logto-io · gao-sun · Jun 20, 2024 · Jun 19, 2024
@@ -151,19 +151,28 @@ export const createApplicationLibrary = (queries: Queries) => {
  ) => {
  if (organizationScopes) {
  await userConsentOrganizationScopes.insert(
- ...organizationScopes.map<[string, string]>((scope) => [applicationId, scope])
+ ...organizationScopes.map((scope) => ({
+ applicationId,
+ organizationScopeId: scope,
+ }))
  );
  }
 
  if (resourceScopes) {
  await userConsentResourceScopes.insert(
- ...resourceScopes.map<[string, string]>((scope) => [applicationId, scope])
+ ...resourceScopes.map((scope) => ({
+ applicationId,
+ scopeId: scope,
+ }))
  );
  }
 
  if (organizationResourceScopes) {
  await userConsentOrganizationResourceScopes.insert(
- ...organizationResourceScopes.map<[string, string]>((scope) => [applicationId, scope])
+ ...organizationResourceScopes.map((scope) => ({
+ applicationId,
+ scopeId: scope,
+ }))
  );
  }
 

@@ -82,7 +82,10 @@
 
  if (organizationRoleIds?.length) {
  await organizationQueries.relations.invitationsRoles.insert(
- ...organizationRoleIds.map<[string, string]>((roleId) => [invitation.id, roleId])
+ ...organizationRoleIds.map((roleId) => ({
+ organizationInvitationId: invitation.id,
+ organizationRoleId: roleId,
+ }))
  );
  }
 
@@ -128,7 +131,7 @@
 status: OrganizationInvitationStatus.Accepted,
 acceptedUserId: string
 ): Promise<OrganizationInvitationEntity>;
 // TODO: Error i18n
 async updateStatus(
 id: string,
 status: OrganizationInvitationStatus,
@@ -165,15 +168,18 @@
  });
  }
 
- await organizationQueries.relations.users.insert([entity.organizationId, acceptedUserId]);
+ await organizationQueries.relations.users.insert({
+ organizationId: entity.organizationId,
+ userId: acceptedUserId,
+ });
 
  if (entity.organizationRoles.length > 0) {
  await organizationQueries.relations.rolesUsers.insert(
- ...entity.organizationRoles.map<[string, string, string]>((role) => [
- entity.organizationId,
- role.id,
- acceptedUserId,
- ])
+ ...entity.organizationRoles.map((role) => ({
+ organizationId: entity.organizationId,
+ organizationRoleId: role.id,
+ userId: acceptedUserId,
+ }))
  );
  }
  break;

@@ -143,7 +143,7 @@
 );
 }

 // TODO: If the user's email is not verified, we should not provision the user into any organization.
 const provisionOrganizations = async (): Promise<readonly JitOrganization[]> => {
 // Just-in-time organization provisioning
 const userEmailDomain = data.primaryEmail?.split('@')[1];
@@ -155,18 +155,18 @@
 
  if (organizations.length > 0) {
  await organizationQueries.relations.users.insert(
- ...organizations.map<[string, string]>(({ organizationId }) => [
+ ...organizations.map(({ organizationId }) => ({
  organizationId,
- user.id,
- ])
+ userId: user.id,
+ }))
  );
 
  const data = organizations.flatMap(({ organizationId, organizationRoleIds }) =>
- organizationRoleIds.map<[string, string, string]>((organizationRoleId) => [
+ organizationRoleIds.map((organizationRoleId) => ({
  organizationId,
  organizationRoleId,
- user.id,
- ])
+ userId: user.id,
+ }))
  );
  if (data.length > 0) {
  await organizationQueries.relations.rolesUsers.insert(...data);
@@ -258,7 +258,7 @@
 };

 const addUserMfaVerification = async (userId: string, payload: BindMfa) => {
 // TODO @sijie use jsonb array append
 const { mfaVerifications } = await findUserById(userId);
 await updateUserById(userId, {
 mfaVerifications: [...mfaVerifications, converBindMfaToMfaVerification(payload)],

@@ -226,7 +226,12 @@ export const buildHandler: (
 
  if (organizationId) {
  // Check membership
- if (!(await queries.organizations.relations.users.exists(organizationId, account.accountId))) {
+ if (
+ !(await queries.organizations.relations.users.exists({
+ organizationId,
+ userId: account.accountId,
+ }))
+ ) {
  const error = new AccessDenied('user is not a member of the organization');
  error.statusCode = 403;
  throw error;

