feat(auth): add password_hash column + bcrypt helper for Auth.js Credentials provider
- Migration 0002 adds nullable password_hash to users (idempotent) - src/lib/passwords.ts: encode/verify with self-describing format (algo$N$salt$hash) so we can migrate to a stronger KDF later - Schema adds passwordHash column; OAuth-only users leave it null
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
-- 0002_admin_password.sql
|
||||
--
|
||||
-- Adds a `password_hash` column to `users` so the Auth.js Credentials
|
||||
-- provider can verify email + password against the database.
|
||||
--
|
||||
-- Idempotent: uses `ADD COLUMN IF NOT EXISTS`. The column is nullable
|
||||
-- because OAuth-only users (Google) never set a password.
|
||||
--
|
||||
-- The Credentials provider's `authorize` function is documented in
|
||||
-- `src/lib/auth.ts` — it queries this column and runs `verifyPassword`
|
||||
-- (see `src/lib/passwords.ts`) before returning the user.
|
||||
|
||||
BEGIN;
|
||||
|
||||
ALTER TABLE users
|
||||
ADD COLUMN IF NOT EXISTS password_hash TEXT;
|
||||
|
||||
-- Update the updated_at trigger tracking — no new triggers needed since
|
||||
-- `users` already has `set_updated_at` from migration 0001.
|
||||
|
||||
COMMIT;
|
||||
Reference in New Issue
Block a user