@logto/schemas 1.7.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. package/alterations/1.8.0-1692088012-add-is-suspend-column-to-tenants-table.ts +18 -0
  2. package/alterations/1.8.0-1692194751-add-affiliate-scopes.ts +57 -0
  3. package/alterations/1.9.0-1693554904-add-possword-policy.ts +21 -0
  4. package/alterations/1.9.0-1694399696-add-type-col-to-roles-table.ts +55 -0
  5. package/alterations/1.9.0-1694418765-specify-check-role-type-function-to-be-public-schema.ts +54 -0
  6. package/alterations/1.9.0-1694484927-remove-deprecated-challenge-flag.ts +100 -0
  7. package/alterations/1.9.0-1694487524-sie-mfa.ts +26 -0
  8. package/alterations/1.9.0-1694509714-keep-existing-password-policy.ts +54 -0
  9. package/alterations/1.9.0-1694746763-user-verifications.ts +20 -0
  10. package/alterations-js/1.8.0-1692088012-add-is-suspend-column-to-tenants-table.d.ts +3 -0
  11. package/alterations-js/1.8.0-1692088012-add-is-suspend-column-to-tenants-table.js +14 -0
  12. package/alterations-js/1.8.0-1692194751-add-affiliate-scopes.d.ts +3 -0
  13. package/alterations-js/1.8.0-1692194751-add-affiliate-scopes.js +48 -0
  14. package/alterations-js/1.9.0-1693554904-add-possword-policy.d.ts +4 -0
  15. package/alterations-js/1.9.0-1693554904-add-possword-policy.js +17 -0
  16. package/alterations-js/1.9.0-1694399696-add-type-col-to-roles-table.d.ts +3 -0
  17. package/alterations-js/1.9.0-1694399696-add-type-col-to-roles-table.js +44 -0
  18. package/alterations-js/1.9.0-1694418765-specify-check-role-type-function-to-be-public-schema.d.ts +9 -0
  19. package/alterations-js/1.9.0-1694418765-specify-check-role-type-function-to-be-public-schema.js +42 -0
  20. package/alterations-js/1.9.0-1694484927-remove-deprecated-challenge-flag.d.ts +3 -0
  21. package/alterations-js/1.9.0-1694484927-remove-deprecated-challenge-flag.js +35 -0
  22. package/alterations-js/1.9.0-1694487524-sie-mfa.d.ts +3 -0
  23. package/alterations-js/1.9.0-1694487524-sie-mfa.js +21 -0
  24. package/alterations-js/1.9.0-1694509714-keep-existing-password-policy.d.ts +3 -0
  25. package/alterations-js/1.9.0-1694509714-keep-existing-password-policy.js +42 -0
  26. package/alterations-js/1.9.0-1694746763-user-verifications.d.ts +3 -0
  27. package/alterations-js/1.9.0-1694746763-user-verifications.js +16 -0
  28. package/lib/db-entries/custom-types.d.ts +4 -0
  29. package/lib/db-entries/custom-types.js +5 -0
  30. package/lib/db-entries/role.d.ts +3 -0
  31. package/lib/db-entries/role.js +5 -0
  32. package/lib/db-entries/sign-in-experience.d.ts +5 -1
  33. package/lib/db-entries/sign-in-experience.js +9 -1
  34. package/lib/db-entries/user.d.ts +3 -1
  35. package/lib/db-entries/user.js +5 -1
  36. package/lib/foundations/jsonb-types.d.ts +233 -26
  37. package/lib/foundations/jsonb-types.js +52 -22
  38. package/lib/models/tenants.d.ts +9 -7
  39. package/lib/models/tenants.js +2 -1
  40. package/lib/seeds/cloud-api.d.ts +1 -1
  41. package/lib/seeds/cloud-api.js +4 -0
  42. package/lib/seeds/logto-config.js +0 -7
  43. package/lib/seeds/management-api.d.ts +2 -1
  44. package/lib/seeds/management-api.js +5 -0
  45. package/lib/seeds/sign-in-experience.js +6 -1
  46. package/lib/types/connector.d.ts +4 -4
  47. package/lib/types/hook.d.ts +13 -2
  48. package/lib/types/hook.js +4 -0
