Files
2026-07-13 13:00:08 +08:00

44 lines
1.9 KiB
SQL

-- Reasonix accounts: users, sessions, email tokens.
-- Apply: wrangler d1 migrations apply reasonix-accounts --local (or --remote)
CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
handle TEXT NOT NULL UNIQUE, -- public identity, /u/<handle>
email TEXT NOT NULL UNIQUE, -- stored lowercased
email_verified INTEGER NOT NULL DEFAULT 0,
password_hash TEXT, -- nullable: reserved for future OAuth-only users
display_name TEXT NOT NULL DEFAULT '',
avatar_url TEXT NOT NULL DEFAULT '',
bio TEXT NOT NULL DEFAULT '',
role TEXT NOT NULL DEFAULT 'member', -- member | admin
status TEXT NOT NULL DEFAULT 'active', -- active | suspended | deleted
created_at TEXT NOT NULL,
updated_at TEXT NOT NULL
);
-- Sessions store sha256(raw cookie token); the raw token only ever lives in the
-- cookie, so a DB read can't resurrect a live session. `kind` is reserved so the
-- future desktop/CLI device-flow login reuses this same table.
CREATE TABLE IF NOT EXISTS sessions (
token_hash TEXT PRIMARY KEY,
user_id INTEGER NOT NULL,
kind TEXT NOT NULL DEFAULT 'web', -- web | cli
user_agent TEXT NOT NULL DEFAULT '',
created_at TEXT NOT NULL,
last_seen_at TEXT NOT NULL,
expires_at TEXT NOT NULL
);
CREATE INDEX IF NOT EXISTS sessions_user ON sessions (user_id);
CREATE INDEX IF NOT EXISTS sessions_expires ON sessions (expires_at);
-- Single-use, hashed tokens for email verification and password reset.
CREATE TABLE IF NOT EXISTS email_tokens (
token_hash TEXT PRIMARY KEY,
user_id INTEGER NOT NULL,
purpose TEXT NOT NULL, -- verify | reset
created_at TEXT NOT NULL,
expires_at TEXT NOT NULL,
used_at TEXT
);
CREATE INDEX IF NOT EXISTS email_tokens_user ON email_tokens (user_id);