@@ -125,7 +125,7 @@
 includeOrganizationResourceScopes = true,
 includeResourceScopes = true,
 }: { includeOrganizationResourceScopes?: boolean; includeResourceScopes?: boolean } = {}
 ) => {
 const {
 applications: {
 getApplicationUserConsentOrganizationScopes,
@@ -148,7 +148,7 @@
 )
 );
 }
 // FIXME: @simeng double check if it's necessary
 // Return all the scopes for the reserved resources
 // eslint-disable-next-line @typescript-eslint/switch-exhaustiveness-check
 default: {
@@ -195,5 +195,5 @@
  accountId: string,
  organizationId: string
 ) => {
- return userConsentOrganizations.exists(applicationId, accountId, organizationId);
+ return userConsentOrganizations.exists({ applicationId, userId: accountId, organizationId });
 };
@@ -101,11 +101,11 @@ export default function applicationUserConsentOrganizationRoutes<T extends Manag
  await validateUserConsentOrganizationMembership(userId, organizationIds);
 
  await applications.userConsentOrganizations.insert(
- ...organizationIds.map<[string, string, string]>((organizationId) => [
- id,
+ ...organizationIds.map((organizationId) => ({
+ applicationId: id,
  userId,
  organizationId,
- ])
+ }))
  );
 
  ctx.status = 201;

@@ -177,12 +177,12 @@ async function handleSubmitRegister(
  // Create tenant organization and assign the admin user to it.
  // This is only for Cloud integration tests and data alignment, OSS still uses the legacy Management API user role.
  const organizationId = getTenantOrganizationId(defaultTenantId);
- await organizations.relations.users.insert([organizationId, id]);
- await organizations.relations.rolesUsers.insert([
+ await organizations.relations.users.insert({ organizationId, userId: id });
+ await organizations.relations.rolesUsers.insert({
  organizationId,
- getTenantRole(TenantRole.Admin).id,
- id,
- ]);
+ organizationRoleId: getTenantRole(TenantRole.Admin).id,
+ userId: id,
+ });
  }
 
  await assignInteractionResults(ctx, provider, { login: { accountId: id } });

@@ -71,11 +71,11 @@ export default function consentRoutes<T extends IRouterParamContext>(
  await validateUserConsentOrganizationMembership(userId, organizationIds);
 
  await queries.applications.userConsentOrganizations.insert(
- ...organizationIds.map<[string, string, string]>((organizationId) => [
+ ...organizationIds.map((organizationId) => ({
  applicationId,
  userId,
  organizationId,
- ])
+ }))
  );
  }
 

@@ -127,8 +127,8 @@ export default function organizationRoutes<T extends ManagementApiRouter>(
  const { userIds, organizationRoleIds } = ctx.guard.body;
 
  await organizations.relations.rolesUsers.insert(
- ...organizationRoleIds.flatMap<[string, string, string]>((roleId) =>
- userIds.map<[string, string, string]>((userId) => [id, roleId, userId])
+ ...organizationRoleIds.flatMap((roleId) =>
+ userIds.map((userId) => ({ organizationId: id, organizationRoleId: roleId, userId }))
  )
  );
 

@@ -24,7 +24,7 @@ export default function userRoleRelationRoutes(
  const { id, userId } = ctx.guard.params;
 
  // Ensure membership
- if (!(await organizations.relations.users.exists(id, userId))) {
+ if (!(await organizations.relations.users.exists({ organizationId: id, userId }))) {
  throw new RequestError({ code: 'organization.require_membership', status: 422 });
  }
 
@@ -87,7 +87,11 @@ export default function userRoleRelationRoutes(
  const { organizationRoleIds } = ctx.guard.body;
 
  await organizations.relations.rolesUsers.insert(
- ...organizationRoleIds.map<[string, string, string]>((roleId) => [id, roleId, userId])
+ ...organizationRoleIds.map((roleId) => ({
+ organizationId: id,
+ organizationRoleId: roleId,
+ userId,
+ }))
  );
 
  ctx.status = 201;

@@ -101,13 +101,19 @@ export default function organizationRoleRoutes<T extends ManagementApiRouter>(
 
  if (organizationScopeIds.length > 0) {
  await rolesScopes.insert(
- ...organizationScopeIds.map<[string, string]>((id) => [role.id, id])
+ ...organizationScopeIds.map((id) => ({
+ organizationRoleId: role.id,
+ organizationScopeId: id,
+ }))
  );
  }
 
  if (resourceScopeIds.length > 0) {
  await rolesResourceScopes.insert(
- ...resourceScopeIds.map<[string, string]>((id) => [role.id, id])
+ ...resourceScopeIds.map((id) => ({
+ organizationRoleId: role.id,
+ scopeId: id,
+ }))
  );
  }
 

@@ -1,5 +1,5 @@
 import { type SchemaLike, type Table } from '@logto/shared';
-import { type KeysToCamelCase } from '@silverhand/essentials';
+import { type CamelCase, type KeysToCamelCase } from '@silverhand/essentials';
 import { sql, type CommonQueryMethods } from '@silverhand/slonik';
 import snakecaseKeys from 'snakecase-keys';
 import { type z } from 'zod';
@@ -9,6 +9,10 @@ import { DeletionError } from '#src/errors/SlonikError/index.js';
 
 import { conditionalSql } from './sql.js';
 
