mirror of
https://github.com/logto-io/logto.git
synced 2025-01-20 21:32:31 -05:00
213 lines
5.8 KiB
TypeScript
213 lines
5.8 KiB
TypeScript
|
import { generateStandardId } from '@logto/core-kit';
|
||
|
import type { CommonQueryMethods } from 'slonik';
|
||
|
import { sql } from 'slonik';
|
||
|
import { raw } from 'slonik-sql-tag-raw';
|
||
|
|
||
|
import type { AlterationScript } from '../lib/types/alteration.js';
|
||
|
|
||
|
const adminTenantId = 'admin';
|
||
|
|
||
|
const getId = (value: string) => sql.identifier([value]);
|
||
|
|
||
|
const getDatabaseName = async (pool: CommonQueryMethods) => {
|
||
|
const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
|
||
|
select current_database();
|
||
|
`);
|
||
|
|
||
|
return currentDatabase.replaceAll('-', '_');
|
||
|
};
|
||
|
|
||
|
const addManagementApiData = async (pool: CommonQueryMethods) => {
|
||
|
const resourceId = generateStandardId();
|
||
|
const roleId = generateStandardId();
|
||
|
const scopeId = generateStandardId();
|
||
|
|
||
|
await pool.query(sql`
|
||
|
insert into resources (tenant_id, id, indicator, name)
|
||
|
values (
|
||
|
${adminTenantId},
|
||
|
${resourceId},
|
||
|
'https://default.logto.app/api',
|
||
|
'Logto Management API for tenant default'
|
||
|
);
|
||
|
`);
|
||
|
await pool.query(sql`
|
||
|
insert into scopes (tenant_id, id, name, description, resource_id)
|
||
|
values (
|
||
|
${adminTenantId},
|
||
|
${scopeId},
|
||
|
'all',
|
||
|
'Default scope for Management API, allows all permissions.',
|
||
|
${resourceId}
|
||
|
);
|
||
|
`);
|
||
|
await pool.query(sql`
|
||
|
insert into roles (tenant_id, id, name, description)
|
||
|
values (
|
||
|
${adminTenantId},
|
||
|
${roleId},
|
||
|
'default:admin',
|
||
|
'Admin role for Logto.'
|
||
|
);
|
||
|
`);
|
||
|
await pool.query(sql`
|
||
|
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
||
|
values (
|
||
|
${adminTenantId},
|
||
|
${generateStandardId()},
|
||
|
${roleId},
|
||
|
${scopeId}
|
||
|
);
|
||
|
`);
|
||
|
};
|
||
|
|
||
|
const addMeApiData = async (pool: CommonQueryMethods) => {
|
||
|
const resourceId = generateStandardId();
|
||
|
const roleId = generateStandardId();
|
||
|
const scopeId = generateStandardId();
|
||
|
|
||
|
await pool.query(sql`
|
||
|
insert into resources (tenant_id, id, indicator, name)
|
||
|
values (
|
||
|
${adminTenantId},
|
||
|
${resourceId},
|
||
|
'https://admin.logto.app/me',
|
||
|
'Logto Me API'
|
||
|
);
|
||
|
`);
|
||
|
await pool.query(sql`
|
||
|
insert into scopes (tenant_id, id, name, description, resource_id)
|
||
|
values (
|
||
|
${adminTenantId},
|
||
|
${scopeId},
|
||
|
'all',
|
||
|
'Default scope for Me API, allows all permissions.',
|
||
|
${resourceId}
|
||
|
);
|
||
|
`);
|
||
|
await pool.query(sql`
|
||
|
insert into roles (tenant_id, id, name, description)
|
||
|
values (
|
||
|
${adminTenantId},
|
||
|
${roleId},
|
||
|
'user',
|
||
|
'Default role for admin tenant.'
