGuard>;

package/lib/models/tenants.js

@@ -6,7 +6,8 @@ export var TenantTag;
     TenantTag["Staging"] = "staging";
     TenantTag["Production"] = "production";
 })(TenantTag || (TenantTag = {}));
-export const Tenants = createModel(/* sql */ `
+export const Tenants = createModel(
+/* Sql */ `
   /* init_order = 0 */
   create table tenants (
     id varchar(21) not null,
@@ -15,14 +16,15 @@ export const Tenants = createModel(/* sql */ `
     name varchar(128) not null default 'My Project',
     tag varchar(64) not null default '${TenantTag.Development}',
     created_at timestamptz not null default(now()),
+    is_suspended boolean not null default false,
     primary key (id),
     constraint tenants__db_user
       unique (db_user)
   );
   /* no_after_each */
-`)
+`, 'public')
     .extend('tag', z.nativeEnum(TenantTag))
     .extend('createdAt', { readonly: true });
 export const tenantInfoGuard = Tenants.guard('model')
-    .pick({ id: true, name: true, tag: true })
+    .pick({ id: true, name: true, tag: true, isSuspended: true })
     .extend({ indicator: z.string() });

package/lib/seeds/cloud-api.d.ts

@@ -10,7 +10,11 @@ export declare enum CloudScope {
     /** The user can update or delete its own tenants. */
     ManageTenantSelf = "manage:tenant:self",
     SendSms = "send:sms",
-    SendEmail = "send:email"
+    SendEmail = "send:email",
+    /** The user can see and manage affiliates, including create, update, and delete. */
+    ManageAffiliate = "manage:affiliate",
+    /** The user can create new affiliates and logs. */
+    CreateAffiliate = "create:affiliate"
 }
 export declare const createCloudApi: () => readonly [UpdateAdminData, ...CreateScope[]];
 export declare const createTenantApplicationRole: () => Readonly<Role>;

package/lib/seeds/cloud-api.js

@@ -13,6 +13,10 @@ export var CloudScope;
     CloudScope["ManageTenantSelf"] = "manage:tenant:self";
     CloudScope["SendSms"] = "send:sms";
     CloudScope["SendEmail"] = "send:email";
+    /** The user can see and manage affiliates, including create, update, and delete. */
+    CloudScope["ManageAffiliate"] = "manage:affiliate";
+    /** The user can create new affiliates and logs. */
+    CloudScope["CreateAffiliate"] = "create:affiliate";
 })(CloudScope || (CloudScope = {}));
 export const createCloudApi = () => {
     const resourceId = generateStandardId();
@@ -43,6 +47,8 @@ export const createCloudApi = () => {
         buildScope(CloudScope.ManageTenant, 'Allow managing existing tenants, including create without limitation, update, and delete.'),
         buildScope(CloudScope.SendEmail, 'Allow sending emails. This scope is only available to M2M application.'),
         buildScope(CloudScope.SendSms, 'Allow sending SMS. This scope is only available to M2M application.'),
+        buildScope(CloudScope.CreateAffiliate, 'Allow creating new affiliates and logs.'),
+        buildScope(CloudScope.ManageAffiliate, 'Allow managing affiliates, including create, update, and delete.'),
     ]);
 };
 export const createTenantApplicationRole = () => ({

package/lib/seeds/logto-config.d.ts

@@ -1,7 +1,12 @@
-import type { AdminConsoleData } from '../types/index.js';
+import type { AdminConsoleData, CloudConnectionData } from '../types/index.js';
 import { LogtoTenantConfigKey } from '../types/index.js';
 export declare const createDefaultAdminConsoleConfig: (forTenantId: string) => Readonly<{
     tenantId: string;
     key: LogtoTenantConfigKey;
     value: AdminConsoleData;
 }>;
+export declare const createCloudConnectionConfig: (forTenantId: string, appId: string, appSecret: string) => Readonly<{
+    tenantId: string;
+    key: LogtoTenantConfigKey;
+    value: CloudConnectionData;
+}>;