  49. package/lib/types/interactions.d.ts +1 -2
  50. package/lib/types/interactions.js +4 -5
  51. package/lib/types/log/index.d.ts +3 -1
  52. package/lib/types/logto-config.d.ts +0 -21
  53. package/lib/types/logto-config.js +0 -8
  54. package/lib/types/role.d.ts +4 -2
  55. package/lib/types/scope.d.ts +6 -6
  56. package/lib/types/system.d.ts +11 -8
  57. package/lib/types/system.js +6 -5
  58. package/lib/types/user.d.ts +195 -16
  59. package/lib/types/user.js +10 -0
  60. package/package.json +9 -9
  61. package/tables/applications_roles.sql +5 -1
  62. package/tables/roles.sql +8 -0
  63. package/tables/sign_in_experiences.sql +2 -0
  64. package/tables/users.sql +1 -0
  65. package/tables/users_roles.sql +5 -1
package/lib/types/user.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import { z } from 'zod';
2
+ import { MfaFactor } from '../foundations/jsonb-types.js';
2
3
  export declare const userInfoSelectFields: readonly ["id", "username", "primaryEmail", "primaryPhone", "name", "avatar", "customData", "identities", "lastSignInAt", "createdAt", "applicationId", "isSuspended"];
3
4
  export declare const userInfoGuard: z.ZodObject<Pick<{
4
5
  tenantId: z.ZodType<string, z.ZodTypeDef, string>;
@@ -18,17 +19,56 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
18
19
  details?: {} | undefined;
19
20
  userId: string;
20
21
  }>>;
21
- customData: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
22
+ customData: z.ZodType<import("../foundations/jsonb-types.js").JsonObject, z.ZodTypeDef, import("../foundations/jsonb-types.js").JsonObject>;
23
+ mfaVerifications: z.ZodType<({
24
+ type: MfaFactor.TOTP;
25
+ key: string;
26
+ id: string;
27
+ createdAt: string;
28
+ } | {
29
+ type: MfaFactor.WebAuthn;
30
+ id: string;
31
+ createdAt: string;
32
+ credentialId: string;
33
+ publicKey: string;
34
+ counter: number;
35
+ agent: string;
36
+ } | {
37
+ usedAt?: Date | undefined;
38
+ code: string;
39
+ type: MfaFactor.BackupCode;
40
+ id: string;
41
+ createdAt: string;
42
+ })[], z.ZodTypeDef, ({
43
+ type: MfaFactor.TOTP;
44
+ key: string;
45
+ id: string;
46
+ createdAt: string;
47
+ } | {
48
+ type: MfaFactor.WebAuthn;
49
+ id: string;
50
+ createdAt: string;
51
+ credentialId: string;
52
+ publicKey: string;
53
+ counter: number;
54
+ agent: string;
55
+ } | {
56
+ usedAt?: Date | undefined;
57
+ code: string;
58
+ type: MfaFactor.BackupCode;
59
+ id: string;
60
+ createdAt: string;
61
+ })[]>;
22
62
  isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
23
63
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
24
64
  createdAt: z.ZodType<number, z.ZodTypeDef, number>;
25
- }, "tenantId" | "username" | "applicationId" | "name" | "id" | "createdAt" | "primaryEmail" | "primaryPhone" | "passwordEncrypted" | "passwordEncryptionMethod" | "avatar" | "identities" | "customData" | "isSuspended" | "lastSignInAt">, "strip", z.ZodTypeAny, {
65
+ }, "tenantId" | "username" | "id" | "createdAt" | "applicationId" | "name" | "primaryEmail" | "primaryPhone" | "passwordEncrypted" | "passwordEncryptionMethod" | "avatar" | "identities" | "customData" | "mfaVerifications" | "isSuspended" | "lastSignInAt">, "strip", z.ZodTypeAny, {
26
66
  tenantId: string;
27
67
  username: string | null;
28
- applicationId: string | null;
29
- name: string | null;
30
68
  id: string;
31
69
