@tstdl/base 0.93.178 → 0.93.180
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/api/response.js +4 -3
- package/api/server/gateway.js +9 -3
- package/audit/auditor.d.ts +1 -2
- package/audit/drizzle/{0000_lumpy_thunderball.sql → 0000_shallow_elektra.sql} +1 -1
- package/audit/drizzle/meta/0000_snapshot.json +2 -2
- package/audit/drizzle/meta/_journal.json +2 -2
- package/authentication/README.md +87 -42
- package/authentication/authentication.api.d.ts +392 -53
- package/authentication/authentication.api.js +133 -28
- package/authentication/client/api.client.d.ts +3 -3
- package/authentication/client/api.client.js +4 -4
- package/authentication/client/authentication.service.d.ts +93 -23
- package/authentication/client/authentication.service.js +113 -28
- package/authentication/client/http-client.middleware.d.ts +1 -1
- package/authentication/client/http-client.middleware.js +5 -4
- package/authentication/client/module.d.ts +1 -1
- package/authentication/client/module.js +2 -2
- package/authentication/errors/index.d.ts +1 -1
- package/authentication/errors/index.js +1 -1
- package/authentication/errors/password-requirements.error.d.ts +5 -0
- package/authentication/errors/{secret-requirements.error.js → password-requirements.error.js} +2 -2
- package/authentication/models/authentication-password.model.d.ts +8 -0
- package/authentication/models/{authentication-credentials.model.js → authentication-password.model.js} +11 -17
- package/authentication/models/authentication-session.model.d.ts +0 -2
- package/authentication/models/authentication-session.model.js +1 -7
- package/authentication/models/authentication-totp-recovery-code.model.d.ts +6 -0
- package/authentication/models/authentication-totp-recovery-code.model.js +34 -0
- package/authentication/models/authentication-totp.model.d.ts +19 -0
- package/authentication/models/authentication-totp.model.js +51 -0
- package/authentication/models/authentication-used-totp-token.model.d.ts +5 -0
- package/authentication/models/authentication-used-totp-token.model.js +32 -0
- package/authentication/models/index.d.ts +6 -3
- package/authentication/models/index.js +6 -3
- package/authentication/models/{init-secret-reset-data.model.d.ts → init-password-reset-data.model.d.ts} +3 -3
- package/authentication/models/{init-secret-reset-data.model.js → init-password-reset-data.model.js} +5 -5
- package/authentication/models/password-check-result.model.d.ts +3 -0
- package/authentication/models/{secret-check-result.model.js → password-check-result.model.js} +6 -6
- package/authentication/models/subject.model.d.ts +0 -6
- package/authentication/models/subject.model.js +0 -6
- package/authentication/models/token.model.d.ts +16 -2
- package/authentication/server/authentication-ancillary.service.d.ts +6 -6
- package/authentication/server/authentication-ancillary.service.js +1 -1
- package/authentication/server/authentication-password-requirements.validator.d.ts +55 -0
- package/authentication/server/{authentication-secret-requirements.validator.js → authentication-password-requirements.validator.js} +22 -22
- package/authentication/server/authentication.api-controller.d.ts +55 -27
- package/authentication/server/authentication.api-controller.js +214 -39
- package/authentication/server/authentication.audit.d.ts +42 -5
- package/authentication/server/authentication.service.d.ts +182 -93
- package/authentication/server/authentication.service.js +628 -206
- package/authentication/server/drizzle/{0000_soft_tag.sql → 0000_odd_echo.sql} +59 -13
- package/authentication/server/drizzle/meta/0000_snapshot.json +345 -32
- package/authentication/server/drizzle/meta/_journal.json +2 -2
- package/authentication/server/helper.d.ts +16 -16
- package/authentication/server/helper.js +33 -34
- package/authentication/server/index.d.ts +1 -1
- package/authentication/server/index.js +1 -1
- package/authentication/server/module.d.ts +2 -2
- package/authentication/server/module.js +4 -2
- package/authentication/server/schemas.d.ts +11 -7
- package/authentication/server/schemas.js +7 -3
- package/authentication/tests/authentication-password-requirements.validator.test.js +29 -0
- package/authentication/tests/authentication.api-controller.test.js +49 -15
- package/authentication/tests/authentication.client-error-handling.test.js +3 -2
- package/authentication/tests/authentication.client-middleware.test.js +5 -5
- package/authentication/tests/authentication.client-service-methods.test.js +28 -14
- package/authentication/tests/authentication.client-service-refresh.test.js +7 -6
- package/authentication/tests/authentication.client-service.test.js +10 -8
- package/authentication/tests/authentication.service.test.js +37 -29
