94 lines
3.4 KiB
JavaScript
94 lines
3.4 KiB
JavaScript
/**
|
|
* Migration: Add session and role mapping configuration to tenants
|
|
* Adds session_timeout, require_mfa, allow_concurrent_sessions, and role_mappings fields
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
module.exports = {
|
|
up: async (queryInterface, Sequelize) => {
|
|
// Check if the columns already exist
|
|
const tableDescription = await queryInterface.describeTable('tenants');
|
|
|
|
// Add session configuration fields
|
|
if (!tableDescription.session_timeout) {
|
|
await queryInterface.addColumn('tenants', 'session_timeout', {
|
|
type: Sequelize.INTEGER,
|
|
defaultValue: 480, // 8 hours in minutes
|
|
allowNull: false,
|
|
comment: 'Session timeout in minutes'
|
|
});
|
|
console.log('✅ Added session_timeout column to tenants table');
|
|
} else {
|
|
console.log('⚠️ Column session_timeout already exists, skipping...');
|
|
}
|
|
|
|
if (!tableDescription.require_mfa) {
|
|
await queryInterface.addColumn('tenants', 'require_mfa', {
|
|
type: Sequelize.BOOLEAN,
|
|
defaultValue: false,
|
|
allowNull: false,
|
|
comment: 'Whether multi-factor authentication is required'
|
|
});
|
|
console.log('✅ Added require_mfa column to tenants table');
|
|
} else {
|
|
console.log('⚠️ Column require_mfa already exists, skipping...');
|
|
}
|
|
|
|
if (!tableDescription.allow_concurrent_sessions) {
|
|
await queryInterface.addColumn('tenants', 'allow_concurrent_sessions', {
|
|
type: Sequelize.BOOLEAN,
|
|
defaultValue: true,
|
|
allowNull: false,
|
|
comment: 'Whether users can have multiple concurrent sessions'
|
|
});
|
|
console.log('✅ Added allow_concurrent_sessions column to tenants table');
|
|
} else {
|
|
console.log('⚠️ Column allow_concurrent_sessions already exists, skipping...');
|
|
}
|
|
|
|
if (!tableDescription.role_mappings) {
|
|
await queryInterface.addColumn('tenants', 'role_mappings', {
|
|
type: Sequelize.JSONB,
|
|
allowNull: true,
|
|
comment: 'Mapping of external groups/attributes to system roles'
|
|
});
|
|
console.log('✅ Added role_mappings column to tenants table');
|
|
} else {
|
|
console.log('⚠️ Column role_mappings already exists, skipping...');
|
|
}
|
|
|
|
// Update auth_provider enum to include 'ad' - only if it doesn't exist
|
|
try {
|
|
await queryInterface.sequelize.query(`
|
|
DO $$
|
|
BEGIN
|
|
IF NOT EXISTS (
|
|
SELECT 1 FROM pg_enum
|
|
WHERE enumlabel = 'ad'
|
|
AND enumtypid = (
|
|
SELECT oid FROM pg_type WHERE typname = 'enum_tenants_auth_provider'
|
|
)
|
|
) THEN
|
|
ALTER TYPE "enum_tenants_auth_provider" ADD VALUE 'ad';
|
|
END IF;
|
|
END$$;
|
|
`);
|
|
console.log('✅ Added ad to auth_provider enum');
|
|
} catch (error) {
|
|
console.log('⚠️ Auth provider enum already includes ad or error occurred:', error.message);
|
|
}
|
|
},
|
|
|
|
down: async (queryInterface, Sequelize) => {
|
|
// Remove the added columns
|
|
await queryInterface.removeColumn('tenants', 'session_timeout');
|
|
await queryInterface.removeColumn('tenants', 'require_mfa');
|
|
await queryInterface.removeColumn('tenants', 'allow_concurrent_sessions');
|
|
await queryInterface.removeColumn('tenants', 'role_mappings');
|
|
|
|
// Note: Removing enum values is complex in PostgreSQL and typically not done in production
|
|
// The 'ad' value will remain in the enum even after this rollback
|
|
}
|
|
};
|