refactor: update dependency on @logto/cloud and update legacy JWT cus…

…tomizer

packages/connectors/connector-logto-email/package.json

@@ -48,6 +48,6 @@
     "access": "public"
   },
   "devDependencies": {
-    "@logto/cloud": "0.2.5-6c090b2"
+    "@logto/cloud": "0.2.5-1807f9c"
   }
 }

packages/console/package.json

@@ -28,7 +28,7 @@
     "@fontsource/roboto-mono": "^5.0.0",
     "@jest/types": "^29.5.0",
     "@logto/app-insights": "workspace:^1.4.0",
-    "@logto/cloud": "0.2.5-6c090b2",
+    "@logto/cloud": "0.2.5-1807f9c",
     "@logto/connector-kit": "workspace:^2.1.0",
     "@logto/core-kit": "workspace:^2.3.0",
     "@logto/language-kit": "workspace:^1.1.0",

packages/core/package.json

@@ -91,7 +91,7 @@
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "@logto/cloud": "0.2.5-6c090b2",
+    "@logto/cloud": "0.2.5-1807f9c",
     "@silverhand/eslint-config": "5.0.0",
     "@silverhand/ts-config": "5.0.0",
     "@types/debug": "^4.1.7",

packages/core/src/oidc/init.ts

@@ -18,7 +18,7 @@ import {
   type Json,
   jwtCustomizer as jwtCustomizerLog,
   LogResult,
-  LogtoJwtTokenPath,
+  LogtoJwtTokenKeyType,
 } from '@logto/schemas';
 import { generateStandardId } from '@logto/shared';
 import { conditional, trySafe, tryThat } from '@silverhand/essentials';
@@ -269,13 +269,11 @@ export default function initOidc(
           body: isTokenClientCredentials
             ? {
                 ...commonPayload,
-                // TODO: update once cloud repo is ready.
-                tokenType: LogtoJwtTokenPath.ClientCredentials,
+                tokenType: LogtoJwtTokenKeyType.ClientCredentials,
               }
             : {
                 ...commonPayload,
-                // TODO: update once cloud repo is ready.
-                tokenType: LogtoJwtTokenPath.AccessToken,
+                tokenType: LogtoJwtTokenKeyType.AccessToken,
                 // TODO (LOG-8555): the newly added `UserProfile` type includes undefined fields and can not be directly assigned to `Json` type. And the `undefined` fields should be removed by zod guard.
                 // eslint-disable-next-line no-restricted-syntax
                 context: { user: logtoUserInfo as Record<string, Json> },

packages/core/src/routes/logto-config/jwt-customizer.ts

@@ -7,8 +7,6 @@ import {
   adminTenantId,
   jwtCustomizerConfigsGuard,
   jwtCustomizerTestRequestBodyGuard,
-  type CustomJwtFetcher,
-  type LogtoJwtTokenPath,
 } from '@logto/schemas';
 import { ResponseError } from '@withtyped/client';
 import { ZodError, z } from 'zod';
@@ -191,9 +189,7 @@ export default function logtoConfigJwtCustomizerRoutes<T extends AuthedRouter>(
 
       try {
         ctx.body = await client.post(`/api/services/custom-jwt`, {
-          // TODO: remove type casting once the cloud repo is updated.
-          // eslint-disable-next-line no-restricted-syntax
-          body: body as CustomJwtFetcher & { tokenType: LogtoJwtTokenPath },
+          body,
         });
       } catch (error: unknown) {
         /**

packages/schemas/alterations/next-1712132946-rename-jwt-customizer-field.ts

@@ -0,0 +1,105 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+enum LogtoJwtTokenKey {
+  AccessToken = 'jwt.accessToken',
+  ClientCredentials = 'jwt.clientCredentials',
+}
+
+type OldJwtCustomizer = {
+  [x: string]: unknown;
+  envVars?: Record<string, string>;
+};
+
+type OldJwtCustomizerRow = {
+  tenantId: string;
+  key: LogtoJwtTokenKey;
+  value: OldJwtCustomizer;
+};
+
+type NewJwtCustomizer = {
+  [x: string]: unknown;
+  environmentVariables?: Record<string, string>;
+};
+
+type NewJwtCustomizerRow = {
+  tenantId: string;
+  key: LogtoJwtTokenKey;
+  value: NewJwtCustomizer;
+};
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const { rows } = await pool.query<OldJwtCustomizerRow>(sql`
+      select * from logto_configs
+      where key in (${LogtoJwtTokenKey.AccessToken}, ${LogtoJwtTokenKey.ClientCredentials});
+    `);
+
+    if (rows.length === 0) {
+      return;
+    }
+
+    await Promise.all(
+      rows.map(async (row) => {
+        const {
+          tenantId,
+          key,
+          value: { envVars, ...rest },
+        } = row;
+
+        if (!envVars) {
+          return;
+        }
+
+        const newJwtCustomizer: NewJwtCustomizer = {
+          environmentVariables: envVars,
+          ...rest,
+        };
+
+        await pool.query(sql`
+          update logto_configs
+            set value = ${JSON.stringify(newJwtCustomizer)}
+            where tenant_id = ${tenantId} and key = ${key};
+        `);
+      })
+    );
+  },
+  down: async (pool) => {
+    const { rows } = await pool.query<NewJwtCustomizerRow>(sql`
+      select * from logto_configs
+      where key in (${LogtoJwtTokenKey.AccessToken}, ${LogtoJwtTokenKey.ClientCredentials});
+    `);
+
+    if (rows.length === 0) {
+      return;
+    }
+
+    await Promise.all(
+      rows.map(async (row) => {
+        const {
+          tenantId,
+          key,
+          value: { environmentVariables, ...rest },
+        } = row;
+
+        if (!environmentVariables) {
+          return;
+        }
+
+        const oldJwtCustomizer: OldJwtCustomizer = {
+          envVars: environmentVariables,
+          ...rest,
+        };
+
+        await pool.query(sql`
+          update logto_configs
+            set value = ${JSON.stringify(oldJwtCustomizer)}
+            where tenant_id = ${tenantId} and key = ${key};
+        `);
+      })
+    );
+  },
+};
+
+export default alteration;

packages/schemas/src/types/logto-config/jwt-customizer.ts

@@ -59,12 +59,6 @@ export const clientCredentialsJwtCustomizerGuard = jwtCustomizerGuard
 
 export type ClientCredentialsJwtCustomizer = z.infer<typeof clientCredentialsJwtCustomizerGuard>;
 
-// TODO: Temporarily leave this and will remove it after the cloud repo is updated.
-export enum LogtoJwtTokenPath {
-  AccessToken = 'access-token',
-  ClientCredentials = 'client-credentials',
-}
-
 export enum LogtoJwtTokenKeyType {
   AccessToken = 'access-token',
   ClientCredentials = 'client-credentials',