- package/authentication/tests/authentication.test-ancillary-service.d.ts +1 -1
- package/authentication/tests/authentication.test-ancillary-service.js +1 -1
- package/authentication/tests/brute-force-protection.test.js +211 -0
- package/authentication/tests/helper.test.js +25 -21
- package/authentication/tests/password-requirements.error.test.js +14 -0
- package/authentication/tests/remember.api.test.js +22 -14
- package/authentication/tests/remember.service.test.js +23 -16
- package/authentication/tests/subject.service.test.js +2 -2
- package/authentication/tests/suspended-subject.test.d.ts +1 -0
- package/authentication/tests/suspended-subject.test.js +120 -0
- package/authentication/tests/totp.enrollment.test.d.ts +1 -0
- package/authentication/tests/totp.enrollment.test.js +123 -0
- package/authentication/tests/totp.login.test.d.ts +1 -0
- package/authentication/tests/totp.login.test.js +213 -0
- package/authentication/tests/totp.recovery-codes.test.d.ts +1 -0
- package/authentication/tests/totp.recovery-codes.test.js +97 -0
- package/authentication/tests/totp.status.test.d.ts +1 -0
- package/authentication/tests/totp.status.test.js +72 -0
- package/circuit-breaker/postgres/drizzle/{0000_cooing_korath.sql → 0000_same_captain_cross.sql} +1 -1
- package/circuit-breaker/postgres/drizzle/meta/0000_snapshot.json +2 -2
- package/circuit-breaker/postgres/drizzle/meta/_journal.json +2 -2
- package/cryptography/cryptography.d.ts +336 -0
- package/cryptography/cryptography.js +328 -0
- package/cryptography/index.d.ts +4 -0
- package/cryptography/index.js +4 -0
- package/{utils → cryptography}/jwt.d.ts +22 -4
- package/{utils → cryptography}/jwt.js +36 -18
- package/cryptography/module.d.ts +35 -0
- package/cryptography/module.js +148 -0
- package/cryptography/tests/cryptography.test.d.ts +1 -0
- package/cryptography/tests/cryptography.test.js +175 -0
- package/cryptography/tests/jwt.test.d.ts +1 -0
- package/cryptography/tests/jwt.test.js +54 -0
- package/cryptography/tests/modern.test.d.ts +1 -0
- package/cryptography/tests/modern.test.js +105 -0
- package/cryptography/tests/module.test.d.ts +1 -0
- package/cryptography/tests/module.test.js +100 -0
- package/cryptography/tests/totp.test.d.ts +1 -0
- package/cryptography/tests/totp.test.js +108 -0
- package/cryptography/totp.d.ts +96 -0
- package/cryptography/totp.js +123 -0
- package/document-management/server/drizzle/{0000_curious_nighthawk.sql → 0000_sharp_scream.sql} +21 -21
- package/document-management/server/drizzle/meta/0000_snapshot.json +22 -22
- package/document-management/server/drizzle/meta/_journal.json +2 -2
- package/document-management/server/services/document-file.service.js +1 -1
- package/errors/errors.localization.d.ts +2 -2
- package/errors/errors.localization.js +2 -2
- package/errors/index.d.ts +1 -0
- package/errors/index.js +1 -0
- package/errors/too-many-requests.error.d.ts +5 -0
- package/errors/too-many-requests.error.js +7 -0
- package/examples/api/authentication.js +5 -5
- package/examples/api/custom-authentication.js +4 -3
- package/file/server/mime-type.js +1 -1
- package/http/http-body.d.ts +1 -0
- package/http/http-body.js +3 -0
- package/image-service/imgproxy/imgproxy-image-service.d.ts +0 -1
- package/image-service/imgproxy/imgproxy-image-service.js +9 -27
- package/key-value-store/postgres/drizzle/{0000_shocking_slipstream.sql → 0000_moaning_calypso.sql} +1 -1
- package/key-value-store/postgres/drizzle/meta/0000_snapshot.json +2 -2
- package/key-value-store/postgres/drizzle/meta/_journal.json +2 -2
- package/lock/postgres/drizzle/{0000_busy_tattoo.sql → 0000_nappy_wraith.sql} +1 -1
- package/lock/postgres/drizzle/meta/0000_snapshot.json +2 -2
- package/lock/postgres/drizzle/meta/_journal.json +2 -2
- package/logger/formatters/json.js +1 -1
- package/logger/formatters/pretty-print.js +1 -1
- package/mail/drizzle/{0000_numerous_the_watchers.sql → 0000_cultured_quicksilver.sql} +2 -2
- package/mail/drizzle/meta/0000_snapshot.json +4 -4
- package/mail/drizzle/meta/_journal.json +2 -9
- package/notification/server/drizzle/{0000_wise_pyro.sql → 0000_new_tenebrous.sql} +6 -6
- package/notification/server/drizzle/meta/0000_snapshot.json +7 -7
- package/notification/server/drizzle/meta/_journal.json +2 -2
- package/notification/tests/notification-flow.test.js +1 -8
- package/notification/tests/notification-type.service.test.js +3 -3
- package/openid-connect/oidc.service.js +2 -3
- package/orm/data-types/common.js +1 -1
- package/orm/server/drizzle/schema-converter.js +9 -4
- package/orm/server/encryption.js +1 -1
- package/orm/server/module.d.ts +0 -1
- package/orm/server/module.js +0 -4
- package/orm/server/repository.d.ts +2 -1
- package/orm/server/repository.js +7 -10
