CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
90ca97339d
stack/packages/stack-server/prisma/schema.prisma
Stan Wohlwend 9ff2cff5c5
Organizations & RBAC (#22) 
* added organizations route

* added orgganizations/[orgId] and orgganizations/[orgId]/users routes

* added more routes

* restructured dashboard pages, added organization page

* fixed redirect bug

* updated sidebar

* added mock orgnizations

* fixed breadcrumbs

* added edit org modal

* added memeber table

* added permission table

* Orgs & perms backend

* Fix build errors

* updated permission ui

* org -> team for frontend

* added enable team UI

* Stack App for teams

* formatted schema

* renamed all orgs to teams

* fixed docusaurus bug

* disabled docusaurus build progress bar

* added member profile and direct permission to profile

* removed dead code, memberProfile -> member

* removed teams attribute from the user object

* added /teams endpoint

* added create team endpoint

* added add-user endpoint

* moved add-user

* added server side get teams

* updated schema formatting

* added team enabled endpoints

* fixed type error

* moved get current teams to current-user/teams

* improved interface

* added create team

* hooked up team to frontend

* added hooked up team name with team member page

* added list team users

* added useUsers to team object

* fixed list team user bug

* added team update

* added list permissions and use permission on app

* added create permission

* list permission

* added permission list

* added inherited permission list

* add edit permission model

* restructured permission graph

* updated style

* added delete permission

* fixed delete permission bug

* added inheritence update

* fixed await bug

* fixed selection bug

* added permission update

* fixed update bug

* fixed team update refresh

* added remove user from team

* restructured permission and permission definition

* updated permission definition structure

* updated list permissions and grant permissions

* fixed list user permissions

* added grant permission

* fixed list permission

* added direct option to list team use permission

* fixed bugs

* fixed bugs

* added revoke permission

* inherited from -> contains

* added client list permission

* restructured stack-app teams and permissions

* fixed server teams and permissions

* fixed bug

* fixed bugs

* added teams pages to demo

* added styled component compiler

* added list teams

* added join and leave teams

* fixed prisma onDelete

* fixed type bugs

* removed on permission change for now

* added member

* fixed user and server user

* fixed imports

* added create team

* added more content to demo

* fixed recursion bug

* fixed recursion stack out of bound bug

* removed teamsEnabled

* added create team on sign-up options

* added create team on signup

* queriable -> queryable, fixed migration file

* fixed migration file

* fixed demo build error

* fixed license accidental change

* fixed tab styling

* added required to create permission id

* added more ui error hints

* fixed seed wrong setting

* default team name

* improved permission list ui

* improved demo display

* Update README.md

---------

Co-authored-by: Zai Shi <zaishi00@outlook.com>
2024-05-08 12:43:56 +02:00

428 lines
12 KiB
Plaintext
Raw Blame History

// This is your Prisma schema file,
// learn more about it in the docs: https://pris.ly/d/prisma-schema
generator client {
provider = "prisma-client-js"
}
datasource db {
provider = "postgresql"
url = env("DATABASE_CONNECTION_STRING")
directUrl = env("DIRECT_DATABASE_CONNECTION_STRING")
}
model Project {
// Note that the project with ID `internal` is handled as a special case.
id String @id
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
displayName String
description String? @default("")
configId String @db.Uuid
config ProjectConfig @relation(fields: [configId], references: [id])
configOverride ProjectConfigOverride?
isProductionMode Boolean
users ProjectUser[] @relation("ProjectUsers")
teams Team[]
apiKeySets ApiKeySet[]
}
// Contains all the configuration for a project.
//
// More specifically, "configuration" is what we call those settings that only depend on environment variables and overrides between different deployments.
model ProjectConfig {
id String @id @default(uuid()) @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
allowLocalhost Boolean
credentialEnabled Boolean
magicLinkEnabled Boolean
createTeamOnSignUp Boolean
projects Project[]
oauthProviderConfigs OAuthProviderConfig[]