+const camelCase = <T extends string>(string: T): CamelCase<T> =>
+ // eslint-disable-next-line no-restricted-syntax, @typescript-eslint/no-unsafe-return, @typescript-eslint/no-unsafe-call
+ string.replaceAll(/_([a-z])/g, (_, letter) => letter.toUpperCase()) as CamelCase<T>;
+
 type AtLeast2<T extends unknown[]> = `${T['length']}` extends '0' | '1' ? never : T;
 
 type TableInfo<
@@ -56,11 +60,11 @@ export type GetEntitiesOptions = {
  * To insert a new relation, we can use the {@link RelationQueries.insert} method:
  *
  * ```ts
- * await userGroupRelations.insert(['user-id-1', 'group-id-1']);
+ * await userGroupRelations.insert({ userId: 'user-id-1', groupId: 'group-id-1' });
  * // Insert multiple relations at once
  * await userGroupRelations.insert(
- * ['user-id-1', 'group-id-1'],
- * ['user-id-2', 'group-id-1']
+ * { userId: 'user-id-1', groupId: 'group-id-1' },
+ * { userId: 'user-id-2', groupId: 'group-id-1' }
  * );
  * ```
  *
@@ -111,15 +115,15 @@ export default class RelationQueries<
  * ```ts
  * const userGroupRelations = new RelationQueries(pool, 'user_group_relations', Users, Groups);
  *
- * userGroupRelations.insert(['user-id-1', 'group-id-1']);
+ * userGroupRelations.insert({ userId: 'user-id-1', groupId: 'group-id-1' });
  * // Insert multiple relations at once
  * userGroupRelations.insert(
- * ['user-id-1', 'group-id-1'],
- * ['user-id-2', 'group-id-1']
+ * { userId: 'user-id-1', groupId: 'group-id-1' },
+ * { userId: 'user-id-2', groupId: 'group-id-1' }
  * );
  * ```
  */
- async insert(...data: ReadonlyArray<string[] & { length: Length }>) {
+ async insert(...data: ReadonlyArray<CamelCaseIdObject<Schemas[number]['tableSingular']>>) {
  return this.pool.query(sql`
  insert into ${this.table} (${sql.join(
  this.schemas.map(({ tableSingular }) => sql.identifier([tableSingular + '_id'])),
@@ -129,7 +133,10 @@ export default class RelationQueries<
  data.map(
  (relation) =>
  sql`(${sql.join(
- relation.map((id) => sql`${id}`),
+ this.schemas.map(
+ // @ts-expect-error `tableSingular` loses its type here
+ ({ tableSingular }) => sql`${relation[camelCase(tableSingular + '_id')]}`
+ ),
  sql`, `
  )})`
  ),
@@ -240,17 +247,20 @@ export default class RelationQueries<
  * ```ts
  * const userGroupRelations = new RelationQueries(pool, 'user_group_relations', Users, Groups);
  *
- * userGroupRelations.exists('user-id-1', 'group-id-1');
+ * userGroupRelations.exists({ userId: 'user-id-1', groupId: 'group-id-1' });
  * ```
  */
- async exists(...ids: readonly string[] & { length: Length }) {
+ async exists(ids: CamelCaseIdObject<Schemas[number]['tableSingular']>) {
  return this.pool.exists(sql`
  select
  from ${this.table}
  where ${sql.join(
  this.schemas.map(
- ({ tableSingular }, index) =>
- sql`${sql.identifier([tableSingular + '_id'])} = ${ids[index] ?? sql`null`}`
+ ({ tableSingular }) =>
+ sql`${sql.identifier([tableSingular + '_id'])} = ${
+ // @ts-expect-error `tableSingular` loses its type here
+ ids[camelCase(tableSingular + '_id')]
+ }`
  ),
  sql` and `
  )}

@@ -251,7 +251,10 @@
  } = ctx.guard;
 
  await relationQueries.insert(
- ...(relationIds?.map<[string, string]>((relationId) => [id, relationId]) ?? [])
+ ...(relationIds?.map((relationId) => ({
+ [columns.schemaId]: id,
+ [columns.relationSchemaId]: relationId,
+ })) ?? [])
  );
  appendHookContext(ctx, id);
  ctx.status = 201;
@@ -335,7 +338,7 @@
 koaGuard({
 body: schema.createGuard.omit({ id: true }),
 response: entityGuard ?? schema.guard,
 status: [201], // TODO: 409/422 for conflict?
 }),
 async (ctx, next) => {
 // eslint-disable-next-line no-restricted-syntax -- `.omit()` doesn't play well with generics
@@ -371,7 +374,7 @@
 params: z.object({ id: z.string().min(1) }),
 body: schema.updateGuard,
 response: entityGuard ?? schema.guard,
 status: [200, 404], // TODO: 409/422 for conflict?
 }),
 async (ctx, next) => {
 ctx.body = await queries.updateById(ctx.guard.params.id, ctx.guard.body);