- package/orm/tests/encryption.test.js +4 -6
- package/orm/tests/repository-extra-coverage.test.js +0 -2
- package/orm/tests/repository-regression.test.js +0 -3
- package/package.json +9 -8
- package/password/README.md +1 -1
- package/password/have-i-been-pwned.js +1 -1
- package/rate-limit/postgres/drizzle/{0000_watery_rage.sql → 0000_serious_sauron.sql} +1 -1
- package/rate-limit/postgres/drizzle/meta/0000_snapshot.json +2 -2
- package/rate-limit/postgres/drizzle/meta/_journal.json +2 -2
- package/rate-limit/postgres/postgres-rate-limiter.d.ts +1 -1
- package/rate-limit/postgres/postgres-rate-limiter.js +1 -1
- package/rate-limit/rate-limiter.d.ts +1 -1
- package/rpc/tests/rpc.integration.test.js +25 -31
- package/supports.d.ts +1 -0
- package/supports.js +1 -0
- package/task-queue/postgres/drizzle/{0000_faithful_daimon_hellstrom.sql → 0000_dark_ronan.sql} +5 -5
- package/task-queue/postgres/drizzle/meta/0000_snapshot.json +10 -10
- package/task-queue/postgres/drizzle/meta/_journal.json +2 -9
- package/task-queue/postgres/task-queue.js +2 -2
- package/task-queue/tests/coverage-enhancement.test.js +2 -2
- package/test/drizzle/{0000_natural_cannonball.sql → 0000_organic_gamora.sql} +2 -2
- package/test/drizzle/meta/0000_snapshot.json +3 -4
- package/test/drizzle/meta/_journal.json +2 -9
- package/testing/integration-setup.d.ts +7 -3
- package/testing/integration-setup.js +119 -96
- package/utils/alphabet.d.ts +1 -0
- package/utils/alphabet.js +1 -0
- package/utils/base32.d.ts +4 -0
- package/utils/base32.js +49 -0
- package/utils/base64.d.ts +0 -2
- package/utils/base64.js +6 -70
- package/utils/equals.d.ts +13 -3
- package/utils/equals.js +29 -9
- package/utils/index.d.ts +1 -2
- package/utils/index.js +1 -2
- package/utils/random.d.ts +1 -0
- package/utils/random.js +14 -8
- package/authentication/errors/secret-requirements.error.d.ts +0 -5
- package/authentication/models/authentication-credentials.model.d.ts +0 -10
- package/authentication/models/secret-check-result.model.d.ts +0 -3
- package/authentication/server/authentication-secret-requirements.validator.d.ts +0 -55
- package/authentication/tests/authentication-ancillary.service.test.js +0 -13
- package/authentication/tests/authentication-secret-requirements.validator.test.js +0 -29
- package/authentication/tests/secret-requirements.error.test.js +0 -14
- package/mail/drizzle/0001_married_tarantula.sql +0 -12
- package/mail/drizzle/meta/0001_snapshot.json +0 -69
- package/orm/server/tokens.d.ts +0 -1
- package/orm/server/tokens.js +0 -2
- package/task-queue/postgres/drizzle/0001_rapid_infant_terrible.sql +0 -16
- package/task-queue/postgres/drizzle/meta/0001_snapshot.json +0 -753
- package/test/drizzle/0001_closed_the_captain.sql +0 -2
- package/test/drizzle/meta/0001_snapshot.json +0 -117
- package/utils/cryptography.d.ts +0 -137
- package/utils/cryptography.js +0 -201
- /package/authentication/tests/{authentication-ancillary.service.test.d.ts → authentication-password-requirements.validator.test.d.ts} +0 -0
- /package/authentication/tests/{authentication-secret-requirements.validator.test.d.ts → brute-force-protection.test.d.ts} +0 -0
- /package/authentication/tests/{secret-requirements.error.test.d.ts → password-requirements.error.test.d.ts} +0 -0
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
CREATE TYPE "authentication"."subject_status" AS ENUM('active', '
|
|
1
|
+
CREATE TYPE "authentication"."subject_status" AS ENUM('active', 'suspended');--> statement-breakpoint
|
|
2
2
|
CREATE TYPE "authentication"."subject_type" AS ENUM('system', 'user', 'service-account');--> statement-breakpoint
|
|
3
|
-
CREATE
|
|
4
|
-
|
|
3
|
+
CREATE TYPE "authentication"."totp_status" AS ENUM('pending', 'active');--> statement-breakpoint
|
|
4
|
+
CREATE TABLE "authentication"."password" (
|
|
5
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
5
6
|
"tenant_id" uuid NOT NULL,
|
|
6
7
|
"subject_id" uuid NOT NULL,
|
|
7
|
-
"hash_version" integer NOT NULL,
|
|
8
8
|
"salt" "bytea" NOT NULL,
|
|
9
9
|
"hash" "bytea" NOT NULL,
|
|
10
10
|
"revision" integer NOT NULL,
|
|
@@ -12,17 +12,16 @@ CREATE TABLE "authentication"."credentials" (
|
|
|
12
12
|
"create_timestamp" timestamp with time zone NOT NULL,
|
|
13
13
|
"delete_timestamp" timestamp with time zone,
|
|
14
14
|
"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
|
|
15
|
-
CONSTRAINT "
|
|
16
|
-
CONSTRAINT "
|
|
15
|
+
CONSTRAINT "password_tenant_id_id_pk" PRIMARY KEY("tenant_id","id"),
|
|
16
|
+
CONSTRAINT "password_tenant_id_subject_id_unique" UNIQUE("tenant_id","subject_id")
|
|
17
17
|
);
|
|
18
18
|
--> statement-breakpoint
|
|
19
19
|
CREATE TABLE "authentication"."session" (
|
|
20
|
-
"id" uuid DEFAULT
|
|
20