package/lib/seeds/logto-config.js

@@ -1,4 +1,5 @@
 import { LogtoTenantConfigKey } from '../types/index.js';
+import { cloudApiIndicator } from './cloud-api.js';
 export const createDefaultAdminConsoleConfig = (forTenantId) => Object.freeze({
     tenantId: forTenantId,
     key: LogtoTenantConfigKey.AdminConsole,
@@ -13,3 +14,12 @@ export const createDefaultAdminConsoleConfig = (forTenantId) => Object.freeze({
         m2mApplicationCreated: false,
     },
 });
+export const createCloudConnectionConfig = (forTenantId, appId, appSecret) => Object.freeze({
+    tenantId: forTenantId,
+    key: LogtoTenantConfigKey.CloudConnection,
+    value: {
+        appId,
+        appSecret,
+        resource: cloudApiIndicator,
+    },
+});

package/lib/types/connector.d.ts

@@ -9,6 +9,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
     connectorId: z.ZodType<string, z.ZodTypeDef, string>;
     config: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
     metadata: z.ZodType<{
+        [x: string]: unknown;
         target?: string | undefined;
         name?: ({
             en: string;
@@ -139,6 +140,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
         logo?: string | undefined;
         logoDark?: string | null | undefined;
     }, z.ZodTypeDef, {
+        [x: string]: unknown;
         target?: string | undefined;
         name?: ({
             en: string;
@@ -900,6 +902,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
     type: z.ZodNativeEnum<typeof ConnectorType>;
     isDemo: z.ZodOptional<z.ZodBoolean>;
     extraInfo: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    usage: z.ZodOptional<z.ZodNumber>;
 }>, "strip", z.ZodTypeAny, {
     isStandard?: boolean | undefined;
     configTemplate?: string | undefined;
@@ -938,6 +941,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
     })[] | undefined;
     isDemo?: boolean | undefined;
     extraInfo?: Record<string, unknown> | undefined;
+    usage?: number | undefined;
     type: ConnectorType;
     name: {
         en: string;
@@ -1196,6 +1200,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
     connectorId: string;
     config: import("@withtyped/server").JsonObject;
     metadata: {
+        [x: string]: unknown;
         target?: string | undefined;
         name?: ({
             en: string;
@@ -1327,9 +1332,9 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
         logoDark?: string | null | undefined;
     };
     target: string;
+    platform: import("@logto/connector-kit").ConnectorPlatform | null;
     logo: string;
     logoDark: string | null;
-    platform: import("@logto/connector-kit").ConnectorPlatform | null;
     readme: string;
 }, {
     isStandard?: boolean | undefined;
@@ -1369,6 +1374,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
     })[] | undefined;
     isDemo?: boolean | undefined;
     extraInfo?: Record<string, unknown> | undefined;
+    usage?: number | undefined;
     type: ConnectorType;
     name: {
         en: string;
@@ -1627,6 +1633,7 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
     connectorId: string;
     config: import("@withtyped/server").JsonObject;
     metadata: {
+        [x: string]: unknown;
         target?: string | undefined;
         name?: ({
             en: string;
@@ -1758,9 +1765,9 @@ export declare const connectorResponseGuard: z.ZodObject<z.extendShape<z.extendS
         logoDark?: string | null | undefined;
     };
     target: string;
+    platform: import("@logto/connector-kit").ConnectorPlatform | null;
     logo: string;
     logoDark: string | null;
-    platform: import("@logto/connector-kit").ConnectorPlatform | null;
     readme: string;
 }>;
 export type ConnectorResponse = z.infer<typeof connectorResponseGuard>;
@@ -2393,7 +2400,8 @@ export declare const connectorFactoryResponseGuard: z.ZodObject<z.extendShape<{
         key: string;
         label: string;
     }>]>, "many">>;
-}>, "strip", z.ZodTypeAny, {
+}>, "strip", z.ZodUnknown, {
+    [x: string]: unknown;
     isStandard?: boolean | undefined;
     configTemplate?: string | undefined;
     formItems?: ({
@@ -2685,11 +2693,12 @@ export declare const connectorFactoryResponseGuard: z.ZodObject<z.extendShape<{
         "zz-TR"?: string | undefined;
     };
     target: string;
+    platform: import("@logto/connector-kit").ConnectorPlatform | null;
     logo: string;
     logoDark: string | null;
-    platform: import("@logto/connector-kit").ConnectorPlatform | null;
     readme: string;
 }, {
+    [x: string]: unknown;
     isStandard?: boolean | undefined;
     configTemplate?: string | undefined;
     formItems?: ({
@@ -2981,9 +2990,9 @@ export declare const connectorFactoryResponseGuard: z.ZodObject<z.extendShape<{
         "zz-TR"?: string | undefined;
     };
     target: string;
+    platform: import("@logto/connector-kit").ConnectorPlatform | null;
     logo: string;
     logoDark: string | null;
-    platform: import("@logto/connector-kit").ConnectorPlatform | null;
     readme: string;
 }>;
 export type ConnectorFactoryResponse = z.infer<typeof connectorFactoryResponseGuard>;