emailServiceConfig EmailServiceConfig?
domains ProjectDomain[]
permissions Permission[]
}
model ProjectDomain {
projectConfigId String @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
domain String
handlerPath String
projectConfig ProjectConfig @relation(fields: [projectConfigId], references: [id])
@@unique([projectConfigId, domain])
}
// Environment-specific overrides for a configuration.
//
// This is a quick and dirty way to allow for environment-specific overrides of the configuration.
//
// For most cases, you should prefer to use environment variables.
//
// Note: Overrides (and environment variables) are currently unimplemented, so this model is empty.
model ProjectConfigOverride {
projectId String @id
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
project Project @relation(fields: [projectId], references: [id])
}
model Team {
projectId String
teamId String @default(uuid()) @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
displayName String
project Project @relation(fields: [projectId], references: [id])
permissions Permission[]
teamMembers TeamMember[]
@@id([projectId, teamId])
}
model TeamMember {
projectId String
projectUserId String @db.Uuid
teamId String @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
team Team @relation(fields: [projectId, teamId], references: [projectId, teamId], onDelete: Cascade)
directPermissions TeamMemberDirectPermission[]
@@id([projectId, projectUserId, teamId])
}
model TeamMemberDirectPermission {
projectId String
projectUserId String @db.Uuid
teamId String @db.Uuid
permissionDbId String @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
teamMember TeamMember @relation(fields: [projectId, projectUserId, teamId], references: [projectId, projectUserId, teamId], onDelete: Cascade)
permission Permission @relation(fields: [permissionDbId], references: [dbId], onDelete: Cascade)
@@id([projectId, projectUserId, teamId, permissionDbId])
}
model Permission {
// The ID of this permission, as is chosen by and exposed to the user. It is different from the database ID, which is randomly generated and only used internally.
queryableId String
// The database ID of this permission. This is never exposed to any client and is only used to make sure the database has an ID column.
dbId String @id @default(uuid()) @db.Uuid
// exactly one of [projectConfigId && projectConfig] or [projectId && teamId && team] must be set
projectConfigId String? @db.Uuid
projectId String?
teamId String? @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
description String?
// The scope of the permission. If projectConfigId is set, may be GLOBAL or TEAM; if teamId is set, must be TEAM.
scope PermissionScope
projectConfig ProjectConfig? @relation(fields: [projectConfigId], references: [id])
team Team? @relation(fields: [projectId, teamId], references: [projectId, teamId])
parentEdges PermissionEdge[] @relation("ChildPermission")
childEdges PermissionEdge[] @relation("ParentPermission")
teamMemberDirectPermission TeamMemberDirectPermission[]
@@unique([projectConfigId, queryableId])
@@unique([projectId, teamId, queryableId])
}
enum PermissionScope {
GLOBAL
TEAM
}
model PermissionEdge {
edgeId String @id @default(uuid()) @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
parentPermissionDbId String @db.Uuid
parentPermission Permission @relation("ParentPermission", fields: [parentPermissionDbId], references: [dbId], onDelete: Cascade)
childPermissionDbId String @db.Uuid
childPermission Permission @relation("ChildPermission", fields: [childPermissionDbId], references: [dbId], onDelete: Cascade)
}
model ProjectUser {
projectId String
projectUserId String @default(uuid()) @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
project Project @relation("ProjectUsers", fields: [projectId], references: [id])
projectUserRefreshTokens ProjectUserRefreshToken[]
projectUserAuthorizationCodes ProjectUserAuthorizationCode[]
projectUserOAuthAccounts ProjectUserOAuthAccount[]
projectUserEmailVerificationCode ProjectUserEmailVerificationCode[]
projectUserPasswordResetCode ProjectUserPasswordResetCode[]
projectUserMagicLinkCode ProjectUserMagicLinkCode[]
teamMembers TeamMember[]
primaryEmail String?
primaryEmailVerified Boolean
profileImageUrl String?
displayName String?
passwordHash String?
authWithEmail Boolean
serverMetadata Json?
clientMetadata Json?
@@id([projectId, projectUserId])
}
model ProjectUserOAuthAccount {
projectId String
projectUserId String @db.Uuid
projectConfigId String @db.Uuid
oauthProviderConfigId String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
