mirror of
https://github.com/logto-io/logto.git
synced 2024-12-23 20:33:16 -05:00
66 lines
2.1 KiB
TypeScript
66 lines
2.1 KiB
TypeScript
import type { CommonQueryMethods } from 'slonik';
|
|
import { sql } from 'slonik';
|
|
|
|
import type { AlterationScript } from '../lib/types/alteration.js';
|
|
|
|
const getId = (value: string) => sql.identifier([value]);
|
|
|
|
const getDatabaseName = async (pool: CommonQueryMethods) => {
|
|
const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
|
|
select current_database();
|
|
`);
|
|
|
|
return currentDatabase.replaceAll('-', '_');
|
|
};
|
|
|
|
const alteration: AlterationScript = {
|
|
up: async (pool) => {
|
|
const database = await getDatabaseName(pool);
|
|
const baseRoleId = getId(`logto_tenant_${database}`);
|
|
|
|
await pool.query(sql`
|
|
create table domains (
|
|
tenant_id varchar(21) not null
|
|
references tenants (id) on update cascade on delete cascade,
|
|
id varchar(21) not null,
|
|
domain varchar(256) not null,
|
|
status varchar(32) not null default('PendingVerification'),
|
|
error_message varchar(1024),
|
|
dns_records jsonb /* @use DomainDnsRecords */ not null default '[]'::jsonb,
|
|
cloudflare_data jsonb /* @use CloudflareData */,
|
|
updated_at timestamptz not null default(now()),
|
|
created_at timestamptz not null default(now()),
|
|
primary key (id),
|
|
constraint domains__domain
|
|
unique (domain)
|
|
);
|
|
|
|
create index domains__id on domains (tenant_id, id);
|
|
|
|
create trigger set_tenant_id before insert on domains
|
|
for each row execute procedure set_tenant_id();
|
|
|
|
alter table domains enable row level security;
|
|
|
|
create policy domains_tenant_id on domains
|
|
as restrictive
|
|
using (tenant_id = (select id from tenants where db_user = current_user));
|
|
create policy domains_modification on domains
|
|
using (true);
|
|
|
|
grant select, insert, update, delete on domains to ${baseRoleId};
|
|
`);
|
|
},
|
|
down: async (pool) => {
|
|
await pool.query(sql`
|
|
drop policy domains_tenant_id on domains;
|
|
drop policy domains_modification on domains;
|
|
|
|
alter table domains disable row level security;
|
|
|
|
drop table domains;
|
|
`);
|
|
},
|
|
};
|
|
|
|
export default alteration;
|