  createdAt: number;
70
+ applicationId: string | null;
71
+ name: string | null;
32
72
  primaryEmail: string | null;
33
73
  primaryPhone: string | null;
34
74
  passwordEncrypted: string | null;
@@ -38,16 +78,36 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
38
78
  details?: {} | undefined;
39
79
  userId: string;
40
80
  }>;
41
- customData: import("@withtyped/server").JsonObject;
81
+ customData: import("../foundations/jsonb-types.js").JsonObject;
82
+ mfaVerifications: ({
83
+ type: MfaFactor.TOTP;
84
+ key: string;
85
+ id: string;
86
+ createdAt: string;
87
+ } | {
88
+ type: MfaFactor.WebAuthn;
89
+ id: string;
90
+ createdAt: string;
91
+ credentialId: string;
92
+ publicKey: string;
93
+ counter: number;
94
+ agent: string;
95
+ } | {
96
+ usedAt?: Date | undefined;
97
+ code: string;
98
+ type: MfaFactor.BackupCode;
99
+ id: string;
100
+ createdAt: string;
101
+ })[];
42
102
  isSuspended: boolean;
43
103
  lastSignInAt: number | null;
44
104
  }, {
45
105
  tenantId: string;
46
106
  username: string | null;
47
- applicationId: string | null;
48
- name: string | null;
49
107
  id: string;
50
108
  createdAt: number;
109
+ applicationId: string | null;
110
+ name: string | null;
51
111
  primaryEmail: string | null;
52
112
  primaryPhone: string | null;
53
113
  passwordEncrypted: string | null;
@@ -57,7 +117,27 @@ export declare const userInfoGuard: z.ZodObject<Pick<{
57
117
  details?: {} | undefined;
58
118
  userId: string;
59
119
  }>;
60
- customData: import("@withtyped/server").JsonObject;
120
+ customData: import("../foundations/jsonb-types.js").JsonObject;
121
+ mfaVerifications: ({
122
+ type: MfaFactor.TOTP;
123
+ key: string;
124
+ id: string;
125
+ createdAt: string;
126
+ } | {
127
+ type: MfaFactor.WebAuthn;
128
+ id: string;
129
+ createdAt: string;
130
+ credentialId: string;
131
+ publicKey: string;
132
+ counter: number;
133
+ agent: string;
134
+ } | {
135
+ usedAt?: Date | undefined;
136
+ code: string;
137
+ type: MfaFactor.BackupCode;
138
+ id: string;
139
+ createdAt: string;
140
+ })[];
61
141
  isSuspended: boolean;
62
142
  lastSignInAt: number | null;
63
143
  }>;
@@ -80,20 +160,59 @@ export declare const userProfileResponseGuard: z.ZodObject<z.extendShape<Pick<{
80
160
  details?: {} | undefined;
81
161
  userId: string;
82
162
  }>>;
83
- customData: z.ZodType<import("@withtyped/server").JsonObject, z.ZodTypeDef, import("@withtyped/server").JsonObject>;
163
+ customData: z.ZodType<import("../foundations/jsonb-types.js").JsonObject, z.ZodTypeDef, import("../foundations/jsonb-types.js").JsonObject>;
164
+ mfaVerifications: z.ZodType<({
165
+ type: MfaFactor.TOTP;
166
+ key: string;
167
+ id: string;
168
+ createdAt: string;
169
+ } | {
170
+ type: MfaFactor.WebAuthn;
171
+ id: string;
172
+ createdAt: string;
173
+ credentialId: string;
174
+ publicKey: string;
175
+ counter: number;
176
+ agent: string;
177
+ } | {
178
+ usedAt?: Date | undefined;
179
+ code: string;
180
+ type: MfaFactor.BackupCode;
181
+ id: string;
182
+ createdAt: string;
183
+ })[], z.ZodTypeDef, ({
184
+ type: MfaFactor.TOTP;
185
+ key: string;
186
+ id: string;
187
+ createdAt: string;
188
+ } | {
189
+ type: MfaFactor.WebAuthn;
190
+ id: string;
191
+ createdAt: string;
192
+ credentialId: string;
193
+ publicKey: string;
194
+ counter: number;
