From 0ba91040f138f8bb5ee15a397c59ba72ad1c5050 Mon Sep 17 00:00:00 2001 From: Nora Date: Mon, 22 Jun 2026 14:14:47 -0600 Subject: [PATCH] feat(migration): 0010 users + sessions, 0011 audit_log.user_id --- .../0010_auth_users_and_sessions.sql | 31 +++++++++++++++++++ .../migrations/0011_audit_log_user_id.sql | 10 ++++++ 2 files changed, 41 insertions(+) create mode 100644 backend/src/cyclone/migrations/0010_auth_users_and_sessions.sql create mode 100644 backend/src/cyclone/migrations/0011_audit_log_user_id.sql diff --git a/backend/src/cyclone/migrations/0010_auth_users_and_sessions.sql b/backend/src/cyclone/migrations/0010_auth_users_and_sessions.sql new file mode 100644 index 0000000..d8329eb --- /dev/null +++ b/backend/src/cyclone/migrations/0010_auth_users_and_sessions.sql @@ -0,0 +1,31 @@ +-- version: 10 +-- Auth (SP-auth): users + sessions tables. +-- +-- `users` holds the local credential store: bcrypt-hashed password, +-- role enum ('admin' | 'user' | 'viewer'), and a soft-delete column +-- (disabled_at) so admins can revoke access without losing history. +-- +-- `sessions` holds the server-side session rows; the browser only +-- carries an opaque token cookie (cyclone_session) that points here. +-- expires_at index lets us cheaply reap stale sessions. + +CREATE TABLE users ( + id INTEGER PRIMARY KEY AUTOINCREMENT, + username TEXT NOT NULL UNIQUE, + password_hash TEXT NOT NULL, + role TEXT NOT NULL, + created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP, + disabled_at TEXT +); + +CREATE INDEX idx_users_username ON users(username); + +CREATE TABLE sessions ( + id TEXT PRIMARY KEY, + user_id INTEGER NOT NULL REFERENCES users(id), + expires_at TEXT NOT NULL, + created_at TEXT NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +CREATE INDEX idx_sessions_user_id ON sessions(user_id); +CREATE INDEX idx_sessions_expires_at ON sessions(expires_at); \ No newline at end of file diff --git a/backend/src/cyclone/migrations/0011_audit_log_user_id.sql b/backend/src/cyclone/migrations/0011_audit_log_user_id.sql new file mode 100644 index 0000000..a69a9d8 --- /dev/null +++ b/backend/src/cyclone/migrations/0011_audit_log_user_id.sql @@ -0,0 +1,10 @@ +-- version: 11 +-- Auth (SP-auth): record the acting user_id on every audit_log entry. +-- +-- Backwards-compatible: existing rows get NULL user_id (they were +-- written by the pre-auth `system` actor). Going forward, the FastAPI +-- get_current_user dependency injects the id into every audit log call. + +ALTER TABLE audit_log ADD COLUMN user_id INTEGER; + +CREATE INDEX idx_audit_log_user_id ON audit_log(user_id); \ No newline at end of file