feat(auth): add password_hash column + bcrypt helper for Auth.js Credentials provider

- Migration 0002 adds nullable password_hash to users (idempotent)
- src/lib/passwords.ts: encode/verify with self-describing format
  (algo$N$salt$hash) so we can migrate to a stronger KDF later
- Schema adds passwordHash column; OAuth-only users leave it null
This commit is contained in:
2026-06-07 01:36:27 +00:00
parent 7cd0603cfb
commit 720ffe5262
3 changed files with 95 additions and 0 deletions
+7
View File
@@ -35,6 +35,13 @@ export const users = pgTable(
email: text("email").unique(),
name: text("name"),
image: text("image"),
/**
* Bcrypt / scrypt / argon2 hash, or null for OAuth-only users.
* Format is self-describing (algorithm$N$salt$hash) so we can
* migrate to a stronger KDF later without losing existing hashes.
* See `src/lib/passwords.ts` for the encoder/decoder.
*/
passwordHash: text("password_hash"),
authProvider: text("auth_provider", { enum: authProviderEnum })
.notNull()
.default("dev"),