From 70fb40e87787bfeb664d149c290166231d44335c Mon Sep 17 00:00:00 2001 From: santan maddi Date: Thu, 24 Apr 2025 17:32:53 +0800 Subject: [PATCH 1/4] upgrade slonik to 31.0.0-beta.3 --- packages/cli/package.json | 2 +- packages/core/package.json | 2 +- packages/schemas/package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/cli/package.json b/packages/cli/package.json index 3126e7043b..a7db280133 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -47,7 +47,7 @@ "@logto/schemas": "workspace:1.23.1", "@logto/shared": "workspace:^3.1.2", "@silverhand/essentials": "^2.9.1", - "@silverhand/slonik": "31.0.0-beta.2", + "@silverhand/slonik": "31.0.0-beta.3", "chalk": "^5.3.0", "decamelize": "^6.0.0", "dotenv": "^16.4.5", diff --git a/packages/core/package.json b/packages/core/package.json index e32aca6b2a..bf3a872645 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -47,7 +47,7 @@ "@logto/schemas": "workspace:^1.23.1", "@logto/shared": "workspace:^3.1.2", "@silverhand/essentials": "^2.9.1", - "@silverhand/slonik": "31.0.0-beta.2", + "@silverhand/slonik": "31.0.0-beta.3", "@simplewebauthn/server": "^10.0.0", "@withtyped/client": "^0.8.8", "camelcase": "^8.0.0", diff --git a/packages/schemas/package.json b/packages/schemas/package.json index 41e4690043..78ca914b1f 100644 --- a/packages/schemas/package.json +++ b/packages/schemas/package.json @@ -41,7 +41,7 @@ "devDependencies": { "@silverhand/eslint-config": "6.0.1", "@silverhand/essentials": "^2.9.1", - "@silverhand/slonik": "31.0.0-beta.2", + "@silverhand/slonik": "31.0.0-beta.3", "@silverhand/ts-config": "6.0.0", "@types/inquirer": "^9.0.0", "@types/node": "^20.9.5", From c9eb324142061247c15587a3f641552065a8488c Mon Sep 17 00:00:00 2001 From: santan maddi Date: Thu, 15 May 2025 13:51:53 +0800 Subject: [PATCH 2/4] use search path in options --- .../cli/src/commands/database/seed/tables.ts | 14 +++++++-- packages/cli/src/queries/database.ts | 8 +++++ ...-privileges-for-admin-and-default-users.ts | 31 ++++++++++++------- packages/schemas/tables/_before_all.sql | 9 ++---- 4 files changed, 41 insertions(+), 21 deletions(-) diff --git a/packages/cli/src/commands/database/seed/tables.ts b/packages/cli/src/commands/database/seed/tables.ts index 4b959fb102..7f03984fe1 100644 --- a/packages/cli/src/commands/database/seed/tables.ts +++ b/packages/cli/src/commands/database/seed/tables.ts @@ -35,7 +35,7 @@ import type { DatabaseTransactionConnection } from '@silverhand/slonik'; import { sql } from '@silverhand/slonik'; import { insertInto } from '../../../database.js'; -import { getDatabaseName, getDatabaseUser } from '../../../queries/database.js'; +import { getDatabaseName, getDatabaseUser, getSchemaName } from '../../../queries/database.js'; import { updateDatabaseTimestamp } from '../../../queries/system.js'; import { convertToIdentifiers } from '../../../sql.js'; import { consoleLog, getPathInModule } from '../../../utils.js'; @@ -101,7 +101,13 @@ export const createTables = async ( const runLifecycleQuery = async ( lifecycle: Lifecycle, - parameters: { name?: string; database?: string; databaseUser?: string; password?: string } = {} + parameters: { + name?: string; + database?: string; + databaseUser?: string; + password?: string; + schema?: string; + } = {} ) => { const query = queries.find(([file]) => file.slice(1, -4) === lifecycle)?.