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
21
21
|
"tenant_id" uuid NOT NULL,
|
|
22
22
|
"subject_id" uuid NOT NULL,
|
|
23
23
|
"begin" timestamp with time zone NOT NULL,
|
|
24
24
|
"end" timestamp with time zone NOT NULL,
|
|
25
|
-
"refresh_token_hash_version" integer NOT NULL,
|
|
26
25
|
"refresh_token_salt" "bytea" NOT NULL,
|
|
27
26
|
"refresh_token_hash" "bytea" NOT NULL,
|
|
28
27
|
"revision" integer NOT NULL,
|
|
@@ -33,8 +32,52 @@ CREATE TABLE "authentication"."session" (
|
|
|
33
32
|
CONSTRAINT "session_tenant_id_id_pk" PRIMARY KEY("tenant_id","id")
|
|
34
33
|
);
|
|
35
34
|
--> statement-breakpoint
|
|
35
|
+
CREATE TABLE "authentication"."totp" (
|
|
36
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
37
|
+
"tenant_id" uuid NOT NULL,
|
|
38
|
+
"subject_id" uuid NOT NULL,
|
|
39
|
+
"secret" "bytea" NOT NULL,
|
|
40
|
+
"recovery_code_salt" "bytea" NOT NULL,
|
|
41
|
+
"status" "authentication"."totp_status" NOT NULL,
|
|
42
|
+
"revision" integer NOT NULL,
|
|
43
|
+
"revision_timestamp" timestamp with time zone NOT NULL,
|
|
44
|
+
"create_timestamp" timestamp with time zone NOT NULL,
|
|
45
|
+
"delete_timestamp" timestamp with time zone,
|
|
46
|
+
"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
|
|
47
|
+
CONSTRAINT "totp_tenant_id_id_pk" PRIMARY KEY("tenant_id","id"),
|
|
48
|
+
CONSTRAINT "totp_tenant_id_subject_id_unique" UNIQUE("tenant_id","subject_id")
|
|
49
|
+
);
|
|
50
|
+
--> statement-breakpoint
|
|
51
|
+
CREATE TABLE "authentication"."totp_recovery_code" (
|
|
52
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
53
|
+
"tenant_id" uuid NOT NULL,
|
|
54
|
+
"totp_id" uuid NOT NULL,
|
|
55
|
+
"code" "bytea" NOT NULL,
|
|
56
|
+
"used_timestamp" timestamp with time zone,
|
|
57
|
+
"revision" integer NOT NULL,
|
|
58
|
+
"revision_timestamp" timestamp with time zone NOT NULL,
|
|
59
|
+
"create_timestamp" timestamp with time zone NOT NULL,
|
|
60
|
+
"delete_timestamp" timestamp with time zone,
|
|
61
|
+
"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
|
|
62
|
+
CONSTRAINT "totp_recovery_code_tenant_id_id_pk" PRIMARY KEY("tenant_id","id")
|
|
63
|
+
);
|
|
64
|
+
--> statement-breakpoint
|
|
65
|
+
CREATE TABLE "authentication"."used_totp_tokens" (
|
|
66
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
67
|
+
"tenant_id" uuid NOT NULL,
|
|
68
|
+
"subject_id" uuid NOT NULL,
|
|
69
|
+
"token" text NOT NULL,
|
|
70
|
+
"revision" integer NOT NULL,
|
|
71
|
+
"revision_timestamp" timestamp with time zone NOT NULL,
|
|
72
|
+
"create_timestamp" timestamp with time zone NOT NULL,
|
|
73
|
+
"delete_timestamp" timestamp with time zone,
|
|
74
|
+
"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
|
|
75
|
+
CONSTRAINT "used_totp_tokens_tenant_id_id_pk" PRIMARY KEY("tenant_id","id"),
|
|
76
|
+
CONSTRAINT "used_totp_tokens_tenant_id_subject_id_token_unique" UNIQUE("tenant_id","subject_id","token")
|
|
77
|
+
);
|
|
78
|
+
--> statement-breakpoint
|
|
36
79
|
CREATE TABLE "authentication"."service_account" (
|
|
37
|
-
"id" uuid DEFAULT
|
|
80
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
38
81
|
"tenant_id" uuid NOT NULL,
|
|
39
82
|
"type" "authentication"."subject_type" NOT NULL,
|
|
40
83
|
"display_name" text NOT NULL,
|
|
@@ -47,7 +90,7 @@ CREATE TABLE "authentication"."service_account" (
|
|
|
47
90
|
);
|
|
48
91
|
--> statement-breakpoint
|
|
49
92
|
CREATE TABLE "authentication"."subject" (
|
|
50
|
-
"id" uuid DEFAULT
|
|
93
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
51
94
|
"tenant_id" uuid NOT NULL,
|
|
52
95
|
"type" "authentication"."subject_type" NOT NULL,
|
|
53
96
|
"status" "authentication"."subject_status" NOT NULL,
|
|
@@ -63,7 +106,7 @@ CREATE TABLE "authentication"."subject" (
|
|
|
63
106
|
);
|
|
64
107
|
--> statement-breakpoint
|
|
65
108
|
CREATE TABLE "authentication"."system_account" (
|
|
66
|
-
"id" uuid DEFAULT
|
|
109
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
67
110
|
"tenant_id" uuid NOT NULL,
|
|
68
111
|
"type" "authentication"."subject_type" NOT NULL,
|
|
69
112
|
"identifier" text NOT NULL,
|
|
@@ -76,7 +119,7 @@ CREATE TABLE "authentication"."system_account" (
|
|
|
76
119
|
);
|
|
77
120
|
--> statement-breakpoint
|
|
78
121
|
CREATE TABLE "authentication"."user" (
|
|
79
|
-
"id" uuid DEFAULT
|
|
122
|
+
"id" uuid DEFAULT uuidv7() NOT NULL,
|
|
80
123
|
"tenant_id" uuid NOT NULL,
|
|
81
124
|
"type" "authentication"."subject_type" NOT NULL,
|
|
82
125
|
"email" text NOT NULL,
|
|
@@ -89,8 +132,11 @@ CREATE TABLE "authentication"."user" (
|
|
|
89
132
|
CONSTRAINT "user_type_check" CHECK ("authentication"."user"."type" = 'user')
|
|
90
133
|
);
|
|
91
134
|
--> statement-breakpoint
|
|
92
|
-
ALTER TABLE "authentication"."