package/lib/types/connector.js

@@ -15,6 +15,7 @@ export const connectorResponseGuard = Connectors.guard
     type: z.nativeEnum(ConnectorType),
     isDemo: z.boolean().optional(),
     extraInfo: z.record(z.unknown()).optional(),
+    usage: z.number().optional(),
 }));
 export const connectorFactoryResponseGuard = z
     .object({

package/lib/types/log/index.d.ts

@@ -6,6 +6,8 @@ export * as token from './token.js';
 export * as hook from './hook.js';
 /** Fallback for empty or unrecognized log keys. */
 export declare const LogKeyUnknown = "Unknown";
+export type AuditLogKey = typeof LogKeyUnknown | interaction.LogKey | token.LogKey;
+export type WebhookLogKey = hook.LogKey;
 /**
  * The union type of all available log keys.
  * Note duplicate keys are allowed but should be avoided.
@@ -13,4 +15,4 @@ export declare const LogKeyUnknown = "Unknown";
  * @see {@link interaction.LogKey} for interaction log keys.
  * @see {@link token.LogKey} for token log keys.
  **/
-export type LogKey = typeof LogKeyUnknown | interaction.LogKey | token.LogKey | hook.LogKey;
+export type LogKey = AuditLogKey | WebhookLogKey;

package/lib/types/logto-config.d.ts

@@ -40,13 +40,29 @@ export declare const adminConsoleDataGuard: z.ZodObject<{
     m2mApplicationCreated: boolean;
 }>;
 export type AdminConsoleData = z.infer<typeof adminConsoleDataGuard>;
+export declare const cloudConnectionDataGuard: z.ZodObject<{
+    appId: z.ZodString;
+    appSecret: z.ZodString;
+    resource: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    resource: string;
+    appId: string;
+    appSecret: string;
+}, {
+    resource: string;
+    appId: string;
+    appSecret: string;
+}>;
+export type CloudConnectionData = z.infer<typeof cloudConnectionDataGuard>;
 export declare enum LogtoTenantConfigKey {
     AdminConsole = "adminConsole",
+    CloudConnection = "cloudConnection",
     /** The URL to redirect when session not found in Sign-in Experience. */
     SessionNotFoundRedirectUrl = "sessionNotFoundRedirectUrl"
 }
 export type LogtoTenantConfigType = {
     [LogtoTenantConfigKey.AdminConsole]: AdminConsoleData;
+    [LogtoTenantConfigKey.CloudConnection]: CloudConnectionData;
     [LogtoTenantConfigKey.SessionNotFoundRedirectUrl]: {
         url: string;
     };

package/lib/types/logto-config.js

@@ -21,14 +21,22 @@ export const adminConsoleDataGuard = z.object({
     roleCreated: z.boolean(),
     m2mApplicationCreated: z.boolean(),
 });
+/* --- Logto tenant cloud connection config --- */
+export const cloudConnectionDataGuard = z.object({
+    appId: z.string(),
+    appSecret: z.string(),
+    resource: z.string(),
+});
 export var LogtoTenantConfigKey;
 (function (LogtoTenantConfigKey) {
     LogtoTenantConfigKey["AdminConsole"] = "adminConsole";
+    LogtoTenantConfigKey["CloudConnection"] = "cloudConnection";
     /** The URL to redirect when session not found in Sign-in Experience. */
     LogtoTenantConfigKey["SessionNotFoundRedirectUrl"] = "sessionNotFoundRedirectUrl";
 })(LogtoTenantConfigKey || (LogtoTenantConfigKey = {}));
 export const logtoTenantConfigGuard = Object.freeze({
     [LogtoTenantConfigKey.AdminConsole]: adminConsoleDataGuard,
+    [LogtoTenantConfigKey.CloudConnection]: cloudConnectionDataGuard,
     [LogtoTenantConfigKey.SessionNotFoundRedirectUrl]: z.object({ url: z.string() }),
 });
 export const logtoConfigKeys = Object.freeze([

