456b5b1375
- New: src/lib/storage.ts — S3-compatible client, uploadFile/deleteFile/listFiles/publicUrl helpers, bucket constants - New: docker-compose adds minio + minio_init services - Replaced Supabase fetch PUTs in: - src/actions/brand-settings.ts (3 uploaders) - src/actions/products/upload-image.ts - src/actions/communications/import-contacts.ts - src/app/api/water-photo-upload/route.ts - Replaced hardcoded Supabase URLs in: - src/components/storefront/TuxedoVideoHero.tsx - src/components/time-tracking/TimeTrackingFieldClient.tsx - src/app/tuxedo/about/page.tsx - src/lib/email-service.ts (4 occurrences) - Added @aws-sdk/client-s3 + @aws-sdk/s3-request-presigner - .env.example adds MinIO + storage vars - Migration cleanup: deleted BUNDLE_018_042, 4 XXX drafts, 087/145/099-contact storage migrations - Migration patches: 006 STATIC→STABLE, 135 param reordering - Preflight: added pgcrypto extension, removed storage stub - Verified: MinIO upload/list/delete round-trip works against local instance
62 lines
2.2 KiB
SQL
62 lines
2.2 KiB
SQL
-- 200_better_auth_tables.sql
|
|
-- Better Auth core tables: user, session, account, verification
|
|
-- Replaces Supabase Auth for the self-hosted Postgres deployment.
|
|
-- user.id is UUID (matches admin_users.user_id FK).
|
|
|
|
CREATE TABLE IF NOT EXISTS "user" (
|
|
"id" UUID PRIMARY KEY,
|
|
"name" TEXT NOT NULL,
|
|
"email" TEXT NOT NULL UNIQUE,
|
|
"emailVerified" BOOLEAN NOT NULL DEFAULT FALSE,
|
|
"image" TEXT,
|
|
"createdAt" TIMESTAMPTZ NOT NULL DEFAULT now(),
|
|
"updatedAt" TIMESTAMPTZ NOT NULL DEFAULT now()
|
|
);
|
|
|
|
CREATE TABLE IF NOT EXISTS "session" (
|
|
"id" UUID PRIMARY KEY,
|
|
"expiresAt" TIMESTAMPTZ NOT NULL,
|
|
"token" TEXT NOT NULL UNIQUE,
|
|
"createdAt" TIMESTAMPTZ NOT NULL DEFAULT now(),
|
|
"updatedAt" TIMESTAMPTZ NOT NULL DEFAULT now(),
|
|
"ipAddress" TEXT,
|
|
"userAgent" TEXT,
|
|
"userId" UUID NOT NULL REFERENCES "user"("id") ON DELETE CASCADE
|
|
);
|
|
CREATE INDEX IF NOT EXISTS "idx_session_userId" ON "session"("userId");
|
|
|
|
CREATE TABLE IF NOT EXISTS "account" (
|
|
"id" UUID PRIMARY KEY,
|
|
"accountId" TEXT NOT NULL,
|
|
"providerId" TEXT NOT NULL,
|
|
"userId" UUID NOT NULL REFERENCES "user"("id") ON DELETE CASCADE,
|
|
"accessToken" TEXT,
|
|
"refreshToken" TEXT,
|
|
"idToken" TEXT,
|
|
"accessTokenExpiresAt" TIMESTAMPTZ,
|
|
"refreshTokenExpiresAt" TIMESTAMPTZ,
|
|
"scope" TEXT,
|
|
"password" TEXT,
|
|
"createdAt" TIMESTAMPTZ NOT NULL DEFAULT now(),
|
|
"updatedAt" TIMESTAMPTZ NOT NULL DEFAULT now()
|
|
);
|
|
CREATE INDEX IF NOT EXISTS "idx_account_userId" ON "account"("userId");
|
|
CREATE INDEX IF NOT EXISTS "idx_account_providerId" ON "account"("providerId");
|
|
|
|
CREATE TABLE IF NOT EXISTS "verification" (
|
|
"id" UUID PRIMARY KEY,
|
|
"identifier" TEXT NOT NULL,
|
|
"value" TEXT NOT NULL,
|
|
"expiresAt" TIMESTAMPTZ NOT NULL,
|
|
"createdAt" TIMESTAMPTZ NOT NULL DEFAULT now(),
|
|
"updatedAt" TIMESTAMPTZ NOT NULL DEFAULT now()
|
|
);
|
|
CREATE INDEX IF NOT EXISTS "idx_verification_identifier" ON "verification"("identifier");
|
|
|
|
-- Better Auth does not need RLS on these tables — auth checks happen in app code.
|
|
-- Disable RLS so existing SECURITY DEFINER RPCs can still read user rows if needed.
|
|
ALTER TABLE "user" DISABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE "session" DISABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE "account" DISABLE ROW LEVEL SECURITY;
|
|
ALTER TABLE "verification" DISABLE ROW LEVEL SECURITY;
|