195
+ agent: string;
196
+ } | {
197
+ usedAt?: Date | undefined;
198
+ code: string;
199
+ type: MfaFactor.BackupCode;
200
+ id: string;
201
+ createdAt: string;
202
+ })[]>;
84
203
  isSuspended: z.ZodType<boolean, z.ZodTypeDef, boolean>;
85
204
  lastSignInAt: z.ZodType<number | null, z.ZodTypeDef, number | null>;
86
205
  createdAt: z.ZodType<number, z.ZodTypeDef, number>;
87
- }, "tenantId" | "username" | "applicationId" | "name" | "id" | "createdAt" | "primaryEmail" | "primaryPhone" | "passwordEncrypted" | "passwordEncryptionMethod" | "avatar" | "identities" | "customData" | "isSuspended" | "lastSignInAt">, {
206
+ }, "tenantId" | "username" | "id" | "createdAt" | "applicationId" | "name" | "primaryEmail" | "primaryPhone" | "passwordEncrypted" | "passwordEncryptionMethod" | "avatar" | "identities" | "customData" | "mfaVerifications" | "isSuspended" | "lastSignInAt">, {
88
207
  hasPassword: z.ZodOptional<z.ZodBoolean>;
89
208
  }>, "strip", z.ZodTypeAny, {
90
209
  hasPassword?: boolean | undefined;
91
210
  tenantId: string;
92
211
  username: string | null;
93
- applicationId: string | null;
94
- name: string | null;
95
212
  id: string;
96
213
  createdAt: number;
214
+ applicationId: string | null;
215
+ name: string | null;
97
216
  primaryEmail: string | null;
98
217
  primaryPhone: string | null;
99
218
  passwordEncrypted: string | null;
@@ -103,17 +222,37 @@ export declare const userProfileResponseGuard: z.ZodObject<z.extendShape<Pick<{
103
222
  details?: {} | undefined;
104
223
  userId: string;
105
224
  }>;
106
- customData: import("@withtyped/server").JsonObject;
225
+ customData: import("../foundations/jsonb-types.js").JsonObject;
226
+ mfaVerifications: ({
227
+ type: MfaFactor.TOTP;
228
+ key: string;
229
+ id: string;
230
+ createdAt: string;
231
+ } | {
232
+ type: MfaFactor.WebAuthn;
233
+ id: string;
234
+ createdAt: string;
235
+ credentialId: string;
236
+ publicKey: string;
237
+ counter: number;
238
+ agent: string;
239
+ } | {
240
+ usedAt?: Date | undefined;
241
+ code: string;
242
+ type: MfaFactor.BackupCode;
243
+ id: string;
244
+ createdAt: string;
245
+ })[];
107
246
  isSuspended: boolean;
108
247
  lastSignInAt: number | null;
109
248
  }, {
110
249
  hasPassword?: boolean | undefined;
111
250
  tenantId: string;
112
251
  username: string | null;
113
- applicationId: string | null;
114
- name: string | null;
115
252
  id: string;
116
253
  createdAt: number;
254
+ applicationId: string | null;
255
+ name: string | null;
117
256
  primaryEmail: string | null;
118
257
  primaryPhone: string | null;
119
258
  passwordEncrypted: string | null;
@@ -123,11 +262,51 @@ export declare const userProfileResponseGuard: z.ZodObject<z.extendShape<Pick<{
123
262
  details?: {} | undefined;
124
263
  userId: string;
125
264
  }>;
126
- customData: import("@withtyped/server").JsonObject;
265
+ customData: import("../foundations/jsonb-types.js").JsonObject;
266
+ mfaVerifications: ({
267
+ type: MfaFactor.TOTP;
268
+ key: string;
269
+ id: string;
270
+ createdAt: string;
271
+ } | {
272
+ type: MfaFactor.WebAuthn;
273
+ id: string;
274
+ createdAt: string;
275
+ credentialId: string;
276
+ publicKey: string;
277
+ counter: number;
278
+ agent: string;
279
+ } | {
280
+ usedAt?: Date | undefined;
281
+ code: string;
282
+ type: MfaFactor.BackupCode;
