set up for deployment

backend/scripts/000_extensions.sql

@@ -0,0 +1,8 @@
+-- Migration: Create required PostgreSQL extensions
+-- Extensions must be created before other migrations can use them
+
+-- uuid-ossp: Provides functions for generating UUIDs (uuid_generate_v4())
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+-- pgcrypto: Provides cryptographic functions (used for token hashing)
+CREATE EXTENSION IF NOT EXISTS "pgcrypto";

backend/scripts/001_init_schema.sql

@@ -0,0 +1,25 @@
+-- Initialize database schema for realtime collaboration
+-- This is the base schema that creates core tables for documents and updates
+
+CREATE TABLE IF NOT EXISTS documents (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name VARCHAR(255) NOT NULL,
+    type VARCHAR(50) NOT NULL CHECK (type IN ('editor', 'kanban')),
+    yjs_state BYTEA,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+CREATE INDEX idx_documents_type ON documents(type);
+CREATE INDEX idx_documents_created_at ON documents(created_at DESC);
+
+-- Table for storing incremental updates (for history tracking)
+CREATE TABLE IF NOT EXISTS document_updates (
+    id SERIAL PRIMARY KEY,
+    document_id UUID NOT NULL REFERENCES documents(id) ON DELETE CASCADE,
+    update BYTEA NOT NULL,
+    created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+CREATE INDEX idx_updates_document_id ON document_updates(document_id);
+CREATE INDEX idx_updates_created_at ON document_updates(created_at DESC);

backend/scripts/006_add_oauth_tokens.sql

@@ -0,0 +1,20 @@
+-- Migration: Add OAuth token storage
+-- This table stores OAuth2 access tokens and refresh tokens from external providers
+-- Used for refreshing user sessions without re-authentication
+
+CREATE TABLE IF NOT EXISTS oauth_tokens (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    provider VARCHAR(50) NOT NULL,
+    access_token TEXT NOT NULL,
+    refresh_token TEXT,
+    token_type VARCHAR(50) DEFAULT 'Bearer',
+    expires_at TIMESTAMPTZ NOT NULL,
+    scope TEXT,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW(),
+
+    CONSTRAINT oauth_tokens_user_id_provider_key UNIQUE (user_id, provider)
+);
+
+CREATE INDEX idx_oauth_tokens_user_id ON oauth_tokens(user_id);

backend/scripts/007_complete_version_migration.sql

@@ -0,0 +1,41 @@
+-- Migration: Add document version history support
+-- This migration creates the version history table, adds tracking columns,
+-- and provides a helper function for version numbering
+
+-- Create document versions table for storing version snapshots
+CREATE TABLE IF NOT EXISTS document_versions (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    document_id UUID NOT NULL REFERENCES documents(id) ON DELETE CASCADE,
+    yjs_snapshot BYTEA NOT NULL,
+    text_preview TEXT,
+    version_number INTEGER NOT NULL,
+    created_by UUID REFERENCES users(id) ON DELETE SET NULL,
+    version_label TEXT,
+    is_auto_generated BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+
+    CONSTRAINT unique_document_version UNIQUE(document_id, version_number)
+);
+
+CREATE INDEX idx_document_versions_document_id ON document_versions(document_id, created_at DESC);
+CREATE INDEX idx_document_versions_created_by ON document_versions(created_by);
+
+-- Add version tracking columns to documents table
+ALTER TABLE documents ADD COLUMN IF NOT EXISTS version_count INTEGER DEFAULT 0;
+ALTER TABLE documents ADD COLUMN IF NOT EXISTS last_snapshot_at TIMESTAMPTZ;
+
+-- Function to get the next version number for a document
+-- This ensures version numbers are sequential and unique per document
+CREATE OR REPLACE FUNCTION get_next_version_number(p_document_id UUID)
+RETURNS INTEGER AS $$
+DECLARE
+    next_version INTEGER;
+BEGIN
+    SELECT COALESCE(MAX(version_number), 0) + 1
+    INTO next_version
+    FROM document_versions
+    WHERE document_id = p_document_id;
+
+    RETURN next_version;
+END;
+$$ LANGUAGE plpgsql;

