0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
logto/packages/schemas/alterations/1.20.0-1724229102-add-report-sub-updates-cloud-scope.ts

103 lines
2.9 KiB
TypeScript
Raw Permalink Normal View History

import { sql } from '@silverhand/slonik';
import type { AlterationScript } from '../lib/types/alteration.js';
import { generateStandardId } from './utils/1716643968-id-generation.js';
type Resource = {
tenantId: string;
id: string;
name: string;
indicator: string;
isDefault: boolean;
};
type Scope = {
tenantId: string;
id: string;
resourceId: string;
name: string;
description: string;
};
type Role = {
tenantId: string;
id: string;
name: string;
description: string;
};
const cloudApiIndicator = 'https://cloud.logto.io/api';
const cloudConnectionAppRoleName = 'tenantApplication';
const adminTenantId = 'admin';
const reportSubscriptionUpdatesScopeName = 'report:subscription:updates';
const reportSubscriptionUpdatesScopeDescription =
'Allow reporting changes on Stripe subscription to Logto Cloud.';
const alteration: AlterationScript = {
up: async (pool) => {
// Get the Cloud API resource
const cloudApiResource = await pool.maybeOne<Resource>(sql`
select * from resources
where tenant_id = ${adminTenantId}
and indicator = ${cloudApiIndicator}
`);
if (!cloudApiResource) {
return;
}
// Get cloud connection application role
const tenantApplicationRole = await pool.one<Role>(sql`
select * from roles
where tenant_id = ${adminTenantId}
and name = ${cloudConnectionAppRoleName} and type = 'MachineToMachine'
`);
// Create the `report:subscription:updates` scope
const reportSubscriptionUpdatesCloudScope = await pool.one<Scope>(sql`
insert into scopes (id, tenant_id, resource_id, name, description)
values (${generateStandardId()}, ${adminTenantId}, ${
cloudApiResource.id
}, ${reportSubscriptionUpdatesScopeName}, ${reportSubscriptionUpdatesScopeDescription})
on conflict (tenant_id, name, resource_id) do nothing
returning *;
`);
// Assign the `report:subscription:updates` scope to cloud connection application role
await pool.query(sql`
insert into roles_scopes (id, tenant_id, role_id, scope_id)
values (${generateStandardId()}, ${adminTenantId}, ${tenantApplicationRole.id}, ${
reportSubscriptionUpdatesCloudScope.id
}) on conflict (tenant_id, role_id, scope_id) do nothing;
`);
},
down: async (pool) => {
// Get the Cloud API resource
const cloudApiResource = await pool.maybeOne<Resource>(sql`
select * from resources
where tenant_id = ${adminTenantId}
and indicator = ${cloudApiIndicator}
`);
if (!cloudApiResource) {
return;
}
// Remove the `report:subscription:updates` scope
await pool.query(sql`
delete from scopes
where
tenant_id = ${adminTenantId} and
name = ${reportSubscriptionUpdatesScopeName} and
description = ${reportSubscriptionUpdatesScopeDescription} and
resource_id = ${cloudApiResource.id}
`);
},
};
export default alteration;