2023-04-04 16:23:25 +08:00
|
|
|
import { generateStandardId } from '@logto/shared/universal';
|
2024-03-16 19:04:55 +08:00
|
|
|
import type { CommonQueryMethods } from '@silverhand/slonik';
|
|
|
|
import { sql } from '@silverhand/slonik';
|
2023-03-02 22:25:13 +08:00
|
|
|
|
|
|
|
import type { AlterationScript } from '../lib/types/alteration.js';
|
|
|
|
|
|
|
|
const adminTenantId = 'admin';
|
|
|
|
|
|
|
|
const addApiData = async (pool: CommonQueryMethods) => {
|
|
|
|
const adminApi = {
|
|
|
|
resourceId: generateStandardId(),
|
|
|
|
scopeId: generateStandardId(),
|
|
|
|
};
|
|
|
|
const cloudApi = {
|
|
|
|
resourceId: generateStandardId(),
|
|
|
|
scopeId: generateStandardId(),
|
|
|
|
};
|
2023-03-03 14:11:19 +08:00
|
|
|
const adminRole = {
|
|
|
|
id: generateStandardId(),
|
|
|
|
name: 'admin:admin',
|
|
|
|
description: 'Admin role for Logto.',
|
|
|
|
};
|
2023-03-02 22:25:13 +08:00
|
|
|
|
|
|
|
await pool.query(sql`
|
|
|
|
insert into resources (tenant_id, id, indicator, name)
|
|
|
|
values (
|
|
|
|
${adminTenantId},
|
|
|
|
${adminApi.resourceId},
|
|
|
|
'https://admin.logto.app/api',
|
|
|
|
'Logto Management API for tenant admin'
|
|
|
|
), (
|
|
|
|
${adminTenantId},
|
|
|
|
${cloudApi.resourceId},
|
|
|
|
'https://cloud.logto.io/api',
|
2023-03-03 14:11:19 +08:00
|
|
|
'Logto Cloud API'
|
2023-03-02 22:25:13 +08:00
|
|
|
);
|
|
|
|
`);
|
|
|
|
await pool.query(sql`
|
|
|
|
insert into scopes (tenant_id, id, name, description, resource_id)
|
|
|
|
values (
|
|
|
|
${adminTenantId},
|
|
|
|
${adminApi.scopeId},
|
|
|
|
'all',
|
|
|
|
'Default scope for Management API, allows all permissions.',
|
2023-03-03 14:11:19 +08:00
|
|
|
${adminApi.resourceId}
|
2023-03-02 22:25:13 +08:00
|
|
|
), (
|
|
|
|
${adminTenantId},
|
|
|
|
${cloudApi.scopeId},
|
|
|
|
'create:tenant',
|
|
|
|
'Allow creating new tenants.',
|
2023-03-03 14:11:19 +08:00
|
|
|
${cloudApi.resourceId}
|
|
|
|
);
|
|
|
|
`);
|
|
|
|
await pool.query(sql`
|
|
|
|
insert into roles (tenant_id, id, name, description)
|
|
|
|
values (
|
|
|
|
${adminTenantId},
|
|
|
|
${adminRole.id},
|
|
|
|
${adminRole.name},
|
|
|
|
${adminRole.description}
|
2023-03-02 22:25:13 +08:00
|
|
|
);
|
|
|
|
`);
|
|
|
|
|
2023-03-03 14:11:19 +08:00
|
|
|
const { id: userRoleId } = await pool.one<{ id: string }>(sql`
|
2023-03-02 22:25:13 +08:00
|
|
|
select id from roles
|
|
|
|
where tenant_id = ${adminTenantId}
|
|
|
|
and name = 'user'
|
|
|
|
`);
|
|
|
|
|
|
|
|
await pool.query(sql`
|
|
|
|
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
|
|
|
values (
|
|
|
|
${adminTenantId},
|
|
|
|
${generateStandardId()},
|
2023-03-03 14:11:19 +08:00
|
|
|
${userRoleId},
|
|
|
|
${cloudApi.scopeId}
|
2023-03-02 22:25:13 +08:00
|
|
|
), (
|
|
|
|
${adminTenantId},
|
|
|
|
${generateStandardId()},
|
2023-03-03 14:11:19 +08:00
|
|
|
${adminRole.id},
|
|
|
|
${adminApi.scopeId}
|
2023-03-02 22:25:13 +08:00
|
|
|
);
|
|
|
|
`);
|
|
|
|
};
|
|
|
|
|
|
|
|
const alteration: AlterationScript = {
|
|
|
|
up: async (pool) => {
|
|
|
|
await addApiData(pool);
|
|
|
|
await pool.query(sql`
|
|
|
|
insert into logto_configs (tenant_id, key, value)
|
|
|
|
values (
|
|
|
|
${adminTenantId},
|
|
|
|
'adminConsole',
|
|
|
|
${sql.jsonb({
|
|
|
|
language: 'en',
|
|
|
|
appearanceMode: 'system',
|
|
|
|
livePreviewChecked: false,
|
|
|
|
applicationCreated: false,
|
|
|
|
signInExperienceCustomized: false,
|
|
|
|
passwordlessConfigured: false,
|
|
|
|
selfHostingChecked: false,
|
|
|
|
communityChecked: false,
|
|
|
|
m2mApplicationCreated: false,
|
|
|
|
})}
|
|
|
|
);
|
|
|
|
`);
|
|
|
|
},
|
|
|
|
down: async (pool) => {
|
|
|
|
await pool.query(sql`
|
2023-03-03 14:11:19 +08:00
|
|
|
delete from resources
|
|
|
|
where tenant_id = ${adminTenantId}
|
|
|
|
and indicator in ('https://admin.logto.app/api', 'https://cloud.logto.io/api');
|
|
|
|
`);
|
|
|
|
await pool.query(sql`
|
|
|
|
delete from roles
|
|
|
|
where tenant_id = ${adminTenantId}
|
|
|
|
and name = 'admin:admin';
|
|
|
|
`);
|
|
|
|
await pool.query(sql`
|
|
|
|
delete from logto_configs
|
|
|
|
where tenant_id = ${adminTenantId}
|
|
|
|
and key = 'adminConsole';
|
2023-03-02 22:25:13 +08:00
|
|
|
`);
|
|
|
|
},
|
|
|
|
};
|
|
|
|
|
|
|
|
export default alteration;
|