providerConfig OAuthProviderConfig @relation(fields: [projectConfigId, oauthProviderConfigId], references: [projectConfigId, id])
projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
email String?
providerAccountId String
providerRefreshToken String?
@@id([projectId, oauthProviderConfigId, providerAccountId])
}
model ProjectUserRefreshToken {
projectId String
projectUserId String @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
refreshToken String @unique
expiresAt DateTime?
projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
@@id([projectId, refreshToken])
}
model ProjectUserAuthorizationCode {
projectId String
projectUserId String @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
authorizationCode String @unique
redirectUri String
expiresAt DateTime
codeChallenge String
codeChallengeMethod String
newUser Boolean
projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
@@id([projectId, authorizationCode])
}
model ProjectUserEmailVerificationCode {
projectId String
projectUserId String @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
code String @unique
expiresAt DateTime
usedAt DateTime?
redirectUrl String
projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
@@id([projectId, code])
}
model ProjectUserPasswordResetCode {
projectId String
projectUserId String @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
code String @unique
expiresAt DateTime
usedAt DateTime?
redirectUrl String
projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
@@id([projectId, code])
}
model ProjectUserMagicLinkCode {
projectId String
projectUserId String @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
code String @unique
expiresAt DateTime
usedAt DateTime?
redirectUrl String
newUser Boolean
projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)
@@id([projectId, code])
}
//#region API keys
model ApiKeySet {
projectId String
project Project @relation(fields: [projectId], references: [id])
id String @default(uuid()) @db.Uuid
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
description String
expiresAt DateTime
manuallyRevokedAt DateTime?
publishableClientKey String? @unique
secretServerKey String? @unique
superSecretAdminKey String? @unique
@@id([projectId, id])
}
model EmailServiceConfig {
projectConfigId String @id @db.Uuid
projectConfig ProjectConfig @relation(fields: [projectConfigId], references: [id])
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
senderName String
proxiedEmailServiceConfig ProxiedEmailServiceConfig?
standardEmailServiceConfig StandardEmailServiceConfig?
}
model ProxiedEmailServiceConfig {
projectConfigId String @id @db.Uuid
emailServiceConfig EmailServiceConfig @relation(fields: [projectConfigId], references: [projectConfigId])
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
}
model StandardEmailServiceConfig {
projectConfigId String @id @db.Uuid
emailServiceConfig EmailServiceConfig @relation(fields: [projectConfigId], references: [projectConfigId])
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
senderEmail String
host String
port Int
username String
password String
}
//#endregion
//#region OAuth
// Exactly one of the xyzOAuthConfig variables should be set.
model OAuthProviderConfig {
projectConfigId String @db.Uuid
projectConfig ProjectConfig @relation(fields: [projectConfigId], references: [id])
id String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
enabled Boolean @default(true)
proxiedOAuthConfig ProxiedOAuthProviderConfig?
standardOAuthConfig StandardOAuthProviderConfig?
projectUserOAuthAccounts ProjectUserOAuthAccount[]
@@id([projectConfigId, id])
}
model ProxiedOAuthProviderConfig {
projectConfigId String @db.Uuid
providerConfig OAuthProviderConfig @relation(fields: [projectConfigId, id], references: [projectConfigId, id])
id String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
type ProxiedOAuthProviderType
@@id([projectConfigId, id])
@@unique([projectConfigId, type])
}
enum ProxiedOAuthProviderType {
GITHUB
FACEBOOK
GOOGLE
MICROSOFT
}
model StandardOAuthProviderConfig {
projectConfigId String @db.Uuid
providerConfig OAuthProviderConfig @relation(fields: [projectConfigId, id], references: [projectConfigId, id])
id String
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
type StandardOAuthProviderType
tenantId String? // Currently only used for Microsoft
clientId String
clientSecret String
@@id([projectConfigId, id])
}
enum StandardOAuthProviderType {
GITHUB
FACEBOOK
GOOGLE
MICROSOFT
}
//#endregion
Reference in New Issue View Git Blame Copy Permalink