backend/scripts/008_enable_rls.sql

@@ -0,0 +1,36 @@
+-- Migration: Enable Row Level Security (RLS) on all tables
+-- This enables RLS but uses permissive policies to allow all operations
+-- Authorization is still handled by the Go backend middleware
+
+-- Enable RLS on all tables
+ALTER TABLE users ENABLE ROW LEVEL SECURITY;
+ALTER TABLE sessions ENABLE ROW LEVEL SECURITY;
+ALTER TABLE oauth_tokens ENABLE ROW LEVEL SECURITY;
+ALTER TABLE documents ENABLE ROW LEVEL SECURITY;
+ALTER TABLE document_updates ENABLE ROW LEVEL SECURITY;
+ALTER TABLE document_shares ENABLE ROW LEVEL SECURITY;
+ALTER TABLE document_versions ENABLE ROW LEVEL SECURITY;
+
+-- Create permissive policies that allow all operations
+-- This maintains current behavior where backend handles authorization
+
+-- Users table
+CREATE POLICY "Allow all operations on users" ON users FOR ALL USING (true);
+
+-- Sessions table
+CREATE POLICY "Allow all operations on sessions" ON sessions FOR ALL USING (true);
+
+-- OAuth tokens table
+CREATE POLICY "Allow all operations on oauth_tokens" ON oauth_tokens FOR ALL USING (true);
+
+-- Documents table
+CREATE POLICY "Allow all operations on documents" ON documents FOR ALL USING (true);
+
+-- Document updates table
+CREATE POLICY "Allow all operations on document_updates" ON document_updates FOR ALL USING (true);
+
+-- Document shares table
+CREATE POLICY "Allow all operations on document_shares" ON document_shares FOR ALL USING (true);
+
+-- Document versions table
+CREATE POLICY "Allow all operations on document_versions" ON document_versions FOR ALL USING (true);

backend/scripts/009_disable_postgrest.sql

@@ -0,0 +1,16 @@
+-- Migration: Revoke PostgREST access to public schema
+-- This prevents Supabase's auto-generated REST API from exposing tables
+-- Use this if you ONLY connect via your Go backend, not via Supabase client libraries
+
+-- Revoke access from anon and authenticated roles (used by PostgREST)
+REVOKE ALL ON ALL TABLES IN SCHEMA public FROM anon, authenticated;
+REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM anon, authenticated;
+REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public FROM anon, authenticated;
+
+-- Grant access only to postgres role (your backend connection)
+GRANT ALL ON ALL TABLES IN SCHEMA public TO postgres;
+GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO postgres;
+GRANT ALL ON ALL FUNCTIONS IN SCHEMA public TO postgres;
+
+-- Note: Run this AFTER all other migrations
+-- If you need PostgREST access later, you can re-grant permissions selectively

backend/scripts/archive/migration_add_versions.sql

@@ -0,0 +1,38 @@
+-- Migration: Add document version history support
+-- Run: psql -U postgres collaboration < backend/scripts/migration_add_versions.sql
+
+CREATE TABLE IF NOT EXISTS document_versions (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    document_id UUID NOT NULL REFERENCES documents(id) ON DELETE CASCADE,
+    yjs_snapshot BYTEA NOT NULL,
+    text_preview TEXT,
+    version_number INTEGER NOT NULL,
+    created_by UUID REFERENCES users(id) ON DELETE SET NULL,
+    version_label TEXT,
+    is_auto_generated BOOLEAN DEFAULT true,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    
+    CONSTRAINT unique_document_version UNIQUE(document_id, version_number)
+);
+
+CREATE INDEX idx_document_versions_document_id ON document_versions(document_id, created_at DESC);
+CREATE INDEX idx_document_versions_created_by ON document_versions(created_by);
+
+-- Add version tracking to documents table
+ALTER TABLE documents ADD COLUMN IF NOT EXISTS version_count INTEGER DEFAULT 0;
+ALTER TABLE documents ADD COLUMN IF NOT EXISTS last_snapshot_at TIMESTAMPTZ;
+
+-- Function to get next version number
+CREATE OR REPLACE FUNCTION get_next_version_number(p_document_id UUID)
+RETURNS INTEGER AS $$
+DECLARE
+    next_version INTEGER;
+BEGIN
+    SELECT COALESCE(MAX(version_number), 0) + 1
+    INTO next_version
+    FROM document_versions
+    WHERE document_id = p_document_id;
+    
+    RETURN next_version;
+END;
+$$ LANGUAGE plpgsql;