From ebc04a283dd2ec2595899af15a667d013cc9efea Mon Sep 17 00:00:00 2001
From: Darcy Ye <darcyye@silverhand.io>
Date: Wed, 7 Aug 2024 14:12:55 +0800
Subject: [PATCH] Revert "refactor: add `report:subscription:updates` Cloud
 scope" (#6412)

Revert "refactor: add `report:subscription:updates` Cloud scope (#6403)"

This reverts commit e1922e9afbb8f9a0ce4b9fea4b154e9266bcedcf.
---
 .../cli/src/commands/database/seed/tables.ts  |  3 +-
 .../core/src/libraries/cloud-connection.ts    |  7 +-
 ...4357-add-report-sub-updates-cloud-scope.ts | 92 -------------------
 packages/schemas/src/seeds/cloud-api.ts       |  8 --
 4 files changed, 2 insertions(+), 108 deletions(-)
 delete mode 100644 packages/schemas/alterations/next-1722914357-add-report-sub-updates-cloud-scope.ts

diff --git a/packages/cli/src/commands/database/seed/tables.ts b/packages/cli/src/commands/database/seed/tables.ts
index 2dcf0005c..343e86103 100644
--- a/packages/cli/src/commands/database/seed/tables.ts
+++ b/packages/cli/src/commands/database/seed/tables.ts
@@ -181,8 +181,7 @@ export const seedTables = async (
         ({ name }) =>
           name === CloudScope.SendSms ||
           name === CloudScope.SendEmail ||
-          name === CloudScope.FetchCustomJwt ||
-          name === CloudScope.ReportSubscriptionUpdates
+          name === CloudScope.FetchCustomJwt
       )
       .map(({ id }) => id)
   );
diff --git a/packages/core/src/libraries/cloud-connection.ts b/packages/core/src/libraries/cloud-connection.ts
index d32d8f71f..f1530e3ae 100644
--- a/packages/core/src/libraries/cloud-connection.ts
+++ b/packages/core/src/libraries/cloud-connection.ts
@@ -29,13 +29,8 @@ const accessTokenResponseGuard = z.object({
  * The scope here can be empty and still work, because the cloud API requests made using this client do not rely on scope verification.
  * The `CloudScope.SendEmail` is added for now because it needs to call the cloud email service API.
  * The `CloudScope.FetchCustomJwt` is added for now because it needs to call the cloud custom JWT service API.
- * The `CloudScope.ReportSubscriptionUpdates` is added since we need to report subscription updates to the cloud.
  */
-const scopes: string[] = [
-  CloudScope.SendEmail,
-  CloudScope.FetchCustomJwt,
-  CloudScope.ReportSubscriptionUpdates,
-];
+const scopes: string[] = [CloudScope.SendEmail, CloudScope.FetchCustomJwt];
 const accessTokenExpirationMargin = 60;
 