|
|
135
|
+
ALTER TABLE "authentication"."password" ADD CONSTRAINT "password_id_subject_fkey" FOREIGN KEY ("tenant_id","subject_id") REFERENCES "authentication"."subject"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
|
|
93
136
|
ALTER TABLE "authentication"."session" ADD CONSTRAINT "session_id_subject_fkey" FOREIGN KEY ("tenant_id","subject_id") REFERENCES "authentication"."subject"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
|
|
137
|
+
ALTER TABLE "authentication"."totp" ADD CONSTRAINT "totp_id_subject_fkey" FOREIGN KEY ("tenant_id","subject_id") REFERENCES "authentication"."subject"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
|
|
138
|
+
ALTER TABLE "authentication"."totp_recovery_code" ADD CONSTRAINT "totp_recovery_code_id_totp_fkey" FOREIGN KEY ("tenant_id","totp_id") REFERENCES "authentication"."totp"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
|
|
139
|
+
ALTER TABLE "authentication"."used_totp_tokens" ADD CONSTRAINT "used_totp_tokens_id_subject_fkey" FOREIGN KEY ("tenant_id","subject_id") REFERENCES "authentication"."subject"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
|
|
94
140
|
ALTER TABLE "authentication"."service_account" ADD CONSTRAINT "service_account_tenantId_type_id_subject_fkey" FOREIGN KEY ("tenant_id","type","id") REFERENCES "authentication"."subject"("tenant_id","type","id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
|
|
95
141
|
ALTER TABLE "authentication"."service_account" ADD CONSTRAINT "service_account_id_subject_fkey" FOREIGN KEY ("tenant_id","parent") REFERENCES "authentication"."subject"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
|
|
96
142
|
ALTER TABLE "authentication"."system_account" ADD CONSTRAINT "system_account_tenantId_type_id_subject_fkey" FOREIGN KEY ("tenant_id","type","id") REFERENCES "authentication"."subject"("tenant_id","type","id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
{
|
|
2
|
-
"id": "
|
|
2
|
+
"id": "98e3b751-2fd9-4c4a-a432-c397baa359c0",
|
|
3
3
|
"prevId": "00000000-0000-0000-0000-000000000000",
|
|
4
4
|
"version": "7",
|
|
5
5
|
"dialect": "postgresql",
|
|
6
6
|
"tables": {
|
|
7
|
-
"authentication.
|
|
8
|
-
"name": "
|
|
7
|
+
"authentication.password": {
|
|
8
|
+
"name": "password",
|
|
9
9
|
"schema": "authentication",
|
|
10
10
|
"columns": {
|
|
11
11
|
"id": {
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"type": "uuid",
|
|
14
14
|
"primaryKey": false,
|
|
15
15
|
"notNull": true,
|
|
16
|
-
"default": "
|
|
16
|
+
"default": "uuidv7()"
|
|
17
17
|
},
|
|
18
18
|
"tenant_id": {
|
|
19
19
|
"name": "tenant_id",
|
|
@@ -27,12 +27,6 @@
|
|
|
27
27
|
"primaryKey": false,
|
|
28
28
|
"notNull": true
|
|
29
29
|
},
|
|
30
|
-
"hash_version": {
|
|
31
|
-
"name": "hash_version",
|
|
32
|
-
"type": "integer",
|
|
33
|
-
"primaryKey": false,
|
|
34
|
-
"notNull": true
|
|
35
|
-
},
|
|
36
30
|
"salt": {
|
|
37
31
|
"name": "salt",
|
|
38
32
|
"type": "bytea",
|
|
@@ -79,9 +73,9 @@
|
|
|
79
73
|
},
|
|
80
74
|
"indexes": {},
|
|
81
75
|
"foreignKeys": {
|
|
82
|
-
"
|
|
83
|
-
"name": "
|
|
84
|
-
"tableFrom": "
|
|
76
|
+
"password_id_subject_fkey": {
|
|
77
|
+
"name": "password_id_subject_fkey",
|
|
78
|
+
"tableFrom": "password",
|
|
85
79
|
"tableTo": "subject",
|
|
86
80
|
"schemaTo": "authentication",
|
|
87
81
|
"columnsFrom": [
|
|
@@ -97,8 +91,8 @@
|
|
|
97
91
|
}
|
|
98
92
|
},
|
|
99
93
|
"compositePrimaryKeys": {
|
|
100
|
-
"
|
|
101
|
-
"name": "
|
|
94
|
+
"password_tenant_id_id_pk": {
|
|
95
|
+
"name": "password_tenant_id_id_pk",
|
|
102
96
|
"columns": [
|
|
103
97
|
"tenant_id",
|
|
104
98
|
"id"
|
|
@@ -106,8 +100,8 @@
|
|
|
106
100
|
}
|
|
107
101
|
},
|
|
108
102
|
"uniqueConstraints": {
|
|
109
|
-
"
|
|
110
|
-
"name": "
|
|
103
|
+
"password_tenant_id_subject_id_unique": {
|
|
104
|
+
"name": "password_tenant_id_subject_id_unique",
|
|
111
105
|
"nullsNotDistinct": false,
|
|
112
106
|
"columns": [
|
|
113
107
|
"tenant_id",
|
|
@@ -128,7 +122,7 @@
|
|
|
128
122
|
"type": "uuid",
