feat(migration): 0010 users + sessions, 0011 audit_log.user_id
This commit is contained in:
@@ -0,0 +1,31 @@
|
||||
-- version: 10
|
||||
-- Auth (SP-auth): users + sessions tables.
|
||||
--
|
||||
-- `users` holds the local credential store: bcrypt-hashed password,
|
||||
-- role enum ('admin' | 'user' | 'viewer'), and a soft-delete column
|
||||
-- (disabled_at) so admins can revoke access without losing history.
|
||||
--
|
||||
-- `sessions` holds the server-side session rows; the browser only
|
||||
-- carries an opaque token cookie (cyclone_session) that points here.
|
||||
-- expires_at index lets us cheaply reap stale sessions.
|
||||
|
||||
CREATE TABLE users (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
username TEXT NOT NULL UNIQUE,
|
||||
password_hash TEXT NOT NULL,
|
||||
role TEXT NOT NULL,
|
||||
created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
disabled_at TEXT
|
||||
);
|
||||
|
||||
CREATE INDEX idx_users_username ON users(username);
|
||||
|
||||
CREATE TABLE sessions (
|
||||
id TEXT PRIMARY KEY,
|
||||
user_id INTEGER NOT NULL REFERENCES users(id),
|
||||
expires_at TEXT NOT NULL,
|
||||
created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
CREATE INDEX idx_sessions_user_id ON sessions(user_id);
|
||||
CREATE INDEX idx_sessions_expires_at ON sessions(expires_at);
|
||||
@@ -0,0 +1,10 @@
|
||||
-- version: 11
|
||||
-- Auth (SP-auth): record the acting user_id on every audit_log entry.
|
||||
--
|
||||
-- Backwards-compatible: existing rows get NULL user_id (they were
|
||||
-- written by the pre-auth `system` actor). Going forward, the FastAPI
|
||||
-- get_current_user dependency injects the id into every audit log call.
|
||||
|
||||
ALTER TABLE audit_log ADD COLUMN user_id INTEGER;
|
||||
|
||||
CREATE INDEX idx_audit_log_user_id ON audit_log(user_id);
|
||||
Reference in New Issue
Block a user