logto/packages/schemas/alterations/1.19.0-1721483240-multiple-app-secrets.ts

import { sql } from '@silverhand/slonik';

import type { AlterationScript } from '../lib/types/alteration.js';

import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';

const alteration: AlterationScript = {
  up: async (pool) => {
    await pool.query(sql`
      -- Remove existing constraint
      alter table organization_application_relations drop constraint application_type;

      -- Drop the function
      drop function check_application_type;

      -- Create a new function that accepts a variadic array of application types
      create function check_application_type(
        application_id varchar(21),
        variadic target_type application_type[]
      ) returns boolean as
      $$ begin
        return (select type from applications where id = application_id) = any(target_type);
      end; $$ language plpgsql set search_path = public;

      -- Add back the constraint
      alter table organization_application_relations
        add constraint application_type
        check (check_application_type(application_id, 'MachineToMachine'));

      -- Create the new table
      create table application_secrets (
        tenant_id varchar(21) not null
          references tenants (id) on update cascade on delete cascade,
        application_id varchar(21) not null
          references applications (id) on update cascade on delete cascade,
        /** The name of the secret. Should be unique within the application. */
        name varchar(256) not null,
        value varchar(64) not null,
        expires_at timestamptz,
        created_at timestamptz not null default now(),
        primary key (tenant_id, application_id, name),
        constraint application_type
          check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'))
      );
    `);
    await applyTableRls(pool, 'application_secrets');
  },
  down: async (pool) => {
    await dropTableRls(pool, 'application_secrets');
    await pool.query(sql`
      -- Remove the table
      drop table application_secrets;

      -- Remove the constraint
      alter table organization_application_relations drop constraint application_type;

      -- Drop the function
      drop function check_application_type;

      -- Restore the original function
      create function check_application_type(
        application_id varchar(21),
        target_type application_type
      ) returns boolean as
      $$ begin
        return (select type from applications where id = application_id) = target_type;
      end; $$ language plpgsql set search_path = public;

      -- Add back the constraint
      alter table organization_application_relations
        add constraint application_type
        check (check_application_type(application_id, 'MachineToMachine'));
    `);
  },
};

export default alteration;
feat(schemas): init app_secrets table 2024-07-21 06:59:30 -05:00			`import { sql } from '@silverhand/slonik';`

			`import type { AlterationScript } from '../lib/types/alteration.js';`

			`import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';`

			`const alteration: AlterationScript = {`
			`up: async (pool) => {`
			await pool.query(sql`
			`-- Remove existing constraint`
			`alter table organization_application_relations drop constraint application_type;`

			`-- Drop the function`
			`drop function check_application_type;`

			`-- Create a new function that accepts a variadic array of application types`
			`create function check_application_type(`
			`application_id varchar(21),`
			`variadic target_type application_type[]`
			`) returns boolean as`
			`$$ begin`
			`return (select type from applications where id = application_id) = any(target_type);`
			`end; $$ language plpgsql set search_path = public;`

			`-- Add back the constraint`
			`alter table organization_application_relations`
			`add constraint application_type`
			`check (check_application_type(application_id, 'MachineToMachine'));`

			`-- Create the new table`
			`create table application_secrets (`
			`tenant_id varchar(21) not null`
			`references tenants (id) on update cascade on delete cascade,`
			`application_id varchar(21) not null`
			`references applications (id) on update cascade on delete cascade,`
			`/** The name of the secret. Should be unique within the application. */`
			`name varchar(256) not null,`
			`value varchar(64) not null,`
			`expires_at timestamptz,`
			`created_at timestamptz not null default now(),`
			`primary key (tenant_id, application_id, name),`
			`constraint application_type`
			`check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'))`
			`);`
			`);
			`await applyTableRls(pool, 'application_secrets');`
			`},`
			`down: async (pool) => {`
			`await dropTableRls(pool, 'application_secrets');`
			await pool.query(sql`
			`-- Remove the table`
			`drop table application_secrets;`

			`-- Remove the constraint`
			`alter table organization_application_relations drop constraint application_type;`

			`-- Drop the function`
			`drop function check_application_type;`

			`-- Restore the original function`
			`create function check_application_type(`
			`application_id varchar(21),`
			`target_type application_type`
			`) returns boolean as`
			`$$ begin`
			`return (select type from applications where id = application_id) = target_type;`
			`end; $$ language plpgsql set search_path = public;`

			`-- Add back the constraint`
			`alter table organization_application_relations`
			`add constraint application_type`
			`check (check_application_type(application_id, 'MachineToMachine'));`
			`);
			`},`
			`};`

			`export default alteration;`