[1]; @@ -114,6 +120,7 @@ export const createTables = async ( .replaceAll('${database}', parameters.database ?? '') .replaceAll('${password}', parameters.password ?? '') .replaceAll('${databaseUser}', parameters.databaseUser ?? '') + .replaceAll('${schema}', parameters.schema ?? '') /* eslint-enable no-template-curly-in-string */ )}` ); @@ -128,8 +135,9 @@ export const createTables = async ( const database = await getDatabaseName(connection, true); const password = encryptBaseRole ? generateStandardId(32) : ''; const databaseUser = await getDatabaseUser(connection); + const schema = await getSchemaName(connection, true); - await runLifecycleQuery('before_all', { database, password, databaseUser }); + await runLifecycleQuery('before_all', { database, password, databaseUser, schema }); /* eslint-disable no-await-in-loop */ for (const [file, query] of sorted) { diff --git a/packages/cli/src/queries/database.ts b/packages/cli/src/queries/database.ts index f70d0ec24f..183d026796 100644 --- a/packages/cli/src/queries/database.ts +++ b/packages/cli/src/queries/database.ts @@ -16,3 +16,11 @@ export const getDatabaseUser = async (pool: CommonQueryMethods) => { return currentUser; }; + +export const getSchemaName = async (pool: CommonQueryMethods, normalized = false) => { + const { currentSchema } = await pool.one<{ currentSchema: string }>(sql` + SELECT current_schema; + `); + + return normalized ? currentSchema.replaceAll('-', '_') : currentSchema; +}; diff --git a/packages/schemas/alterations/1.23.1-1735292381-data2evidence-add-privileges-for-admin-and-default-users.ts b/packages/schemas/alterations/1.23.1-1735292381-data2evidence-add-privileges-for-admin-and-default-users.ts index 6b4993c586..78e08e37db 100644 --- a/packages/schemas/alterations/1.23.1-1735292381-data2evidence-add-privileges-for-admin-and-default-users.ts +++ b/packages/schemas/alterations/1.23.1-1735292381-data2evidence-add-privileges-for-admin-and-default-users.ts @@ -10,47 +10,54 @@ const getDatabaseName = async (pool: CommonQueryMethods) => { return currentDatabase.replaceAll('-', '_'); }; + +const getSchemaName = async (pool: CommonQueryMethods) => { + const { currentSchema } = await pool.one<{ currentSchema: string }>(sql` + SELECT current_schema; + `); + + return currentSchema.replaceAll('-', '_'); +}; + const getId = (value: string) => sql.identifier([value]); const alteration: AlterationScript = { up: async (pool) => { const database = await getDatabaseName(pool); + const schema = getId(`${await getSchemaName(pool)}`); const adminId = getId(`logto_tenant_${database}_admin`); const defaultId = getId(`logto_tenant_${database}_default`); await pool.query(sql` - GRANT USAGE ON SCHEMA logto TO ${defaultId}; - GRANT USAGE ON SCHEMA logto TO ${adminId}; + GRANT USAGE ON SCHEMA ${schema} TO ${defaultId}; + GRANT USAGE ON SCHEMA ${schema} TO ${adminId}; grant select, insert, update, delete on all tables - in schema logto + in schema ${schema} to ${adminId}; grant select, insert, update, delete on all tables - in schema logto + in schema ${schema} to ${defaultId}; - ALTER ROLE ${adminId} SET search_path = logto; - ALTER ROLE ${defaultId} SET search_path = logto; `); }, down: async (pool) => { const database = await getDatabaseName(pool); + const schema = getId(`${await getSchemaName(pool)}`); const adminId = getId(`logto_tenant_${database}_admin`); const defaultId = getId(`logto_tenant_${database}_default`); await pool.query(sql` - revoke usage on schema logto from ${adminId}; - ALTER ROLE ${adminId} SET search_path = "$user", public; + revoke usage on schema ${schema} from ${adminId}; revoke all privileges on all tables - in schema logto + in schema ${schema} from ${adminId}; `); await pool.query(sql` - revoke usage on schema logto from ${defaultId}; - ALTER ROLE ${defaultId} SET search_path = "$user", public; + revoke usage on schema ${schema} from ${defaultId}; revoke all privileges on all