lewis.moe / bspds-sandbox
this repo has no description
fork atom
bspds-sandbox / migrations / 20251211_initial_schema.sql
at 2f185d97a899cae96f736225e87e4f446262fcd6 12 kB view raw
1CREATE TYPE notification_channel AS ENUM ('email', 'discord', 'telegram', 'signal'); 2CREATE TYPE notification_status AS ENUM ('pending', 'processing', 'sent', 'failed'); 3CREATE TYPE notification_type AS ENUM ( 4 'welcome', 5 'email_verification', 6 'password_reset', 7 'email_update', 8 'account_deletion', 9 'admin_email', 10 'plc_operation', 11 'two_factor_code' 12); 13 14CREATE TABLE IF NOT EXISTS users ( 15 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 16 handle TEXT NOT NULL UNIQUE, 17 email TEXT UNIQUE, 18 did TEXT NOT NULL UNIQUE, 19 password_hash TEXT NOT NULL, 20 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 21 updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 22 23 deactivated_at TIMESTAMPTZ, 24 invites_disabled BOOLEAN DEFAULT FALSE, 25 takedown_ref TEXT, 26 27 preferred_notification_channel notification_channel NOT NULL DEFAULT 'email', 28 29 password_reset_code TEXT, 30 password_reset_code_expires_at TIMESTAMPTZ, 31 32 email_pending_verification TEXT, 33 email_confirmation_code TEXT, 34 email_confirmation_code_expires_at TIMESTAMPTZ, 35 email_confirmed BOOLEAN NOT NULL DEFAULT FALSE, 36 37 two_factor_enabled BOOLEAN NOT NULL DEFAULT FALSE, 38 39 discord_id TEXT, 40 discord_verified BOOLEAN NOT NULL DEFAULT FALSE, 41 42 telegram_username TEXT, 43 telegram_verified BOOLEAN NOT NULL DEFAULT FALSE, 44 45 signal_number TEXT, 46 signal_verified BOOLEAN NOT NULL DEFAULT FALSE 47); 48 49CREATE INDEX IF NOT EXISTS idx_users_password_reset_code ON users(password_reset_code) WHERE password_reset_code IS NOT NULL; 50CREATE INDEX IF NOT EXISTS idx_users_email_confirmation_code ON users(email_confirmation_code) WHERE email_confirmation_code IS NOT NULL; 51CREATE INDEX IF NOT EXISTS idx_users_discord_id ON users(discord_id) WHERE discord_id IS NOT NULL; 52CREATE INDEX IF NOT EXISTS idx_users_telegram_username ON users(telegram_username) WHERE telegram_username IS NOT NULL; 53CREATE INDEX IF NOT EXISTS idx_users_signal_number ON users(signal_number) WHERE signal_number IS NOT NULL; 54 55CREATE TABLE IF NOT EXISTS invite_codes ( 56 code TEXT PRIMARY KEY, 57 available_uses INT NOT NULL DEFAULT 1, 58 created_by_user UUID NOT NULL REFERENCES users(id), 59 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 60 disabled BOOLEAN DEFAULT FALSE 61); 62 63CREATE TABLE IF NOT EXISTS invite_code_uses ( 64 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 65 code TEXT NOT NULL REFERENCES invite_codes(code), 66 used_by_user UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE, 67 used_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 68 UNIQUE(code, used_by_user) 69); 70 71CREATE TABLE IF NOT EXISTS user_keys ( 72 user_id UUID PRIMARY KEY REFERENCES users(id) ON DELETE CASCADE, 73 key_bytes BYTEA NOT NULL, 74 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 75 encrypted_at TIMESTAMPTZ, 76 encryption_version INTEGER DEFAULT 0 77); 78 79CREATE TABLE IF NOT EXISTS repos ( 80 user_id UUID PRIMARY KEY REFERENCES users(id) ON DELETE CASCADE, 81 repo_root_cid TEXT NOT NULL, 82 repo_rev TEXT, 83 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 84 updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 85); 86 87CREATE TABLE IF NOT EXISTS blocks ( 88 cid BYTEA PRIMARY KEY, 89 data BYTEA NOT NULL, 90 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 91); 92 93CREATE TABLE IF NOT EXISTS records ( 94 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 95 repo_id UUID NOT NULL REFERENCES repos(user_id) ON DELETE CASCADE, 96 collection TEXT NOT NULL, 97 rkey TEXT NOT NULL, 98 record_cid TEXT NOT NULL, 99 takedown_ref TEXT, 100 repo_rev TEXT, 101 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 102 UNIQUE(repo_id, collection, rkey) 103); 104 105CREATE INDEX idx_records_repo_rev ON records(repo_rev); 106 107CREATE TABLE IF NOT EXISTS blobs ( 108 cid TEXT PRIMARY KEY, 109 mime_type TEXT NOT NULL, 110 size_bytes