|
||
|
);
|
||
|
`);
|
||
|
await pool.query(sql`
|
||
|
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
||
|
values (
|
||
|
${adminTenantId},
|
||
|
${generateStandardId()},
|
||
|
${roleId},
|
||
|
${scopeId}
|
||
|
);
|
||
|
`);
|
||
|
};
|
||
|
|
||
|
const alteration: AlterationScript = {
|
||
|
up: async (pool) => {
|
||
|
const database = await getDatabaseName(pool);
|
||
|
|
||
|
// Update function
|
||
|
await pool.query(sql`
|
||
|
create or replace function set_tenant_id() returns trigger as
|
||
|
$$ begin
|
||
|
if new.tenant_id is not null then
|
||
|
return new;
|
||
|
end if;
|
||
|
|
||
|
select tenants.id into new.tenant_id
|
||
|
from tenants
|
||
|
where tenants.db_user = current_user;
|
||
|
|
||
|
return new;
|
||
|
end; $$ language plpgsql;
|
||
|
`);
|
||
|
|
||
|
// Update users table constraint
|
||
|
await pool.query(sql`
|
||
|
alter table users
|
||
|
drop constraint users_username_key,
|
||
|
add constraint users__username unique (tenant_id, username),
|
||
|
drop constraint users_primary_email_key,
|
||
|
add constraint users__primary_email unique (tenant_id, primary_email),
|
||
|
drop constraint users_primary_phone_key,
|
||
|
add constraint users__primary_phone unique (tenant_id, primary_phone);
|
||
|
`);
|
||
|
|
||
|
// Update old resource
|
||
|
await pool.query(sql`
|
||
|
update resources
|
||
|
set indicator = 'https://default.logto.app/api'
|
||
|
where indicator = 'https://api.logto.io';
|
||
|
`);
|
||
|
|
||
|
// Create admin tenant
|
||
|
const baseRole = `logto_tenant_${database}`;
|
||
|
const role = `logto_tenant_${database}_${adminTenantId}`;
|
||
|
const password = generateStandardId(32);
|
||
|
|
||
|
await pool.query(sql`
|
||
|
insert into tenants (id, db_user, db_user_password)
|
||
|
values (${adminTenantId}, ${role}, ${password});
|
||
|
`);
|
||
|
await pool.query(sql`
|
||
|
create role ${getId(role)} with inherit login
|
||
|
password '${raw(password)}'
|
||
|
in role ${getId(baseRole)};
|
||
|
`);
|
||
|
|
||
|
await addManagementApiData(pool);
|
||
|
await addMeApiData(pool);
|
||
|
},
|
||
|
down: async (pool) => {
|
||
|
const database = await getDatabaseName(pool);
|
||
|
const role = `logto_tenant_${database}_${adminTenantId}`;
|
||
|
|
||
|
// Drop role and tenant
|
||
|
await pool.query(sql`
|
||
|
drop role ${getId(role)};
|
||
|
`);
|
||
|
await pool.query(sql`
|
||
|
delete from tenants where id = ${adminTenantId};
|
||
|
`);
|
||
|
|
||
|
// Restore users table constraint
|
||
|
await pool.query(sql`
|
||
|
alter table users
|
||
|
drop constraint users__username,
|
||
|
add constraint users_username_key unique (username),
|
||
|
drop constraint users__primary_email,
|
||
|
add constraint users_primary_email_key unique (primary_email),
|
||
|
drop constraint users__primary_phone,
|
||
|
add constraint users_primary_phone_key unique (primary_phone);
|
||
|
`);
|
||
|
|
||
|
// Restore old resource
|
||
|
await pool.query(sql`
|
||
|
update resources
|
||
|
set indicator = 'https://api.logto.io'
|
||
|
where indicator = 'https://default.logto.app/api';
|
||
|
`);
|
||
|
|
||
|
// Update function
|
||
|
await pool.query(sql`
|
||
|
create or replace function set_tenant_id() returns trigger as
|
||
|
$$ begin
|
||
|
select tenants.id into new.tenant_id
|
||
|
from tenants
|
||
|
where ('tenant_user_' || tenants.id) = current_user;
|
||
|
|
||
|
if new.tenant_id is null then
|
||
|
new.tenant_id := 'default';
|
||
|
end if;
|
||
|
|
||
|
return new;
|
||
|
end; $$ language plpgsql;
|
||
|
`);
|
||
|
},
|
||
|
};
|
||
|
|
||
|
export default alteration;
|