0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-13 21:30:30 -05:00

feat(schemas): add service logs table (#3390)

This commit is contained in:
wangsijie 2023-03-14 15:15:45 +08:00 committed by GitHub
parent 67da65be9b
commit 47881b6d6e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 77 additions and 2 deletions

View file

@ -1,4 +1,4 @@
import { Systems } from '@logto/schemas';
import { ServiceLogs, Systems } from '@logto/schemas';
import { Tenants } from '@logto/schemas/models';
import { isKeyInObject } from '@logto/shared';
import { conditional, conditionalString } from '@silverhand/essentials';
@ -55,7 +55,9 @@ export const checkRowLevelSecurity = async (client: CommonQueryMethods) => {
and rowsecurity=false
`);
const rlsDisabled = rows.filter(({ tablename }) => tablename !== Systems.table);
const rlsDisabled = rows.filter(
({ tablename }) => tablename !== Systems.table && tablename !== ServiceLogs.table
);
if (rlsDisabled.length > 0) {
throw new Error(

View file

@ -0,0 +1,51 @@
import type { CommonQueryMethods } from 'slonik';
import { sql } from 'slonik';
import type { AlterationScript } from '../lib/types/alteration.js';
const getId = (value: string) => sql.identifier([value]);
const getDatabaseName = async (pool: CommonQueryMethods) => {
const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
select current_database();
`);
return currentDatabase.replaceAll('-', '_');
};
const alteration: AlterationScript = {
up: async (pool) => {
const database = await getDatabaseName(pool);
const baseRole = `logto_tenant_${database}`;
const baseRoleId = getId(baseRole);
await pool.query(sql`
create table service_logs (
id varchar(21) not null,
tenant_id varchar(21) not null
references tenants (id) on update cascade on delete cascade,
type varchar(64) not null,
payload jsonb /* @use ArbitraryObject */ not null default '{}'::jsonb,
created_at timestamptz not null default(now()),
primary key (id)
);
create index service_logs__id
on service_logs (id);
create index service_logs__tenant_id__type
on service_logs (tenant_id, type);
revoke all privileges
on table service_logs
from ${baseRoleId};
`);
},
down: async (pool) => {
await pool.query(sql`
drop table service_logs;
`);
},
};
export default alteration;

View file

@ -28,6 +28,11 @@ revoke all privileges
on table systems
from logto_tenant_${database};
---- Revoke all privileges on service_logs table for tenant roles ----
revoke all privileges
on table service_logs
from logto_tenant_${database};
---- Create policies to make internal roles read-only ----
/**

View file

@ -0,0 +1,17 @@
create table service_logs (
id varchar(21) not null,
tenant_id varchar(21) not null
references tenants (id) on update cascade on delete cascade,
type varchar(64) not null,
payload jsonb /* @use ArbitraryObject */ not null default '{}'::jsonb,
created_at timestamptz not null default(now()),
primary key (id)
);
create index service_logs__id
on service_logs (id);
create index service_logs__tenant_id__type
on service_logs (tenant_id, type);
/* no_after_each */