BIGINT NOT NULL, 111 created_by_user UUID NOT NULL REFERENCES users(id), 112 storage_key TEXT NOT NULL, 113 takedown_ref TEXT, 114 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 115); 116 117CREATE TABLE IF NOT EXISTS app_passwords ( 118 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 119 user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE, 120 name TEXT NOT NULL, 121 password_hash TEXT NOT NULL, 122 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 123 privileged BOOLEAN NOT NULL DEFAULT FALSE, 124 UNIQUE(user_id, name) 125); 126 127CREATE TABLE reports ( 128 id BIGINT PRIMARY KEY, 129 reason_type TEXT NOT NULL, 130 reason TEXT, 131 subject_json JSONB NOT NULL, 132 reported_by_did TEXT NOT NULL, 133 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 134); 135 136CREATE TABLE IF NOT EXISTS account_deletion_requests ( 137 token TEXT PRIMARY KEY, 138 did TEXT NOT NULL REFERENCES users(did) ON DELETE CASCADE, 139 expires_at TIMESTAMPTZ NOT NULL, 140 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 141); 142 143CREATE TABLE IF NOT EXISTS notification_queue ( 144 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 145 user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE, 146 channel notification_channel NOT NULL DEFAULT 'email', 147 notification_type notification_type NOT NULL, 148 status notification_status NOT NULL DEFAULT 'pending', 149 recipient TEXT NOT NULL, 150 subject TEXT, 151 body TEXT NOT NULL, 152 metadata JSONB, 153 attempts INT NOT NULL DEFAULT 0, 154 max_attempts INT NOT NULL DEFAULT 3, 155 last_error TEXT, 156 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 157 updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 158 scheduled_for TIMESTAMPTZ NOT NULL DEFAULT NOW(), 159 processed_at TIMESTAMPTZ 160); 161 162CREATE INDEX idx_notification_queue_status_scheduled 163 ON notification_queue(status, scheduled_for) 164 WHERE status = 'pending'; 165 166CREATE INDEX idx_notification_queue_user_id ON notification_queue(user_id); 167 168CREATE TABLE IF NOT EXISTS reserved_signing_keys ( 169 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 170 did TEXT, 171 public_key_did_key TEXT NOT NULL, 172 private_key_bytes BYTEA NOT NULL, 173 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 174 expires_at TIMESTAMPTZ NOT NULL DEFAULT NOW() + INTERVAL '24 hours', 175 used_at TIMESTAMPTZ 176); 177 178CREATE INDEX IF NOT EXISTS idx_reserved_signing_keys_did ON reserved_signing_keys(did) WHERE did IS NOT NULL; 179CREATE INDEX IF NOT EXISTS idx_reserved_signing_keys_expires ON reserved_signing_keys(expires_at) WHERE used_at IS NULL; 180 181CREATE TABLE repo_seq ( 182 seq BIGSERIAL PRIMARY KEY, 183 did TEXT NOT NULL, 184 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 185 event_type TEXT NOT NULL, 186 commit_cid TEXT, 187 prev_cid TEXT, 188 ops JSONB, 189 blobs TEXT[], 190 blocks_cids TEXT[] 191); 192 193CREATE INDEX idx_repo_seq_seq ON repo_seq(seq); 194CREATE INDEX idx_repo_seq_did ON repo_seq(did); 195 196CREATE TABLE IF NOT EXISTS session_tokens ( 197 id SERIAL PRIMARY KEY, 198 did TEXT NOT NULL REFERENCES users(did) ON DELETE CASCADE, 199 access_jti TEXT NOT NULL UNIQUE, 200 refresh_jti TEXT NOT NULL UNIQUE, 201 access_expires_at TIMESTAMPTZ NOT NULL, 202 refresh_expires_at TIMESTAMPTZ NOT NULL, 203 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 204 updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 205); 206 207CREATE INDEX idx_session_tokens_did ON session_tokens(did); 208CREATE INDEX idx_session_tokens_access_jti ON session_tokens(access_jti); 209CREATE INDEX idx_session_tokens_refresh_jti ON session_tokens(refresh_jti); 210 211CREATE TABLE IF NOT EXISTS used_refresh_tokens ( 212 refresh_jti TEXT PRIMARY KEY, 213 session_id INTEGER NOT NULL REFERENCES session_tokens(id) ON DELETE CASCADE, 214 used_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 215); 216 217CREATE INDEX idx_used_refresh_tokens_session_id ON used_refresh_tokens(session_id); 218 219CREATE TABLE IF NOT EXISTS oauth_device ( 220 id TEXT PRIMARY KEY, 221 session_id TEXT NOT NULL UNIQUE, 