-- 200_better_auth_tables.sql -- Better Auth core tables: user, session, account, verification -- Replaces Supabase Auth for the self-hosted Postgres deployment. -- user.id is UUID (matches admin_users.user_id FK). CREATE TABLE IF NOT EXISTS "user" ( "id" UUID PRIMARY KEY, "name" TEXT NOT NULL, "email" TEXT NOT NULL UNIQUE, "emailVerified" BOOLEAN NOT NULL DEFAULT FALSE, "image" TEXT, "createdAt" TIMESTAMPTZ NOT NULL DEFAULT now(), "updatedAt" TIMESTAMPTZ NOT NULL DEFAULT now() ); CREATE TABLE IF NOT EXISTS "session" ( "id" UUID PRIMARY KEY, "expiresAt" TIMESTAMPTZ NOT NULL, "token" TEXT NOT NULL UNIQUE, "createdAt" TIMESTAMPTZ NOT NULL DEFAULT now(), "updatedAt" TIMESTAMPTZ NOT NULL DEFAULT now(), "ipAddress" TEXT, "userAgent" TEXT, "userId" UUID NOT NULL REFERENCES "user"("id") ON DELETE CASCADE ); CREATE INDEX IF NOT EXISTS "idx_session_userId" ON "session"("userId"); CREATE TABLE IF NOT EXISTS "account" ( "id" UUID PRIMARY KEY, "accountId" TEXT NOT NULL, "providerId" TEXT NOT NULL, "userId" UUID NOT NULL REFERENCES "user"("id") ON DELETE CASCADE, "accessToken" TEXT, "refreshToken" TEXT, "idToken" TEXT, "accessTokenExpiresAt" TIMESTAMPTZ, "refreshTokenExpiresAt" TIMESTAMPTZ, "scope" TEXT, "password" TEXT, "createdAt" TIMESTAMPTZ NOT NULL DEFAULT now(), "updatedAt" TIMESTAMPTZ NOT NULL DEFAULT now() ); CREATE INDEX IF NOT EXISTS "idx_account_userId" ON "account"("userId"); CREATE INDEX IF NOT EXISTS "idx_account_providerId" ON "account"("providerId"); CREATE TABLE IF NOT EXISTS "verification" ( "id" UUID PRIMARY KEY, "identifier" TEXT NOT NULL, "value" TEXT NOT NULL, "expiresAt" TIMESTAMPTZ NOT NULL, "createdAt" TIMESTAMPTZ NOT NULL DEFAULT now(), "updatedAt" TIMESTAMPTZ NOT NULL DEFAULT now() ); CREATE INDEX IF NOT EXISTS "idx_verification_identifier" ON "verification"("identifier"); -- Better Auth does not need RLS on these tables — auth checks happen in app code. -- Disable RLS so existing SECURITY DEFINER RPCs can still read user rows if needed. ALTER TABLE "user" DISABLE ROW LEVEL SECURITY; ALTER TABLE "session" DISABLE ROW LEVEL SECURITY; ALTER TABLE "account" DISABLE ROW LEVEL SECURITY; ALTER TABLE "verification" DISABLE ROW LEVEL SECURITY;