tables - in schema logto + in schema ${schema} from ${defaultId}; `); }, diff --git a/packages/schemas/tables/_before_all.sql b/packages/schemas/tables/_before_all.sql index 8e45005d76..81fb623a61 100644 --- a/packages/schemas/tables/_before_all.sql +++ b/packages/schemas/tables/_before_all.sql @@ -1,8 +1,5 @@ /* This SQL will run before all other queries. */ -create schema if not exists logto; -set search_path = logto, "$user"; -alter role ${databaseUser} set search_path = logto, "$user"; -create role logto_tenant_${database} password '${password}' noinherit; -GRANT USAGE ON SCHEMA logto TO logto_tenant_${database}; -ALTER ROLE logto_tenant_${database} SET search_path = logto, "$user"; \ No newline at end of file +create schema if not exists ${schema}; +create role logto_tenant_${database} password '${password}' noinherit; +GRANT USAGE ON SCHEMA ${schema} TO logto_tenant_${database}; \ No newline at end of file From 2531cd22cb7f660ceec5c9f02969e5d35e2eb44e Mon Sep 17 00:00:00 2001 From: santan maddi Date: Thu, 15 May 2025 13:59:57 +0800 Subject: [PATCH 3/4] update pnpm lock --- pnpm-lock.yaml | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 7b0e5d702c..d2e67d3595 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -120,8 +120,8 @@ importers: specifier: ^2.9.1 version: 2.9.1 '@silverhand/slonik': - specifier: 31.0.0-beta.2 - version: 31.0.0-beta.2 + specifier: 31.0.0-beta.3 + version: 31.0.0-beta.3 chalk: specifier: ^5.3.0 version: 5.3.0 @@ -3204,8 +3204,8 @@ importers: specifier: ^2.9.1 version: 2.9.1 '@silverhand/slonik': - specifier: 31.0.0-beta.2 - version: 31.0.0-beta.2 + specifier: 31.0.0-beta.3 + version: 31.0.0-beta.3 '@simplewebauthn/server': specifier: ^10.0.0 version: 10.0.0 @@ -4242,8 +4242,8 @@ importers: specifier: ^2.9.1 version: 2.9.1 '@silverhand/slonik': - specifier: 31.0.0-beta.2 - version: 31.0.0-beta.2 + specifier: 31.0.0-beta.3 + version: 31.0.0-beta.3 '@silverhand/ts-config': specifier: 6.0.0 version: 6.0.0(typescript@5.5.3) @@ -6603,8 +6603,8 @@ packages: resolution: {integrity: sha512-bD+82D9Dfa1F5xX1kfdR5ODIoJS41NOxTuHx4shVS5A4/ayEG+ZplpDDjB19fsa7kZXgSgD75R4sUCXjm88x6w==} engines: {node: ^18.12.0 || ^20.9.0 || ^22.0.0, pnpm: ^9.0.0} - '@silverhand/slonik@31.0.0-beta.2': - resolution: {integrity: sha512-4IM57Er5We8+hT8IY9z5La1JAGNRFZ63tp3N0XYUYTNV9fLfUXF78yT+PoW4arnf4qc+4n498bMmKgFmt/mo9Q==} + '@silverhand/slonik@31.0.0-beta.3': + resolution: {integrity: sha512-vY+IA8//3YNe5oewnUjqeAJ2zGHczh/F/d3hQNxK4XHH397TDx5uOScjLncChXtFjIpJZRJyfTw1j3qGZMu4CA==} engines: {node: ^20.9.0} '@silverhand/ts-config-react@6.0.0': @@ -12213,6 +12213,9 @@ packages: pg-protocol@1.6.0: resolution: {integrity: sha512-M+PDm637OY5WM307051+bsDia5Xej6d9IR4GwJse1qA1DIhiKlksvrneZOYQq42OM+spubpcNYEo2FcKQrDk+Q==} + pg-protocol@1.8.0: + resolution: {integrity: sha512-jvuYlEkL03NRvOoyoRktBK7+qU5kOvlAwvmrH8sr3wbLrOdVWsRxQfz8mMy9sZFsqJ1hEWNfdWKI4SAmoL+j7g==} + pg-types@2.2.0: resolution: {integrity: sha512-qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA==} engines: {node: '>=4'} @@ -17020,10 +17023,10 @@ snapshots: eslint-config-prettier: 9.1.0(eslint@8.57.0) eslint-config-xo: 0.44.0(eslint@8.57.0) eslint-config-xo-typescript: 4.0.0(@typescript-eslint/eslint-plugin@7.7.0(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3))(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3) - eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0) + eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0) eslint-plugin-consistent-default-export-name: 0.0.15 eslint-plugin-eslint-comments: 3.2.0(eslint@8.57.0) - eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0) + eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0) eslint-plugin-n: 