|
|
129
123
|
"primaryKey": false,
|
|
130
124
|
"notNull": true,
|
|
131
|
-
"default": "
|
|
125
|
+
"default": "uuidv7()"
|
|
132
126
|
},
|
|
133
127
|
"tenant_id": {
|
|
134
128
|
"name": "tenant_id",
|
|
@@ -154,12 +148,6 @@
|
|
|
154
148
|
"primaryKey": false,
|
|
155
149
|
"notNull": true
|
|
156
150
|
},
|
|
157
|
-
"refresh_token_hash_version": {
|
|
158
|
-
"name": "refresh_token_hash_version",
|
|
159
|
-
"type": "integer",
|
|
160
|
-
"primaryKey": false,
|
|
161
|
-
"notNull": true
|
|
162
|
-
},
|
|
163
151
|
"refresh_token_salt": {
|
|
164
152
|
"name": "refresh_token_salt",
|
|
165
153
|
"type": "bytea",
|
|
@@ -237,6 +225,326 @@
|
|
|
237
225
|
"checkConstraints": {},
|
|
238
226
|
"isRLSEnabled": false
|
|
239
227
|
},
|
|
228
|
+
"authentication.totp": {
|
|
229
|
+
"name": "totp",
|
|
230
|
+
"schema": "authentication",
|
|
231
|
+
"columns": {
|
|
232
|
+
"id": {
|
|
233
|
+
"name": "id",
|
|
234
|
+
"type": "uuid",
|
|
235
|
+
"primaryKey": false,
|
|
236
|
+
"notNull": true,
|
|
237
|
+
"default": "uuidv7()"
|
|
238
|
+
},
|
|
239
|
+
"tenant_id": {
|
|
240
|
+
"name": "tenant_id",
|
|
241
|
+
"type": "uuid",
|
|
242
|
+
"primaryKey": false,
|
|
243
|
+
"notNull": true
|
|
244
|
+
},
|
|
245
|
+
"subject_id": {
|
|
246
|
+
"name": "subject_id",
|
|
247
|
+
"type": "uuid",
|
|
248
|
+
"primaryKey": false,
|
|
249
|
+
"notNull": true
|
|
250
|
+
},
|
|
251
|
+
"secret": {
|
|
252
|
+
"name": "secret",
|
|
253
|
+
"type": "bytea",
|
|
254
|
+
"primaryKey": false,
|
|
255
|
+
"notNull": true
|
|
256
|
+
},
|
|
257
|
+
"recovery_code_salt": {
|
|
258
|
+
"name": "recovery_code_salt",
|
|
259
|
+
"type": "bytea",
|
|
260
|
+
"primaryKey": false,
|
|
261
|
+
"notNull": true
|
|
262
|
+
},
|
|
263
|
+
"status": {
|
|
264
|
+
"name": "status",
|
|
265
|
+
"type": "totp_status",
|
|
266
|
+
"typeSchema": "authentication",
|
|
267
|
+
"primaryKey": false,
|
|
268
|
+
"notNull": true
|
|
269
|
+
},
|
|
270
|
+
"revision": {
|
|
271
|
+
"name": "revision",
|
|
272
|
+
"type": "integer",
|
|
273
|
+
"primaryKey": false,
|
|
274
|
+
"notNull": true
|
|
275
|
+
},
|
|
276
|
+
"revision_timestamp": {
|
|
277
|
+
"name": "revision_timestamp",
|
|
278
|
+
"type": "timestamp with time zone",
|
|
279
|
+
"primaryKey": false,
|
|
280
|
+
"notNull": true
|
|
281
|
+
},
|
|
282
|
+
"create_timestamp": {
|
|
283
|
+
"name": "create_timestamp",
|
|
284
|
+
"type": "timestamp with time zone",
|
|
285
|
+
"primaryKey": false,
|
|
286
|
+
"notNull": true
|
|
287
|
+
},
|
|
288
|
+
"delete_timestamp": {
|
|
289
|
+
"name": "delete_timestamp",
|
|
290
|
+
"type": "timestamp with time zone",
|
|
291
|
+
"primaryKey": false,
|
|
292
|
+
"notNull": false
|
|
293
|
+
},
|
|
294
|
+
"attributes": {
|
|
295
|
+
"name": "attributes",
|
|
296
|
+
"type": "jsonb",
|
|
297
|
+
"primaryKey": false,
|
|
298
|
+
"notNull": true,
|
|
299
|
+
"default": "'{}'::jsonb"
|
|
300
|
+
}
|
|
301
|
+
},
|
|
302
|
+
"indexes": {},
|
|
303
|
+
"foreignKeys": {
|
|
304
|
+
"totp_id_subject_fkey": {
|
|
305
|
+
"name": "totp_id_subject_fkey",
|
|
306
|
+
"tableFrom": "totp",
|
|
307
|
+
"tableTo": "subject",
|
|
308
|
+
"schemaTo": "authentication",
|
|
309
|
+
"columnsFrom": [
|
|
310
|
+
"tenant_id",
|
|
311
|
+
"subject_id"
|
|
312
|
+
],
|
|
313
|
+
"columnsTo": [
|
|
314
|
+
"tenant_id",
|
|
315
|
+
"id"
|
|
316
|
+
],
|
|
317
|
+
"onDelete": "no action",
|
|
318
|
+
"onUpdate": "no action"
|
|
319
|
+
}
|
|
320
|
+
},
|
|
321
|
+
"compositePrimaryKeys": {
|
|
322
|
+
"totp_tenant_id_id_pk": {
|
|
323
|
+
"name": "totp_tenant_id_id_pk",
|
|
324
|
+
"columns": [
|
|
325
|
+
"tenant_id",
|
|
326
|
+
"id"
|
|
327
|
+
]
|
|
328
|
+
}
|
|
329
|
+
},
|
|
330
|
+
"uniqueConstraints": {
|
|
331
|
+
"totp_tenant_id_subject_id_unique": {
|
|
332
|
+
"name": "totp_tenant_id_subject_id_unique",
|
|
333
|
+
"nullsNotDistinct": false,
|
|
334
|
+
"columns": [
|
|
335
|
+
"tenant_id",
|
|
336
|
+
"subject_id"
|
|
337
|
+
]
|
|
338
|
+
}
|
|
339
|
+
},
|
|
340
|
+
"policies": {},
