feat(schemas): add saml_application_secres table

2024-12-16 20:26:19 -05:00 · 2024-11-18 11:50:21 +08:00 · 2024-11-18 11:50:21 +08:00 · c2d63a21ac
commit c2d63a21ac
parent e97e63c62e
2 changed files with 62 additions and 0 deletions
--- a/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts
+++ b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts
@ -0,0 +1,40 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table saml_application_secrets (
+        id varchar(21) not null,
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        private_key text not null,
+        certificate text not null,
+        created_at timestamptz not null default now(),
+        expires_at timestamptz not null,
+        active boolean not null,
+        primary key (id),
+        constraint application_type
+          check (check_application_type(application_id, 'SAML'))
+      );
+
+      create unique index saml_application_secrets__unique_active_secret
+        on saml_application_secrets (application_id, active)
+        where active;
+    `);
+    await applyTableRls(pool, 'saml_application_secrets');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'saml_application_secrets');
+    await pool.query(sql`
+      drop table saml_application_secrets;
+    `);
+  },
+};
+
+export default alteration;
--- a/packages/schemas/tables/saml_application_secrets.sql
+++ b/packages/schemas/tables/saml_application_secrets.sql
@ -0,0 +1,22 @@
+/* init_order = 2 */
+
+create table saml_application_secrets (
+  id varchar(21) not null,
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  application_id varchar(21) not null
+    references applications (id) on update cascade on delete cascade,
+  private_key text not null,
+  certificate text not null,
+  created_at timestamptz not null default now(),
+  expires_at timestamptz not null,
+  active boolean not null,
+  primary key (id),
+  constraint application_type
+    check (check_application_type(application_id, 'SAML'))
+);
+
+-- Only one active secret per application
+create unique index saml_application_secrets__unique_active_secret
+  on saml_application_secrets (application_id, active)
+  where active;