55 lines
1.8 KiB
JavaScript
55 lines
1.8 KiB
JavaScript
/**
|
|
* Migration: Add session and role mapping configuration to tenants
|
|
* Adds session_timeout, require_mfa, allow_concurrent_sessions, and role_mappings fields
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
module.exports = {
|
|
up: async (queryInterface, Sequelize) => {
|
|
// Add session configuration fields
|
|
await queryInterface.addColumn('tenants', 'session_timeout', {
|
|
type: Sequelize.INTEGER,
|
|
defaultValue: 480, // 8 hours in minutes
|
|
allowNull: false,
|
|
comment: 'Session timeout in minutes'
|
|
});
|
|
|
|
await queryInterface.addColumn('tenants', 'require_mfa', {
|
|
type: Sequelize.BOOLEAN,
|
|
defaultValue: false,
|
|
allowNull: false,
|
|
comment: 'Whether multi-factor authentication is required'
|
|
});
|
|
|
|
await queryInterface.addColumn('tenants', 'allow_concurrent_sessions', {
|
|
type: Sequelize.BOOLEAN,
|
|
defaultValue: true,
|
|
allowNull: false,
|
|
comment: 'Whether users can have multiple concurrent sessions'
|
|
});
|
|
|
|
await queryInterface.addColumn('tenants', 'role_mappings', {
|
|
type: Sequelize.JSONB,
|
|
allowNull: true,
|
|
comment: 'Mapping of external groups/attributes to system roles'
|
|
});
|
|
|
|
// Update auth_provider enum to include 'ad'
|
|
await queryInterface.sequelize.query(`
|
|
ALTER TYPE "enum_tenants_auth_provider" ADD VALUE 'ad';
|
|
`);
|
|
},
|
|
|
|
down: async (queryInterface, Sequelize) => {
|
|
// Remove the added columns
|
|
await queryInterface.removeColumn('tenants', 'session_timeout');
|
|
await queryInterface.removeColumn('tenants', 'require_mfa');
|
|
await queryInterface.removeColumn('tenants', 'allow_concurrent_sessions');
|
|
await queryInterface.removeColumn('tenants', 'role_mappings');
|
|
|
|
// Note: Removing enum values is complex in PostgreSQL and typically not done in production
|
|
// The 'ad' value will remain in the enum even after this rollback
|
|
}
|
|
};
|