283
+ id: string;
284
+ createdAt: string;
285
+ })[];
127
286
  isSuspended: boolean;
128
287
  lastSignInAt: number | null;
129
288
  }>;
130
289
  export type UserProfileResponse = z.infer<typeof userProfileResponseGuard>;
290
+ export declare const userMfaVerificationResponseGuard: z.ZodArray<z.ZodObject<{
291
+ id: z.ZodString;
292
+ createdAt: z.ZodString;
293
+ type: z.ZodNativeEnum<typeof MfaFactor>;
294
+ agent: z.ZodOptional<z.ZodString>;
295
+ used: z.ZodOptional<z.ZodBoolean>;
296
+ }, "strip", z.ZodTypeAny, {
297
+ agent?: string | undefined;
298
+ used?: boolean | undefined;
299
+ type: MfaFactor;
300
+ id: string;
301
+ createdAt: string;
302
+ }, {
303
+ agent?: string | undefined;
304
+ used?: boolean | undefined;
305
+ type: MfaFactor;
306
+ id: string;
307
+ createdAt: string;
308
+ }>, "many">;
309
+ export type UserMfaVerificationResponse = z.infer<typeof userMfaVerificationResponseGuard>;
131
310
  /** Internal read-only roles for user tenants. */
132
311
  export declare enum InternalRole {
133
312
  /**
package/lib/types/user.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import { z } from 'zod';
2
2
  import { Users } from '../db-entries/index.js';
3
+ import { MfaFactor } from '../foundations/jsonb-types.js';
3
4
  export const userInfoSelectFields = Object.freeze([
4
5
  'id',
5
6
  'username',
@@ -18,6 +19,15 @@ export const userInfoGuard = Users.guard.pick(Object.fromEntries(userInfoSelectF
18
19
  export const userProfileResponseGuard = userInfoGuard.extend({
19
20
  hasPassword: z.boolean().optional(),
20
21
  });
22
+ export const userMfaVerificationResponseGuard = z
23
+ .object({
24
+ id: z.string(),
25
+ createdAt: z.string(),
26
+ type: z.nativeEnum(MfaFactor),
27
+ agent: z.string().optional(),
28
+ used: z.boolean().optional(),
29
+ })
30
+ .array();
21
31
  /** Internal read-only roles for user tenants. */
22
32
  export var InternalRole;
23
33
  (function (InternalRole) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@logto/schemas",
3
- "version": "1.7.0",
3
+ "version": "1.9.0",
4
4
  "author": "Silverhand Inc. <contact@silverhand.io>",
5
5
  "license": "MPL-2.0",
6
6
  "type": "module",
@@ -25,17 +25,17 @@
25
25
  },
26
26
  "devDependencies": {
27
27
  "@silverhand/eslint-config": "4.0.1",
28
- "@silverhand/essentials": "^2.5.0",
28
+ "@silverhand/essentials": "^2.8.4",
29
29
  "@silverhand/ts-config": "4.0.0",
30
30
  "@types/inquirer": "^9.0.0",
31
31
  "@types/jest": "^29.4.0",
32
32
  "@types/node": "^18.11.18",
33
33
  "@types/pluralize": "^0.0.29",
34
- "camelcase": "^7.0.0",
34
+ "camelcase": "^8.0.0",
35
35
  "chalk": "^5.0.0",
36
36
  "eslint": "^8.44.0",
37
37
  "jest": "^29.5.0",
38
- "lint-staged": "^13.0.0",
38
+ "lint-staged": "^14.0.0",
39
39
  "pluralize": "^8.0.0",
40
40
  "prettier": "^3.0.0",
41
41
  "roarr": "^7.11.0",
@@ -65,12 +65,12 @@
65
65
  "prettier": "@silverhand/eslint-config/.prettierrc",
66
66
  "dependencies": {
67
67
  "@logto/connector-kit": "^1.1.1",
68
- "@logto/core-kit": "^2.0.1",
68
+ "@logto/core-kit": "^2.1.0",
69
69
  "@logto/language-kit": "^1.0.0",
70
- "@logto/phrases": "^1.4.1",
71
- "@logto/phrases-ui": "^1.2.0",
72
- "@logto/shared": "^2.0.0",
73
- "@withtyped/server": "^0.12.8"
70
+ "@logto/phrases": "^1.5.0",
71
+ "@logto/phrases-experience": "^1.3.0",
72
