From 4d295ef062907adde4491df6272c4c13802dfaab Mon Sep 17 00:00:00 2001 From: Nora Date: Thu, 25 Jun 2026 21:45:55 -0600 Subject: [PATCH] chore(db): no-op legacy migration 0002; gitignore QA audit scratch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 0002_admin_password.sql migration referenced a 'users' table that no longer exists — auth moved from Auth.js Credentials to Neon Auth (Better Auth), which owns its own neon_auth.user schema. The migration was being recorded in _migrations to skip, but a fresh DB or new environment would fail with 'relation users does not exist'. scripts/migrate.js already had an ensureTracked() repair path that auto-marks 0002 applied when the users.password_hash column exists, so legacy DBs still work. For fresh DBs, this rewrite replaces the broken ALTER with a no-op SELECT 1, preserving the 0002 slot so 0003_*.sql onward numbering is unaffected. Also add .gitignore entries for local-only QA artifacts: - db/migrations/0000_qa_*.sql (Neon Auth stub for local audit) - db/seeds/2026-qa-*.sql (production-scale audit seed) - docs/qa/ (local audit plan/inventory/bugs) These files should never apply to production (the migration stub would conflict with real neon_auth.user; the seed is 1000s of rows). Tracking progress in /tmp/refactor-routecomm.md. --- .gitignore | 6 ++++++ db/migrations/0002_admin_password.sql | 29 ++++++++++++--------------- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index 575f7bd..e7b0866 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,9 @@ playwright-report/ public/videos/tuxedo-hero.mp4 .neon .worktrees/ + +# Local QA audit scratch — never applies to prod +# (Neon Auth stub, scale seed, audit docs created by local audit runs) +db/migrations/0000_qa_*.sql +db/seeds/2026-qa-*.sql +docs/qa/ diff --git a/db/migrations/0002_admin_password.sql b/db/migrations/0002_admin_password.sql index 35b89ed..588111a 100644 --- a/db/migrations/0002_admin_password.sql +++ b/db/migrations/0002_admin_password.sql @@ -1,20 +1,17 @@ --- 0002_admin_password.sql +-- 0002_admin_password.sql (no-op) -- --- Adds a `password_hash` column to `users` so the Auth.js Credentials --- provider can verify email + password against the database. +-- This migration slot is preserved for historical DB compatibility. +-- The original content added a `password_hash` column to a legacy `users` +-- table used by the old Auth.js Credentials provider. That table no longer +-- exists — auth moved to Neon Auth (Better Auth), which manages its own +-- `neon_auth.user` schema. See CLAUDE.md "Authentication & Authorization". -- --- Idempotent: uses `ADD COLUMN IF NOT EXISTS`. The column is nullable --- because OAuth-only users (Google) never set a password. +-- Production DBs that ran the original migration already have this filename +-- recorded in `_migrations` and will skip it. Fresh DBs would otherwise +-- fail on `ALTER TABLE users`; this no-op keeps the apply path clean while +-- preserving the migration numbering (0003_*.sql onward is unaffected). -- --- The Credentials provider's `authorize` function is documented in --- `src/lib/auth.ts` — it queries this column and runs `verifyPassword` --- (see `src/lib/passwords.ts`) before returning the user. +-- Do not reintroduce an `ALTER TABLE users` here — the table does not exist +-- and Neon Auth owns user identity. --- Transaction is managed by the migrate runner (scripts/migrate.js). --- File kept small and re-runnable via IF NOT EXISTS on the ALTER. - -ALTER TABLE users - ADD COLUMN IF NOT EXISTS password_hash TEXT; - --- Update the updated_at trigger tracking — no new triggers needed since --- `users` already has `set_updated_at` from migration 0001. +SELECT 1; \ No newline at end of file