17.2.1(eslint@8.57.0) eslint-plugin-no-use-extend-native: 0.5.0 eslint-plugin-prettier: 5.1.3(eslint-config-prettier@9.1.0(eslint@8.57.0))(eslint@8.57.0)(prettier@3.0.0) @@ -17051,7 +17054,7 @@ snapshots: '@silverhand/essentials@2.9.2': {} - '@silverhand/slonik@31.0.0-beta.2': + '@silverhand/slonik@31.0.0-beta.3': dependencies: '@types/pg': 8.11.2 camelcase: 8.0.0 @@ -17061,7 +17064,7 @@ snapshots: p-defer: 4.0.0 pg: 8.11.3 pg-cursor: 2.10.3(pg@8.11.3) - pg-protocol: 1.6.0 + pg-protocol: 1.8.0 pg-types: 4.0.2 postgres-array: 3.0.2 postgres-interval: 4.0.2 @@ -17938,7 +17941,7 @@ snapshots: '@types/pg@8.11.2': dependencies: '@types/node': 20.12.7 - pg-protocol: 1.6.0 + pg-protocol: 1.8.0 pg-types: 4.0.2 '@types/pg@8.6.6': @@ -20472,13 +20475,13 @@ snapshots: transitivePeerDependencies: - supports-color - eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0): + eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0): dependencies: debug: 4.3.5 enhanced-resolve: 5.16.0 eslint: 8.57.0 - eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0) - eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0) + eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0) + eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0) fast-glob: 3.3.2 get-tsconfig: 4.7.3 is-core-module: 2.13.1 @@ -20489,14 +20492,14 @@ snapshots: - eslint-import-resolver-webpack - supports-color - eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0): + eslint-module-utils@2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0): dependencies: debug: 3.2.7 optionalDependencies: '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.5.3) eslint: 8.57.0 eslint-import-resolver-node: 0.3.9 - eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0) + eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1)(eslint@8.57.0) transitivePeerDependencies: - supports-color @@ -20518,7 +20521,7 @@ snapshots: eslint: 8.57.0 ignore: 5.3.1 - eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0): + eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0): dependencies: array-includes: 3.1.8 array.prototype.findlastindex: 1.2.5 @@ -20528,7 +20531,7 @@ snapshots: doctrine: 2.1.0 eslint: 8.57.0 eslint-import-resolver-node: 0.3.9 - eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0))(eslint@8.57.0))(eslint@8.57.0) + eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0) hasown: 2.0.2 is-core-module: 2.13.1 is-glob: 4.0.3 @@ -24409,6 +24412,8 @@ snapshots: pg-protocol@1.6.0: {} + pg-protocol@1.8.0: {} + pg-types@2.2.0: dependencies: pg-int8: 1.0.1 @@ -24433,7 +24438,7 @@ snapshots: packet-reader: 1.0.0 pg-connection-string: 2.6.2 pg-pool: 3.6.1(pg@8.11.3) - pg-protocol: 1.6.0 + pg-protocol: 1.8.0 pg-types: 2.2.0 pgpass: 1.0.4 optionalDependencies: From fb7d6acf8f5916f3d089b46f5f9c00641c07b3ac Mon Sep 17 00:00:00 2001 From: santan maddi Date: Thu, 15 May 2025 15:48:37 +0800 Subject: [PATCH 4/4] fix typo --- packages/cli/src/queries/database.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/cli/src/queries/database.ts b/packages/cli/src/queries/database.ts index 183d026796..b8c446d2b1 100644 --- a/packages/cli/src/queries/database.ts +++ b/packages/cli/src/queries/database.ts @@ -19,7 +19,7 @@ export const getDatabaseUser = async (pool: CommonQueryMethods) => { export const getSchemaName = async (pool: CommonQueryMethods, normalized = false) => { const { currentSchema } = await pool.one<{ currentSchema: string }>(sql` - SELECT current_schema; + SELECT current_schema(); `); return normalized ? currentSchema.replaceAll('-', '_') : currentSchema;