-
-
Notifications
You must be signed in to change notification settings - Fork 449
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
…tion-secrets-table feat(schemas): add `saml_application_secres` table
- Loading branch information
Showing
2 changed files
with
62 additions
and
0 deletions.
There are no files selected for viewing
40 changes: 40 additions & 0 deletions
40
packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| import { sql } from '@silverhand/slonik'; | ||
|
|
||
| import type { AlterationScript } from '../lib/types/alteration.js'; | ||
|
|
||
| import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js'; | ||
|
|
||
| const alteration: AlterationScript = { | ||
| up: async (pool) => { | ||
| await pool.query(sql` | ||
| create table saml_application_secrets ( | ||
| id varchar(21) not null, | ||
| tenant_id varchar(21) not null | ||
| references tenants (id) on update cascade on delete cascade, | ||
| application_id varchar(21) not null | ||
| references applications (id) on update cascade on delete cascade, | ||
| private_key text not null, | ||
| certificate text not null, | ||
| created_at timestamptz not null default now(), | ||
| expires_at timestamptz not null, | ||
| active boolean not null, | ||
| primary key (tenant_id, application_id, id), | ||
| constraint application_type | ||
| check (check_application_type(application_id, 'SAML')) | ||
| ); | ||
| create unique index saml_application_secrets__unique_active_secret | ||
| on saml_application_secrets (tenant_id, application_id, active) | ||
| where active; | ||
| `); | ||
| await applyTableRls(pool, 'saml_application_secrets'); | ||
| }, | ||
| down: async (pool) => { | ||
| await dropTableRls(pool, 'saml_application_secrets'); | ||
| await pool.query(sql` | ||
| drop table saml_application_secrets; | ||
| `); | ||
| }, | ||
| }; | ||
|
|
||
| export default alteration; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| /* init_order = 2 */ | ||
|
|
||
| create table saml_application_secrets ( | ||
| id varchar(21) not null, | ||
| tenant_id varchar(21) not null | ||
| references tenants (id) on update cascade on delete cascade, | ||
| application_id varchar(21) not null | ||
| references applications (id) on update cascade on delete cascade, | ||
| private_key text not null, | ||
| certificate text not null, | ||
| created_at timestamptz not null default now(), | ||
| expires_at timestamptz not null, | ||
| active boolean not null, | ||
| primary key (tenant_id, application_id, id), | ||
| constraint application_type | ||
| check (check_application_type(application_id, 'SAML')) | ||
| ); | ||
|
|
||
| -- Only one active secret per application | ||
| create unique index saml_application_secrets__unique_active_secret | ||
| on saml_application_secrets (tenant_id, application_id, active) | ||
| where active; |