 /** The library for connecting to Logto Cloud service. */
diff --git a/packages/schemas/alterations/next-1722914357-add-report-sub-updates-cloud-scope.ts b/packages/schemas/alterations/next-1722914357-add-report-sub-updates-cloud-scope.ts
deleted file mode 100644
index 06a7caf81..000000000
--- a/packages/schemas/alterations/next-1722914357-add-report-sub-updates-cloud-scope.ts
+++ /dev/null
@@ -1,92 +0,0 @@
-import { generateStandardId } from '@logto/shared/universal';
-import { sql } from '@silverhand/slonik';
-
-import type { AlterationScript } from '../lib/types/alteration.js';
-
-type Resource = {
-  tenantId: string;
-  id: string;
-  name: string;
-  indicator: string;
-  isDefault: boolean;
-};
-
-type Scope = {
-  tenantId: string;
-  id: string;
-  resourceId: string;
-  name: string;
-  description: string;
-};
-
-type Role = {
-  tenantId: string;
-  id: string;
-  name: string;
-  description: string;
-};
-
-const cloudApiIndicator = 'https://cloud.logto.io/api';
-
-const cloudConnectionAppRoleName = 'tenantApplication';
-
-const adminTenantId = 'admin';
-
-const reportSubscriptionUpdatesScopeName = 'report:subscription:updates';
-const reportSubscriptionUpdatesScopeDescription =
-  'Allow reporting changes on Stripe subscription to Logto Cloud.';
-
-const alteration: AlterationScript = {
-  up: async (pool) => {
-    // Get the Cloud API resource
-    const cloudApiResource = await pool.one<Resource>(sql`
-      select * from resources
-      where tenant_id = ${adminTenantId}
-      and indicator = ${cloudApiIndicator}
-    `);
-
-    // Get cloud connection application role
-    const tenantApplicationRole = await pool.one<Role>(sql`
-      select * from roles
-      where tenant_id = ${adminTenantId}
-      and name = ${cloudConnectionAppRoleName} and type = 'MachineToMachine'
-    `);
-
-    // Create the `report:subscription:updates` scope
-    const reportSubscriptionUpdatesCloudScope = await pool.one<Scope>(sql`
-      insert into scopes (id, tenant_id, resource_id, name, description)
-      values (${generateStandardId()}, ${adminTenantId}, ${
-        cloudApiResource.id
-      }, ${reportSubscriptionUpdatesScopeName}, ${reportSubscriptionUpdatesScopeDescription})
-      returning *;
-    `);
-
-    // Assign the `report:subscription:updates` scope to cloud connection application role
-    await pool.query(sql`
-      insert into roles_scopes (id, tenant_id, role_id, scope_id)
-      values (${generateStandardId()}, ${adminTenantId}, ${tenantApplicationRole.id}, ${
-        reportSubscriptionUpdatesCloudScope.id
-      });
-    `);
-  },
-  down: async (pool) => {
-    // Get the Cloud API resource
-    const cloudApiResource = await pool.one<Resource>(sql`
-      select * from resources
-      where tenant_id = ${adminTenantId}
-      and indicator = ${cloudApiIndicator}
-    `);
-
-    // Remove the `report:subscription:updates` scope
-    await pool.query(sql`
-      delete from scopes
-      where
-        tenant_id = ${adminTenantId} and
-        name = ${reportSubscriptionUpdatesScopeName} and
-        description = ${reportSubscriptionUpdatesScopeDescription} and
-        resource_id = ${cloudApiResource.id}
-    `);
-  },
-};
-
-export default alteration;
diff --git a/packages/schemas/src/seeds/cloud-api.ts b/packages/schemas/src/seeds/cloud-api.ts
index 64afa8357..f98474c54 100644
--- a/packages/schemas/src/seeds/cloud-api.ts
+++ b/packages/schemas/src/seeds/cloud-api.ts
@@ -22,10 +22,6 @@ export enum CloudScope {
    * scripts and fetch the parsed token payload.
    */
   FetchCustomJwt = 'fetch:custom:jwt',
-  /**
-   * The entity can report changes on Stripe subscription to Logto Cloud.
-   */
-  ReportSubscriptionUpdates = 'report:subscription:updates',
   /** The user can see and manage affiliates, including create, update, and delete. */
   ManageAffiliate = 'manage:affiliate',
   /** The user can create new affiliates and logs. */
@@ -74,10 +70,6 @@ export const createCloudApi = (): Readonly<[UpdateAdminData, ...CreateScope[]]>
       CloudScope.FetchCustomJwt,
       'Allow accessing external resource to execute JWT payload customizer script and fetch the parsed token payload.'
     ),
-    buildScope(
-      CloudScope.ReportSubscriptionUpdates,
-      'Allow reporting changes on Stripe subscription to Logto Cloud.'
-    ),
     buildScope(CloudScope.CreateAffiliate, 'Allow creating new affiliates and logs.'),
     buildScope(
       CloudScope.ManageAffiliate,