package/lib/types/system.d.ts

@@ -67,87 +67,48 @@ export declare const storageProviderGuard: Readonly<{
 export declare enum EmailServiceProvider {
     SendGrid = "SendGrid"
 }
-/**
- * `General` is now used as a fallback scenario.
- * This will be extended in the future since we will send different emails for
- * different purposes (such as webhook that inform users of suspicious account activities).
- */
-export declare enum OtherEmailTemplate {
-    General = "General"
-}
-export declare const otherEmailTemplateGuard: z.ZodNativeEnum<typeof OtherEmailTemplate>;
 export declare const sendgridEmailServiceDataGuard: z.ZodObject<{
-    fromName: z.ZodString;
-    fromEmail: z.ZodString;
-    templates: z.ZodRecord<z.ZodUnion<[z.ZodNativeEnum<typeof import("@logto/connector-kit").VerificationCodeType>, z.ZodNativeEnum<typeof OtherEmailTemplate>]>, z.ZodObject<{
-        subject: z.ZodString;
-        content: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        subject: string;
-        content: string;
-    }, {
-        subject: string;
-        content: string;
-    }>>;
     provider: z.ZodLiteral<EmailServiceProvider>;
     apiKey: z.ZodString;
+    templateId: z.ZodString;
+    fromName: z.ZodString;
+    fromEmail: z.ZodString;
 }, "strip", z.ZodTypeAny, {
     provider: EmailServiceProvider;
     apiKey: string;
+    templateId: string;
     fromName: string;
     fromEmail: string;
-    templates: Partial<Record<OtherEmailTemplate.General | import("@logto/connector-kit").VerificationCodeType, {
-        subject: string;
-        content: string;
-    }>>;
 }, {
     provider: EmailServiceProvider;
     apiKey: string;
+    templateId: string;
     fromName: string;
     fromEmail: string;
-    templates: Partial<Record<OtherEmailTemplate.General | import("@logto/connector-kit").VerificationCodeType, {
-        subject: string;
-        content: string;
-    }>>;
 }>;
 export type SendgridEmailServiceData = z.infer<typeof sendgridEmailServiceDataGuard>;
 export declare const emailServiceDataGuard: z.ZodDiscriminatedUnion<"provider", [z.ZodObject<{
-    fromName: z.ZodString;
-    fromEmail: z.ZodString;
-    templates: z.ZodRecord<z.ZodUnion<[z.ZodNativeEnum<typeof import("@logto/connector-kit").VerificationCodeType>, z.ZodNativeEnum<typeof OtherEmailTemplate>]>, z.ZodObject<{
-        subject: z.ZodString;
-        content: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        subject: string;
-        content: string;
-    }, {
-        subject: string;
-        content: string;
-    }>>;
     provider: z.ZodLiteral<EmailServiceProvider>;
     apiKey: z.ZodString;
+    templateId: z.ZodString;
+    fromName: z.ZodString;
+    fromEmail: z.ZodString;
 }, "strip", z.ZodTypeAny, {
     provider: EmailServiceProvider;
     apiKey: string;
+    templateId: string;
     fromName: string;
     fromEmail: string;
-    templates: Partial<Record<OtherEmailTemplate.General | import("@logto/connector-kit").VerificationCodeType, {
-        subject: string;
-        content: string;
-    }>>;
 }, {
     provider: EmailServiceProvider;
     apiKey: string;
+    templateId: string;
     fromName: string;
     fromEmail: string;
-    templates: Partial<Record<OtherEmailTemplate.General | import("@logto/connector-kit").VerificationCodeType, {
-        subject: string;
-        content: string;
-    }>>;
 }>]>;
 export type EmailServiceData = z.infer<typeof emailServiceDataGuard>;
 export declare enum EmailServiceProviderKey {
-    EmailServiceProvider = "EmailServiceProvider"
+    EmailServiceProvider = "emailServiceProvider"
 }
 export type EmailServiceProviderType = {
     [EmailServiceProviderKey.EmailServiceProvider]: EmailServiceData;