+ "@logto/shared": "^2.0.1",
73
+ "@withtyped/server": "^0.12.9"
74
74
  },
75
75
  "peerDependencies": {
76
76
  "zod": "^3.20.2"
package/tables/applications_roles.sql CHANGED
@@ -1,3 +1,5 @@
1
+ /* init_order = 2 */
2
+
1
3
  create table applications_roles (
2
4
  tenant_id varchar(21) not null
3
5
  references tenants (id) on update cascade on delete cascade,
@@ -8,7 +10,9 @@ create table applications_roles (
8
10
  references roles (id) on update cascade on delete cascade,
9
11
  primary key (id),
10
12
  constraint applications_roles__application_id_role_id
11
- unique (tenant_id, application_id, role_id)
13
+ unique (tenant_id, application_id, role_id),
14
+ constraint applications_roles__role_type
15
+ check (public.check_role_type(role_id, 'MachineToMachine'))
12
16
  );
13
17
 
14
18
  create index applications_roles__id
package/tables/roles.sql CHANGED
@@ -1,11 +1,14 @@
1
1
  /* init_order = 1 */
2
2
 
3
+ create type role_type as enum ('User', 'MachineToMachine');
4
+
3
5
  create table roles (
4
6
  tenant_id varchar(21) not null
5
7
  references tenants (id) on update cascade on delete cascade,
6
8
  id varchar(21) not null,
7
9
  name varchar(128) not null,
8
10
  description varchar(128) not null,
11
+ type role_type not null default 'User',
9
12
  primary key (id),
10
13
  constraint roles__name
11
14
  unique (tenant_id, name)
@@ -13,3 +16,8 @@ create table roles (
13
16
 
14
17
  create index roles__id
15
18
  on roles (tenant_id, id);
19
+
20
+ create function public.check_role_type(role_id varchar(21), target_type role_type) returns boolean as
21
+ $$ begin
22
+ return (select type from public.roles where id = role_id) = target_type;
23
+ end; $$ language plpgsql;
package/tables/sign_in_experiences.sql CHANGED
@@ -15,5 +15,7 @@ create table sign_in_experiences (
15
15
  sign_in_mode sign_in_mode not null default 'SignInAndRegister',
16
16
  custom_css text,
17
17
  custom_content jsonb /* @use CustomContent */ not null default '{}'::jsonb,
18
+ password_policy jsonb /* @use PartialPasswordPolicy */ not null default '{}'::jsonb,
19
+ mfa jsonb /* @use Mfa */ not null default '{}'::jsonb,
18
20
  primary key (tenant_id, id)
19
21
  );
package/tables/users.sql CHANGED
@@ -16,6 +16,7 @@ create table users (
16
16
  application_id varchar(21),
17
17
  identities jsonb /* @use Identities */ not null default '{}'::jsonb,
18
18
  custom_data jsonb /* @use JsonObject */ not null default '{}'::jsonb,
19
+ mfa_verifications jsonb /* @use MfaVerifications */ not null default '[]'::jsonb,
19
20
  is_suspended boolean not null default false,
20
21
  last_sign_in_at timestamptz,
21
22
  created_at timestamptz not null default (now()),
package/tables/users_roles.sql CHANGED
@@ -1,3 +1,5 @@
1
+ /* init_order = 2 */
2
+
1
3
  create table users_roles (
2
4
  tenant_id varchar(21) not null
3
5
  references tenants (id) on update cascade on delete cascade,
@@ -8,7 +10,9 @@ create table users_roles (
8
10
  references roles (id) on update cascade on delete cascade,
9
11
  primary key (id),
10
12
  constraint users_roles__user_id_role_id
11
- unique (tenant_id, user_id, role_id)
13
+ unique (tenant_id, user_id, role_id),
14
+ constraint users_roles__role_type
15
+ check (public.check_role_type(role_id, 'User'))
12
16
  );
13
17
 
14
18
  create index users_roles__id