222 user_agent TEXT, 223 ip_address TEXT NOT NULL, 224 last_seen_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 225); 226 227CREATE TABLE IF NOT EXISTS oauth_authorization_request ( 228 id TEXT PRIMARY KEY, 229 did TEXT REFERENCES users(did) ON DELETE CASCADE, 230 device_id TEXT REFERENCES oauth_device(id) ON DELETE SET NULL, 231 client_id TEXT NOT NULL, 232 client_auth JSONB, 233 parameters JSONB NOT NULL, 234 expires_at TIMESTAMPTZ NOT NULL, 235 code TEXT UNIQUE 236); 237 238CREATE INDEX idx_oauth_auth_request_expires ON oauth_authorization_request(expires_at); 239CREATE INDEX idx_oauth_auth_request_code ON oauth_authorization_request(code) WHERE code IS NOT NULL; 240 241CREATE TABLE IF NOT EXISTS oauth_token ( 242 id SERIAL PRIMARY KEY, 243 did TEXT NOT NULL REFERENCES users(did) ON DELETE CASCADE, 244 token_id TEXT NOT NULL UNIQUE, 245 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 246 updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 247 expires_at TIMESTAMPTZ NOT NULL, 248 client_id TEXT NOT NULL, 249 client_auth JSONB NOT NULL, 250 device_id TEXT REFERENCES oauth_device(id) ON DELETE SET NULL, 251 parameters JSONB NOT NULL, 252 details JSONB, 253 code TEXT UNIQUE, 254 current_refresh_token TEXT UNIQUE, 255 scope TEXT 256); 257 258CREATE INDEX idx_oauth_token_did ON oauth_token(did); 259CREATE INDEX idx_oauth_token_code ON oauth_token(code) WHERE code IS NOT NULL; 260 261CREATE TABLE IF NOT EXISTS oauth_account_device ( 262 did TEXT NOT NULL REFERENCES users(did) ON DELETE CASCADE, 263 device_id TEXT NOT NULL REFERENCES oauth_device(id) ON DELETE CASCADE, 264 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 265 updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 266 PRIMARY KEY (did, device_id) 267); 268 269CREATE TABLE IF NOT EXISTS oauth_authorized_client ( 270 did TEXT NOT NULL REFERENCES users(did) ON DELETE CASCADE, 271 client_id TEXT NOT NULL, 272 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 273 updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 274 data JSONB NOT NULL, 275 PRIMARY KEY (did, client_id) 276); 277 278CREATE TABLE IF NOT EXISTS oauth_used_refresh_token ( 279 refresh_token TEXT PRIMARY KEY, 280 token_id INTEGER NOT NULL REFERENCES oauth_token(id) ON DELETE CASCADE 281); 282 283CREATE TABLE oauth_dpop_jti ( 284 jti TEXT PRIMARY KEY, 285 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 286); 287 288CREATE INDEX idx_oauth_dpop_jti_created_at ON oauth_dpop_jti(created_at); 289 290CREATE TABLE plc_operation_tokens ( 291 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 292 user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE, 293 token TEXT NOT NULL UNIQUE, 294 expires_at TIMESTAMPTZ NOT NULL, 295 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() 296); 297 298CREATE INDEX idx_plc_op_tokens_user ON plc_operation_tokens(user_id); 299CREATE INDEX idx_plc_op_tokens_expires ON plc_operation_tokens(expires_at); 300 301CREATE TABLE IF NOT EXISTS account_preferences ( 302 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 303 user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE, 304 name TEXT NOT NULL, 305 value_json JSONB NOT NULL, 306 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 307 updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 308 UNIQUE(user_id, name) 309); 310 311CREATE INDEX IF NOT EXISTS idx_account_preferences_user_id ON account_preferences(user_id); 312CREATE INDEX IF NOT EXISTS idx_account_preferences_name ON account_preferences(name); 313 314CREATE TABLE oauth_2fa_challenge ( 315 id UUID PRIMARY KEY DEFAULT gen_random_uuid(), 316 did TEXT NOT NULL REFERENCES users(did) ON DELETE CASCADE, 317 request_uri TEXT NOT NULL, 318 code TEXT NOT NULL, 319 attempts INTEGER NOT NULL DEFAULT 0, 320 created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), 321 expires_at TIMESTAMPTZ NOT NULL DEFAULT NOW() + INTERVAL '10 minutes' 322); 323 324CREATE INDEX idx_oauth_2fa_challenge_request_uri ON oauth_2fa_challenge(request_uri); 325CREATE INDEX idx_oauth_2fa_challenge_expires ON oauth_2fa_challenge(expires_at);