package/lib/types/system.js

@@ -1,4 +1,3 @@
-import { verificationCodeTypeGuard } from '@logto/connector-kit';
 import { z } from 'zod';
 // Alteration state
 export var AlterationStateKey;
@@ -48,35 +47,19 @@ export var EmailServiceProvider;
 (function (EmailServiceProvider) {
     EmailServiceProvider["SendGrid"] = "SendGrid";
 })(EmailServiceProvider || (EmailServiceProvider = {}));
-/**
- * `General` is now used as a fallback scenario.
- * This will be extended in the future since we will send different emails for
- * different purposes (such as webhook that inform users of suspicious account activities).
- */
-export var OtherEmailTemplate;
-(function (OtherEmailTemplate) {
-    OtherEmailTemplate["General"] = "General";
-})(OtherEmailTemplate || (OtherEmailTemplate = {}));
-export const otherEmailTemplateGuard = z.nativeEnum(OtherEmailTemplate);
-const emailServiceBasicConfig = {
-    fromName: z.string(),
-    fromEmail: z.string(),
-    templates: z.record(verificationCodeTypeGuard.or(otherEmailTemplateGuard), z.object({
-        subject: z.string(),
-        content: z.string(),
-    })),
-};
 export const sendgridEmailServiceDataGuard = z.object({
     provider: z.literal(EmailServiceProvider.SendGrid),
     apiKey: z.string(),
-    ...emailServiceBasicConfig,
+    templateId: z.string(),
+    fromName: z.string(),
+    fromEmail: z.string(),
 });
 export const emailServiceDataGuard = z.discriminatedUnion('provider', [
     sendgridEmailServiceDataGuard,
 ]);
 export var EmailServiceProviderKey;
 (function (EmailServiceProviderKey) {
-    EmailServiceProviderKey["EmailServiceProvider"] = "EmailServiceProvider";
+    EmailServiceProviderKey["EmailServiceProvider"] = "emailServiceProvider";
 })(EmailServiceProviderKey || (EmailServiceProviderKey = {}));
 export const emailServiceProviderGuard = Object.freeze({
     [EmailServiceProviderKey.EmailServiceProvider]: emailServiceDataGuard,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.6.0",
+  "version": "1.8.0",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",
@@ -24,20 +24,20 @@
     "node": "^18.12.0"
   },
   "devDependencies": {
-    "@silverhand/eslint-config": "3.0.1",
+    "@silverhand/eslint-config": "4.0.1",
     "@silverhand/essentials": "^2.5.0",
-    "@silverhand/ts-config": "3.0.0",
+    "@silverhand/ts-config": "4.0.0",
     "@types/inquirer": "^9.0.0",
     "@types/jest": "^29.4.0",
     "@types/node": "^18.11.18",
     "@types/pluralize": "^0.0.29",
-    "camelcase": "^7.0.0",
+    "camelcase": "^8.0.0",
     "chalk": "^5.0.0",
-    "eslint": "^8.34.0",
+    "eslint": "^8.44.0",
     "jest": "^29.5.0",
-    "lint-staged": "^13.0.0",
+    "lint-staged": "^14.0.0",
     "pluralize": "^8.0.0",
-    "prettier": "^2.8.2",
+    "prettier": "^3.0.0",
     "roarr": "^7.11.0",
     "slonik": "^30.0.0",
     "slonik-sql-tag-raw": "^1.1.4",
@@ -70,7 +70,7 @@
     "@logto/phrases": "^1.4.1",
     "@logto/phrases-ui": "^1.2.0",
     "@logto/shared": "^2.0.0",
-    "@withtyped/server": "^0.11.1"
+    "@withtyped/server": "^0.12.9"
   },
   "peerDependencies": {
     "zod": "^3.20.2"

package/tables/daily_active_users.sql

@@ -0,0 +1,13 @@
+create table daily_active_users (
+  id varchar(21) not null,
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  user_id varchar(21) not null,
+  date timestamptz not null,
+  primary key (id),
+  constraint daily_active_users__user_id_date
+    unique (user_id, date)
+);
+
+create index daily_active_users__id
+  on daily_active_users (tenant_id, id);