logto/packages/schemas/alterations/1.10.1-1697683802-add-sso-connectors-table.ts

import { type CommonQueryMethods, sql } from 'slonik';

import type { AlterationScript } from '../lib/types/alteration.js';

const getId = (value: string) => sql.identifier([value]);

const getDatabaseName = async (pool: CommonQueryMethods) => {
  const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
    select current_database();
  `);

  return currentDatabase.replaceAll('-', '_');
};

const alteration: AlterationScript = {
  up: async (pool) => {
    const database = await getDatabaseName(pool);
    const baseRoleId = getId(`logto_tenant_${database}`);

    await pool.query(sql`
      create table sso_connectors (
        tenant_id varchar(21) not null
          references tenants (id) on update cascade on delete cascade,
        id varchar(128) not null,
        provider_name varchar(128) not null,
        connector_name varchar(128) not null,
        config jsonb not null default '{}'::jsonb,
        domains jsonb not null default '[]'::jsonb,
        branding jsonb not null default '{}'::jsonb,
        sync_profile boolean not null default FALSE,
        sso_only boolean not null default FALSE,
        created_at timestamptz not null default(now()),
        primary key (id)
      );

      create index sso_connectors__id
        on sso_connectors (tenant_id, id);

      create index sso_connectors__id__provider_name
        on sso_connectors (tenant_id, id, provider_name);

      create trigger set_tenant_id before insert on sso_connectors
        for each row execute procedure set_tenant_id();

      alter table sso_connectors enable row level security;

      create policy sso_connectors_tenant_id on sso_connectors
        as restrictive
        using (tenant_id = (select id from tenants where db_user = current_user));

      create policy sso_connectors_modification on sso_connectors
        using (true);

      grant select, insert, update, delete on sso_connectors to ${baseRoleId};
    `);
  },
  down: async (pool) => {
    await pool.query(sql`
      drop policy sso_connectors_modification on sso_connectors;
      drop policy sso_connectors_tenant_id on sso_connectors;
      drop table sso_connectors;
    `);
  },
};

export default alteration;
feat(schemas): create sso_connectors table (#4694) * feat(schemas): create sso_connectors table create sso_connectors table * chore(schemas): add comments add comments * fix(schemas): remove dummy comments remove dummy comments * fix(schemas): fix schema typo fix schema typo * fix(schemas): adjust the alteration column order adjust the alteration column order * fix(schemas): drop policy drop policy * chore: fix the db alteration compare job tag version fix the db alteration compare job tag version * fix(schemas): set sso table order set sso table order * fix(schemas): fix alteration script fix alteration script 2023-10-19 21:46:09 -05:00			`import { type CommonQueryMethods, sql } from 'slonik';`

			`import type { AlterationScript } from '../lib/types/alteration.js';`

			`const getId = (value: string) => sql.identifier([value]);`

			`const getDatabaseName = async (pool: CommonQueryMethods) => {`
			const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
			`select current_database();`
			`);

			`return currentDatabase.replaceAll('-', '_');`
			`};`

			`const alteration: AlterationScript = {`
			`up: async (pool) => {`
			`const database = await getDatabaseName(pool);`
			const baseRoleId = getId(`logto_tenant_${database}`);

			await pool.query(sql`
			`create table sso_connectors (`
			`tenant_id varchar(21) not null`
			`references tenants (id) on update cascade on delete cascade,`
			`id varchar(128) not null,`
			`provider_name varchar(128) not null,`
			`connector_name varchar(128) not null,`
			`config jsonb not null default '{}'::jsonb,`
			`domains jsonb not null default '[]'::jsonb,`
			`branding jsonb not null default '{}'::jsonb,`
			`sync_profile boolean not null default FALSE,`
			`sso_only boolean not null default FALSE,`
			`created_at timestamptz not null default(now()),`
			`primary key (id)`
			`);`

			`create index sso_connectors__id`
			`on sso_connectors (tenant_id, id);`

			`create index sso_connectors__id__provider_name`
			`on sso_connectors (tenant_id, id, provider_name);`

			`create trigger set_tenant_id before insert on sso_connectors`
			`for each row execute procedure set_tenant_id();`

			`alter table sso_connectors enable row level security;`

			`create policy sso_connectors_tenant_id on sso_connectors`
			`as restrictive`
			`using (tenant_id = (select id from tenants where db_user = current_user));`

			`create policy sso_connectors_modification on sso_connectors`
			`using (true);`

			`grant select, insert, update, delete on sso_connectors to ${baseRoleId};`
			`);
			`},`
			`down: async (pool) => {`
			await pool.query(sql`
			`drop policy sso_connectors_modification on sso_connectors;`
			`drop policy sso_connectors_tenant_id on sso_connectors;`
			`drop table sso_connectors;`
			`);
			`},`
			`};`

			`export default alteration;`