|
|
341
|
+
"checkConstraints": {},
|
|
342
|
+
"isRLSEnabled": false
|
|
343
|
+
},
|
|
344
|
+
"authentication.totp_recovery_code": {
|
|
345
|
+
"name": "totp_recovery_code",
|
|
346
|
+
"schema": "authentication",
|
|
347
|
+
"columns": {
|
|
348
|
+
"id": {
|
|
349
|
+
"name": "id",
|
|
350
|
+
"type": "uuid",
|
|
351
|
+
"primaryKey": false,
|
|
352
|
+
"notNull": true,
|
|
353
|
+
"default": "uuidv7()"
|
|
354
|
+
},
|
|
355
|
+
"tenant_id": {
|
|
356
|
+
"name": "tenant_id",
|
|
357
|
+
"type": "uuid",
|
|
358
|
+
"primaryKey": false,
|
|
359
|
+
"notNull": true
|
|
360
|
+
},
|
|
361
|
+
"totp_id": {
|
|
362
|
+
"name": "totp_id",
|
|
363
|
+
"type": "uuid",
|
|
364
|
+
"primaryKey": false,
|
|
365
|
+
"notNull": true
|
|
366
|
+
},
|
|
367
|
+
"code": {
|
|
368
|
+
"name": "code",
|
|
369
|
+
"type": "bytea",
|
|
370
|
+
"primaryKey": false,
|
|
371
|
+
"notNull": true
|
|
372
|
+
},
|
|
373
|
+
"used_timestamp": {
|
|
374
|
+
"name": "used_timestamp",
|
|
375
|
+
"type": "timestamp with time zone",
|
|
376
|
+
"primaryKey": false,
|
|
377
|
+
"notNull": false
|
|
378
|
+
},
|
|
379
|
+
"revision": {
|
|
380
|
+
"name": "revision",
|
|
381
|
+
"type": "integer",
|
|
382
|
+
"primaryKey": false,
|
|
383
|
+
"notNull": true
|
|
384
|
+
},
|
|
385
|
+
"revision_timestamp": {
|
|
386
|
+
"name": "revision_timestamp",
|
|
387
|
+
"type": "timestamp with time zone",
|
|
388
|
+
"primaryKey": false,
|
|
389
|
+
"notNull": true
|
|
390
|
+
},
|
|
391
|
+
"create_timestamp": {
|
|
392
|
+
"name": "create_timestamp",
|
|
393
|
+
"type": "timestamp with time zone",
|
|
394
|
+
"primaryKey": false,
|
|
395
|
+
"notNull": true
|
|
396
|
+
},
|
|
397
|
+
"delete_timestamp": {
|
|
398
|
+
"name": "delete_timestamp",
|
|
399
|
+
"type": "timestamp with time zone",
|
|
400
|
+
"primaryKey": false,
|
|
401
|
+
"notNull": false
|
|
402
|
+
},
|
|
403
|
+
"attributes": {
|
|
404
|
+
"name": "attributes",
|
|
405
|
+
"type": "jsonb",
|
|
406
|
+
"primaryKey": false,
|
|
407
|
+
"notNull": true,
|
|
408
|
+
"default": "'{}'::jsonb"
|
|
409
|
+
}
|
|
410
|
+
},
|
|
411
|
+
"indexes": {},
|
|
412
|
+
"foreignKeys": {
|
|
413
|
+
"totp_recovery_code_id_totp_fkey": {
|
|
414
|
+
"name": "totp_recovery_code_id_totp_fkey",
|
|
415
|
+
"tableFrom": "totp_recovery_code",
|
|
416
|
+
"tableTo": "totp",
|
|
417
|
+
"schemaTo": "authentication",
|
|
418
|
+
"columnsFrom": [
|
|
419
|
+
"tenant_id",
|
|
420
|
+
"totp_id"
|
|
421
|
+
],
|
|
422
|
+
"columnsTo": [
|
|
423
|
+
"tenant_id",
|
|
424
|
+
"id"
|
|
425
|
+
],
|
|
426
|
+
"onDelete": "no action",
|
|
427
|
+
"onUpdate": "no action"
|
|
428
|
+
}
|
|
429
|
+
},
|
|
430
|
+
"compositePrimaryKeys": {
|
|
431
|
+
"totp_recovery_code_tenant_id_id_pk": {
|
|
432
|
+
"name": "totp_recovery_code_tenant_id_id_pk",
|
|
433
|
+
"columns": [
|
|
434
|
+
"tenant_id",
|
|
435
|
+
"id"
|
|
436
|
+
]
|
|
437
|
+
}
|
|
438
|
+
},
|
|
439
|
+
"uniqueConstraints": {},
|
|
440
|
+
"policies": {},
|
|
441
|
+
"checkConstraints": {},
|
|
442
|
+
"isRLSEnabled": false
|
|
443
|
+
},
|
|
444
|
+
"authentication.used_totp_tokens": {
|
|
445
|
+
"name": "used_totp_tokens",
|
|
446
|
+
"schema": "authentication",
|
|
447
|
+
"columns": {
|
|
448
|
+
"id": {
|
|
449
|
+
"name": "id",
|
|
450
|
+
"type": "uuid",
|
|
451
|
+
"primaryKey": false,
|
|
452
|
+
"notNull": true,
|
|
453
|
+
"default": "uuidv7()"
|
|
454
|
+
},
|
|
455
|
+
"tenant_id": {
|
|
456
|
+
"name": "tenant_id",
|
|
457
|
+
"type": "uuid",
|
|
458
|
+
"primaryKey": false,
|
|
459
|
+
"notNull": true
|
|
460
|
+
},
|
|
461
|
+
"subject_id": {
|
|
462
|
+
"name": "subject_id",
|
|
463
|
+
"type": "uuid",
|
|
464
|
+
"primaryKey": false,
|
|
465
|
+
"notNull": true
|
|
466
|
+
},
|
|
467
|
+
"token": {
|
|
468
|
+
"name": "token",
|
|
469
|
+
"type": "text",
|
|
470
|
+
"primaryKey": false,
|
|
471
|
+
"notNull": true
|
|
472
|
+
},
|
|
473
|
+
"revision": {
|
|
474
|
+
"name": "revision",
|
|
475
|
+
"type": "integer",
|
|
476
|
+
"primaryKey": false,
|
|
477
|
+
