fix: alteration

logto-io · Nov 7, 2024 · d70989d · d70989d
1 parent 1f88a29
commit d70989d
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 39 deletions.
diff --git a/packages/schemas/alterations/next-1730712629-add-saml-application-type.ts b/packages/schemas/alterations/next-1730712629-add-saml-application-type.ts
@@ -0,0 +1,50 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter type application_type add value 'SAML';
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table organization_application_relations drop constraint application_type;
+      alter table application_secrets drop constraint application_type;
+      alter table sso_connector_idp_initiated_auth_configs drop constraint application_type;
+
+      drop function check_application_type;
+
+      create type application_type_new as enum ('Native', 'SPA', 'Traditional', 'MachineToMachine', 'Protected');
+      delete from applications where "type"='SAML';
+      alter table applications
+        alter column "type" type application_type_new
+          using ("type"::text::application_type_new);
+      drop type application_type;
+      alter type application_type_new rename to application_type;
+
+      create function check_application_type(
+        application_id varchar(21),
+        variadic target_type application_type[]
+      ) returns boolean as
+      $$ begin
+        return (select type from applications where id = application_id) = any(target_type);
+      end; $$ language plpgsql set search_path = public;
+
+      alter table organization_application_relations
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine'));
+
+      alter table application_secrets
+        add constraint application_type
+        check (check_application_type(application_id, 'MachineToMachine', 'Traditional', 'Protected'));
+
+      alter table sso_connector_idp_initiated_auth_configs
+        add constraint application_type
+        check (check_application_type(default_application_id, 'Traditional', 'SPA'));
+    `);
+  },
+};
+
+export default alteration;
diff --git a/packages/schemas/alterations/next-1730712629-update-application-type.ts b/packages/schemas/alterations/next-1730712629-update-application-type.ts
diff --git a/packages/schemas/alterations/next-1730712645-add-saml-app-third-party-consistency-check.ts b/packages/schemas/alterations/next-1730712645-add-saml-app-third-party-consistency-check.ts
@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table applications
+        add constraint check_saml_app_third_party_consistency
+          check (type != 'SAML' OR (type = 'SAML' AND is_third_party = true));
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table applications drop constraint check_saml_app_third_party_consistency;
+    `);
+  },
+};
+
+export default alteration;