-- Migration: Add users and sessions tables for authentication -- Run this before 002_add_document_shares.sql -- Enable UUID extension CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; -- Users table CREATE TABLE IF NOT EXISTS users ( id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), email VARCHAR(255) NOT NULL, name VARCHAR(255) NOT NULL, avatar_url TEXT, provider VARCHAR(50) NOT NULL CHECK (provider IN ('google', 'github')), provider_user_id VARCHAR(255) NOT NULL, created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW(), last_login_at TIMESTAMPTZ, UNIQUE(provider, provider_user_id) ); CREATE INDEX idx_users_email ON users(email); CREATE INDEX idx_users_provider ON users(provider, provider_user_id); COMMENT ON TABLE users IS 'Stores user accounts from OAuth providers'; COMMENT ON COLUMN users.provider IS 'OAuth provider: google or github'; COMMENT ON COLUMN users.provider_user_id IS 'User ID from OAuth provider'; -- Sessions table CREATE TABLE IF NOT EXISTS sessions ( id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE, token_hash VARCHAR(64) NOT NULL, expires_at TIMESTAMPTZ NOT NULL, created_at TIMESTAMPTZ DEFAULT NOW(), user_agent TEXT, ip_address VARCHAR(45), UNIQUE(token_hash) ); CREATE INDEX idx_sessions_user_id ON sessions(user_id); CREATE INDEX idx_sessions_token_hash ON sessions(token_hash); CREATE INDEX idx_sessions_expires_at ON sessions(expires_at); COMMENT ON TABLE sessions IS 'Stores active JWT sessions for revocation support'; COMMENT ON COLUMN sessions.token_hash IS 'SHA-256 hash of JWT token'; COMMENT ON COLUMN sessions.user_agent IS 'User agent string for device tracking'; -- Add owner_id to documents table if it doesn't exist ALTER TABLE documents ADD COLUMN IF NOT EXISTS owner_id UUID REFERENCES users(id) ON DELETE SET NULL; CREATE INDEX IF NOT EXISTS idx_documents_owner_id ON documents(owner_id); COMMENT ON COLUMN documents.owner_id IS 'User who created the document';