feat: introduce app configs with shared auth clients (#1213)

2023-08-16 15:46:43 +02:00
parent 25983e046c
commit 3b54b29a99
47 changed files with 1504 additions and 113 deletions
--- a/packages/backend/src/db/migrations/20230812132005_create_app_configs.ts
+++ b/packages/backend/src/db/migrations/20230812132005_create_app_configs.ts
@@ -0,0 +1,17 @@
+import { Knex } from 'knex';
+
+export async function up(knex: Knex): Promise<void> {
+  return knex.schema.createTable('app_configs', (table) => {
+    table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
+    table.string('key').unique().notNullable();
+    table.boolean('allow_custom_connection').notNullable().defaultTo(false);
+    table.boolean('shared').notNullable().defaultTo(false);
+    table.boolean('disabled').notNullable().defaultTo(false);
+
+    table.timestamps(true, true);
+  });
+}
+
+export async function down(knex: Knex): Promise<void> {
+  return knex.schema.dropTable('app_configs');
+}
--- a/packages/backend/src/db/migrations/20230813172729_create_app_auth_clients.ts
+++ b/packages/backend/src/db/migrations/20230813172729_create_app_auth_clients.ts
@@ -0,0 +1,17 @@
+import { Knex } from 'knex';
+
+export async function up(knex: Knex): Promise<void> {
+  return knex.schema.createTable('app_auth_clients', (table) => {
+    table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
+    table.string('name').unique().notNullable();
+    table.uuid('app_config_id').notNullable().references('id').inTable('app_configs');
+    table.text('auth_defaults').notNullable();
+    table.boolean('active').notNullable().defaultTo(false);
+
+    table.timestamps(true, true);
+  });
+}
+
+export async function down(knex: Knex): Promise<void> {
+  return knex.schema.dropTable('app_auth_clients');
+}
--- a/packages/backend/src/db/migrations/20230815161102_add_app_auth_client_id_in_connections.ts
+++ b/packages/backend/src/db/migrations/20230815161102_add_app_auth_client_id_in_connections.ts
@@ -0,0 +1,13 @@
+import { Knex } from 'knex';
+
+export async function up(knex: Knex): Promise<void> {
+  await knex.schema.table('connections', async (table) => {
+    table.uuid('app_auth_client_id').references('id').inTable('app_auth_clients');
+  });
+}
+
+export async function down(knex: Knex): Promise<void> {
+  return await knex.schema.table('connections', (table) => {
+    table.dropColumn('app_auth_client_id');
+  });
+}
--- a/packages/backend/src/db/migrations/20230816121044_seed_update_app_permissions_to_admin.ts
+++ b/packages/backend/src/db/migrations/20230816121044_seed_update_app_permissions_to_admin.ts
@@ -0,0 +1,33 @@
+import { Knex } from 'knex';
+
+const getPermissionForRole = (
+  roleId: string,
+  subject: string,
+  actions: string[]
+) =>
+  actions.map((action) => ({
+    role_id: roleId,
+    subject,
+    action,
+    conditions: [],
+  }));
+
+export async function up(knex: Knex): Promise<void> {
+  const role = (await knex('roles')
+    .first(['id', 'key'])
+    .where({ key: 'admin' })
+    .limit(1)) as { id: string; key: string };
+
+  await knex('permissions').insert(
+    getPermissionForRole(role.id, 'App', [
+      'create',
+      'read',
+      'delete',
+      'update',
+    ])
+  );
+}
+
+export async function down(knex: Knex): Promise<void> {
+  await knex('permissions').where({ subject: 'App' }).delete();
+}