-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathschema.sql
More file actions
150 lines (133 loc) · 5.04 KB
/
Copy pathschema.sql
File metadata and controls
150 lines (133 loc) · 5.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
-- schema.sql
-- Source of truth for the D1 (SQLite) schema.
-- Apply locally:
-- pnpm db:schema:local
-- Apply remotely:
-- pnpm db:schema:remote
--
-- Auth, users, accounts, memberships, invitations, sessions and audit logs
-- are owned by @etus/auth. Keep this schema aligned with the installed
-- package plus this product's role catalog: owner, admin, member, guest.
PRAGMA foreign_keys = ON;
CREATE TABLE IF NOT EXISTS auth_users (
id TEXT PRIMARY KEY,
gateway_user_id TEXT,
email TEXT NOT NULL UNIQUE,
name TEXT,
picture TEXT,
role TEXT NOT NULL DEFAULT 'guest',
status TEXT NOT NULL DEFAULT 'pending',
invited_by TEXT,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
last_login_at TEXT
);
CREATE INDEX IF NOT EXISTS idx_auth_users_email ON auth_users(email);
CREATE INDEX IF NOT EXISTS idx_auth_users_gateway_id ON auth_users(gateway_user_id);
CREATE INDEX IF NOT EXISTS idx_auth_users_status ON auth_users(status);
CREATE TABLE IF NOT EXISTS auth_sessions (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL REFERENCES auth_users(id) ON DELETE CASCADE,
ip TEXT,
user_agent TEXT,
last_active_at INTEGER,
expires_at INTEGER NOT NULL,
created_at INTEGER NOT NULL
);
CREATE INDEX IF NOT EXISTS idx_auth_sessions_user ON auth_sessions(user_id);
CREATE INDEX IF NOT EXISTS idx_auth_sessions_expires ON auth_sessions(expires_at);
CREATE TABLE IF NOT EXISTS auth_audit_logs (
id TEXT PRIMARY KEY,
event_type TEXT NOT NULL,
actor_id TEXT,
actor_email TEXT,
target_id TEXT,
target_type TEXT,
account_id TEXT,
ip TEXT,
user_agent TEXT,
metadata TEXT,
created_at TEXT NOT NULL DEFAULT (datetime('now'))
);
CREATE INDEX IF NOT EXISTS idx_audit_actor ON auth_audit_logs(actor_id);
CREATE INDEX IF NOT EXISTS idx_audit_event ON auth_audit_logs(event_type);
CREATE INDEX IF NOT EXISTS idx_audit_account ON auth_audit_logs(account_id);
CREATE INDEX IF NOT EXISTS idx_audit_created ON auth_audit_logs(created_at);
CREATE TABLE IF NOT EXISTS auth_accounts (
id TEXT PRIMARY KEY,
name TEXT NOT NULL,
slug TEXT UNIQUE,
owner_id TEXT NOT NULL,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
updated_at TEXT
);
CREATE INDEX IF NOT EXISTS idx_accounts_owner ON auth_accounts(owner_id);
CREATE INDEX IF NOT EXISTS idx_accounts_slug ON auth_accounts(slug);
CREATE TABLE IF NOT EXISTS auth_memberships (
id TEXT PRIMARY KEY,
account_id TEXT NOT NULL,
user_id TEXT NOT NULL,
role TEXT NOT NULL DEFAULT 'guest',
status TEXT NOT NULL DEFAULT 'active',
invited_by TEXT,
invited_at TEXT,
joined_at TEXT,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
UNIQUE(account_id, user_id)
);
CREATE INDEX IF NOT EXISTS idx_memberships_account ON auth_memberships(account_id);
CREATE INDEX IF NOT EXISTS idx_memberships_user ON auth_memberships(user_id);
CREATE INDEX IF NOT EXISTS idx_memberships_status ON auth_memberships(status);
CREATE TABLE IF NOT EXISTS auth_invitations (
id TEXT PRIMARY KEY,
account_id TEXT NOT NULL,
email TEXT NOT NULL,
role TEXT NOT NULL DEFAULT 'guest',
invited_by TEXT NOT NULL,
token TEXT NOT NULL UNIQUE,
expires_at TEXT NOT NULL,
accepted_at TEXT,
created_at TEXT NOT NULL DEFAULT (datetime('now'))
);
CREATE INDEX IF NOT EXISTS idx_invitations_account ON auth_invitations(account_id);
CREATE INDEX IF NOT EXISTS idx_invitations_email ON auth_invitations(email);
CREATE INDEX IF NOT EXISTS idx_invitations_token ON auth_invitations(token);
CREATE TABLE IF NOT EXISTS auth_user_permissions (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL,
permission TEXT NOT NULL,
account_id TEXT,
granted_by TEXT,
expires_at INTEGER,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
FOREIGN KEY (user_id) REFERENCES auth_users(id) ON DELETE CASCADE
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_user_perms_unique
ON auth_user_permissions(user_id, permission, COALESCE(account_id, '__global__'));
CREATE INDEX IF NOT EXISTS idx_user_perms_user ON auth_user_permissions(user_id);
CREATE INDEX IF NOT EXISTS idx_user_perms_account ON auth_user_permissions(account_id);
CREATE INDEX IF NOT EXISTS idx_user_perms_expires ON auth_user_permissions(expires_at);
CREATE TABLE IF NOT EXISTS auth_resource_permissions (
id TEXT PRIMARY KEY,
user_id TEXT NOT NULL,
resource_type TEXT NOT NULL,
resource_id TEXT NOT NULL,
permission TEXT NOT NULL,
account_id TEXT,
granted_by TEXT,
expires_at INTEGER,
created_at TEXT NOT NULL DEFAULT (datetime('now')),
FOREIGN KEY (user_id) REFERENCES auth_users(id) ON DELETE CASCADE
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_res_perms_unique
ON auth_resource_permissions(
user_id,
resource_type,
resource_id,
permission,
COALESCE(account_id, '__global__')
);
CREATE INDEX IF NOT EXISTS idx_res_perms_user ON auth_resource_permissions(user_id);
CREATE INDEX IF NOT EXISTS idx_res_perms_resource ON auth_resource_permissions(resource_type, resource_id);
CREATE INDEX IF NOT EXISTS idx_res_perms_lookup
ON auth_resource_permissions(user_id, resource_type, resource_id);
CREATE INDEX IF NOT EXISTS idx_res_perms_account ON auth_resource_permissions(account_id);