feat(schemas): add column protected_app_metadata (#5113)

* feat(schemas): add new application type for protected app

* feat(schemas): add column protected_app_configs

packages/core/src/__mocks__/index.ts

@@ -38,6 +38,7 @@ export const mockApplication: Application = {
     idTokenTtl: 5000,
     refreshTokenTtl: 6_000_000,
   },
+  protectedAppMetadata: null,
   isThirdParty: false,
   createdAt: 1_645_334_775_356,
 };

packages/core/src/routes/applications/types.ts

@@ -20,7 +20,7 @@ export const applicationResponseGuard: typeof Applications.guard = EnvSet.values
   .isDevFeaturesEnabled
   ? Applications.guard
   : Applications.guard
-      .omit({ isThirdParty: true, type: true })
+      .omit({ isThirdParty: true, type: true, protectedAppMetadata: true })
       .extend({ type: z.nativeEnum(OriginalApplicationType) });
 
 // @ts-expect-error -- hide the dev feature field from the guard type, but always return the full type to make the api logic simpler
@@ -28,5 +28,5 @@ export const applicationCreateGuard: typeof originalApplicationCreateGuard = Env
   .isDevFeaturesEnabled
   ? originalApplicationCreateGuard
   : originalApplicationCreateGuard
-      .omit({ isThirdParty: true, type: true })
+      .omit({ isThirdParty: true, type: true, protectedAppMetadata: true })
       .extend({ type: z.nativeEnum(OriginalApplicationType) });

packages/schemas/alterations/next-1702877515-protected-app-configs.ts

@@ -0,0 +1,18 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table applications add protected_app_metadata jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table applications drop protected_app_metadata;
+    `);
+  },
+};
+
+export default alteration;

packages/schemas/src/foundations/jsonb-types/applications.ts

@@ -0,0 +1,18 @@
+import { z } from 'zod';
+
+export const protectedAppMetadataGuard = z.object({
+  /* The host of the site */
+  host: z.string(),
+  /* The origin of the site */
+  origin: z.string(),
+  /* Session duration in seconds */
+  sessionDuration: z.number(),
+  pageRules: z.array(
+    z.object({
+      /* The path pattern (regex) to match */
+      path: z.string(),
+    })
+  ),
+});
+
+export type ProtectedAppMetadata = z.infer<typeof protectedAppMetadataGuard>;

packages/schemas/src/foundations/jsonb-types/index.ts

@@ -10,6 +10,7 @@ export * from './sign-in-experience.js';
 export * from './sentinel.js';
 export * from './users.js';
 export * from './sso-connector.js';
+export * from './applications.js';
 
 export {
   configurableConnectorMetadataGuard,

packages/schemas/src/seeds/application.ts

@@ -27,6 +27,7 @@ export const buildDemoAppDataForTenant = (tenantId: string): Application => ({
   type: ApplicationType.SPA,
   oidcClientMetadata: { redirectUris: [], postLogoutRedirectUris: [] },
   customClientMetadata: {},
+  protectedAppMetadata: null,
   isThirdParty: false,
   createdAt: 0,
 });

packages/schemas/tables/applications.sql

@@ -12,6 +12,7 @@ create table applications (
   type application_type not null,
   oidc_client_metadata jsonb /* @use OidcClientMetadata */ not null,
   custom_client_metadata jsonb /* @use CustomClientMetadata */ not null default '{}'::jsonb,
+  protected_app_metadata jsonb /* @use ProtectedAppMetadata */,
   is_third_party boolean not null default false,
   created_at timestamptz not null default(now()),
   primary key (id)