"notNull": true
|
|
478
|
+
},
|
|
479
|
+
"revision_timestamp": {
|
|
480
|
+
"name": "revision_timestamp",
|
|
481
|
+
"type": "timestamp with time zone",
|
|
482
|
+
"primaryKey": false,
|
|
483
|
+
"notNull": true
|
|
484
|
+
},
|
|
485
|
+
"create_timestamp": {
|
|
486
|
+
"name": "create_timestamp",
|
|
487
|
+
"type": "timestamp with time zone",
|
|
488
|
+
"primaryKey": false,
|
|
489
|
+
"notNull": true
|
|
490
|
+
},
|
|
491
|
+
"delete_timestamp": {
|
|
492
|
+
"name": "delete_timestamp",
|
|
493
|
+
"type": "timestamp with time zone",
|
|
494
|
+
"primaryKey": false,
|
|
495
|
+
"notNull": false
|
|
496
|
+
},
|
|
497
|
+
"attributes": {
|
|
498
|
+
"name": "attributes",
|
|
499
|
+
"type": "jsonb",
|
|
500
|
+
"primaryKey": false,
|
|
501
|
+
"notNull": true,
|
|
502
|
+
"default": "'{}'::jsonb"
|
|
503
|
+
}
|
|
504
|
+
},
|
|
505
|
+
"indexes": {},
|
|
506
|
+
"foreignKeys": {
|
|
507
|
+
"used_totp_tokens_id_subject_fkey": {
|
|
508
|
+
"name": "used_totp_tokens_id_subject_fkey",
|
|
509
|
+
"tableFrom": "used_totp_tokens",
|
|
510
|
+
"tableTo": "subject",
|
|
511
|
+
"schemaTo": "authentication",
|
|
512
|
+
"columnsFrom": [
|
|
513
|
+
"tenant_id",
|
|
514
|
+
"subject_id"
|
|
515
|
+
],
|
|
516
|
+
"columnsTo": [
|
|
517
|
+
"tenant_id",
|
|
518
|
+
"id"
|
|
519
|
+
],
|
|
520
|
+
"onDelete": "no action",
|
|
521
|
+
"onUpdate": "no action"
|
|
522
|
+
}
|
|
523
|
+
},
|
|
524
|
+
"compositePrimaryKeys": {
|
|
525
|
+
"used_totp_tokens_tenant_id_id_pk": {
|
|
526
|
+
"name": "used_totp_tokens_tenant_id_id_pk",
|
|
527
|
+
"columns": [
|
|
528
|
+
"tenant_id",
|
|
529
|
+
"id"
|
|
530
|
+
]
|
|
531
|
+
}
|
|
532
|
+
},
|
|
533
|
+
"uniqueConstraints": {
|
|
534
|
+
"used_totp_tokens_tenant_id_subject_id_token_unique": {
|
|
535
|
+
"name": "used_totp_tokens_tenant_id_subject_id_token_unique",
|
|
536
|
+
"nullsNotDistinct": false,
|
|
537
|
+
"columns": [
|
|
538
|
+
"tenant_id",
|
|
539
|
+
"subject_id",
|
|
540
|
+
"token"
|
|
541
|
+
]
|
|
542
|
+
}
|
|
543
|
+
},
|
|
544
|
+
"policies": {},
|
|
545
|
+
"checkConstraints": {},
|
|
546
|
+
"isRLSEnabled": false
|
|
547
|
+
},
|
|
240
548
|
"authentication.service_account": {
|
|
241
549
|
"name": "service_account",
|
|
242
550
|
"schema": "authentication",
|
|
@@ -246,7 +554,7 @@
|
|
|
246
554
|
"type": "uuid",
|
|
247
555
|
"primaryKey": false,
|
|
248
556
|
"notNull": true,
|
|
249
|
-
"default": "
|
|
557
|
+
"default": "uuidv7()"
|
|
250
558
|
},
|
|
251
559
|
"tenant_id": {
|
|
252
560
|
"name": "tenant_id",
|
|
@@ -362,7 +670,7 @@
|
|
|
362
670
|
"type": "uuid",
|
|
363
671
|
"primaryKey": false,
|
|
364
672
|
"notNull": true,
|
|
365
|
-
"default": "
|
|
673
|
+
"default": "uuidv7()"
|
|
366
674
|
},
|
|
367
675
|
"tenant_id": {
|
|
368
676
|
"name": "tenant_id",
|
|
@@ -464,7 +772,7 @@
|
|
|
464
772
|
"type": "uuid",
|
|
465
773
|
"primaryKey": false,
|
|
466
774
|
"notNull": true,
|
|
467
|
-
"default": "
|
|
775
|
+
"default": "uuidv7()"
|
|
468
776
|
},
|
|
469
777
|
"tenant_id": {
|
|
470
778
|
"name": "tenant_id",
|
|
@@ -566,7 +874,7 @@
|
|
|
566
874
|
"type": "uuid",
|
|
567
875
|
"primaryKey": false,
|
|
568
876
|
"notNull": true,
|
|
569
|
-
"default": "
|
|
877
|
+
"default": "uuidv7()"
|
|
570
878
|
},
|
|
571
879
|
"tenant_id": {
|
|
572
880
|
"name": "tenant_id",
|
|
@@ -672,10 +980,7 @@
|
|
|
672
980
|
"schema": "authentication",
|
|
673
981
|
"values": [
|
|
674
982
|
"active",
|
|
675
|
-
"
|
|
676
|
-
"suspended",
|
|
677
|
-
"pending-approval",
|
|
678
|
-
"invited"
|
|
983
|
+
"suspended"
|
|
679
984
|
]
|
|
680
985
|
},
|
|
681
986
|
"authentication.subject_type": {
|
|
@@ -686,6 +991,14 @@
|
|
|
686
991
|
"user",
|
|
687
992
|
"service-account"
|
|
688
993
|
]
|
|
994
|
+
},
|
|
995
|
+
"authentication.totp_status": {
|
|
996
|
+
"name": "totp_status",
|
|
997
|
+
"schema": "authentication",
|
|
998
|
+
"values": [
|
|
999
|
+
"pending",
|
|
1000
|
+
"active"
|
|
1001
|
+
]
|
|
689
1002
|
}
|
|
690
1003
|
},
|
|
691
1004
|
"schemas": {},
|