feat(schemas): add verification record table (#6566)

packages/schemas/alterations/next-1725971571-add-verification-record.ts

@@ -0,0 +1,35 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table verification_records (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        user_id varchar(21)
+          references users (id) on update cascade on delete cascade,
+        created_at timestamptz not null default(now()),
+        expires_at timestamptz not null,
+        data jsonb /* @use VerificationRecordData */ not null default '{}'::jsonb,
+        primary key (id)
+      );
+
+      create index verification_records__id
+        on verification_records (tenant_id, id);
+    `);
+    await applyTableRls(pool, 'verification_records');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'verification_records');
+    await pool.query(sql`
+      drop table verification_records;
+    `);
+  },
+};
+
+export default alteration;

packages/schemas/src/foundations/jsonb-types/index.ts

@@ -8,6 +8,7 @@ export * from './sentinel.js';
 export * from './users.js';
 export * from './sso-connector.js';
 export * from './applications.js';
+export * from './verification-records.js';
 
 export {
   configurableConnectorMetadataGuard,

packages/schemas/src/foundations/jsonb-types/verification-records.ts

@@ -0,0 +1,15 @@
+import { z } from 'zod';
+
+export enum VerificationType {
+  Password = 'Password',
+  EmailVerificationCode = 'EmailVerificationCode',
+  PhoneVerificationCode = 'PhoneVerificationCode',
+  Social = 'Social',
+  EnterpriseSso = 'EnterpriseSso',
+  TOTP = 'Totp',
+  WebAuthn = 'WebAuthn',
+  BackupCode = 'BackupCode',
+  NewPasswordIdentity = 'NewPasswordIdentity',
+}
+
+export const verificationTypeGuard = z.nativeEnum(VerificationType);

packages/schemas/src/types/interactions.ts

@@ -55,19 +55,6 @@ export const verificationCodeIdentifierGuard = z.object({
   value: z.string(),
 }) satisfies ToZodObject<VerificationCodeIdentifier>;
 
-/** Logto supported interaction verification types. */
-export enum VerificationType {
-  Password = 'Password',
-  EmailVerificationCode = 'EmailVerificationCode',
-  PhoneVerificationCode = 'PhoneVerificationCode',
-  Social = 'Social',
-  EnterpriseSso = 'EnterpriseSso',
-  TOTP = 'Totp',
-  WebAuthn = 'WebAuthn',
-  BackupCode = 'BackupCode',
-  NewPasswordIdentity = 'NewPasswordIdentity',
-}
-
 // REMARK: API payload guard
 
 /** Payload type for `POST /api/experience/verification/{social|sso}/:connectorId/authorization-uri`. */

packages/schemas/src/types/log/interaction.ts

@@ -1,5 +1,5 @@
-import { type MfaFactor } from '../../foundations/index.js';
-import type { InteractionEvent, VerificationType } from '../interactions.js';
+import { type VerificationType, type MfaFactor } from '../../foundations/index.js';
+import type { InteractionEvent } from '../interactions.js';
 
 export type Prefix = 'Interaction';
 

packages/schemas/tables/verification_records.sql

@@ -0,0 +1,15 @@
+create table verification_records (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  id varchar(21) not null,
+  user_id varchar(21)
+    references users (id) on update cascade on delete cascade,
+  created_at timestamptz not null default(now()),
+  expires_at timestamptz not null,
+  /** Use JsonObject here to avoid complex typing, the type will be validated in verification classes. */
+  data jsonb /* @use JsonObject */ not null default '{}'::jsonb,
+  primary key (id)
+);
+
+create index verification_records__id
+  on verification_records (tenant_id, id);