SSO auth (1)

2026-03-17 15:08:08 +08:00
parent a62fae913a
commit 7b4d2e789f
35 changed files with 1762 additions and 196 deletions
--- a/prisma/migrations/20260316120000_add_sso_auth_tables/migration.sql
+++ b/prisma/migrations/20260316120000_add_sso_auth_tables/migration.sql
@@ -0,0 +1,63 @@
+CREATE TYPE "AuthProvider" AS ENUM ('GOOGLE', 'DISCORD');
+
+CREATE TABLE "auth_identities" (
+    "id" TEXT NOT NULL,
+    "provider" "AuthProvider" NOT NULL,
+    "provider_subject" TEXT NOT NULL,
+    "provider_email" TEXT,
+    "provider_name" TEXT,
+    "provider_username" TEXT,
+    "provider_picture" TEXT,
+    "email_verified" BOOLEAN NOT NULL DEFAULT false,
+    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    "user_id" TEXT NOT NULL,
+
+    CONSTRAINT "auth_identities_pkey" PRIMARY KEY ("id")
+);
+
+CREATE TABLE "auth_sessions" (
+    "id" TEXT NOT NULL,
+    "provider" "AuthProvider",
+    "refresh_token_hash" TEXT NOT NULL,
+    "expires_at" TIMESTAMP(3) NOT NULL,
+    "revoked_at" TIMESTAMP(3),
+    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    "user_id" TEXT NOT NULL,
+
+    CONSTRAINT "auth_sessions_pkey" PRIMARY KEY ("id")
+);
+
+CREATE TABLE "auth_exchange_codes" (
+    "id" TEXT NOT NULL,
+    "provider" "AuthProvider" NOT NULL,
+    "code_hash" TEXT NOT NULL,
+    "expires_at" TIMESTAMP(3) NOT NULL,
+    "consumed_at" TIMESTAMP(3),
+    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "user_id" TEXT NOT NULL,
+
+    CONSTRAINT "auth_exchange_codes_pkey" PRIMARY KEY ("id")
+);
+
+CREATE UNIQUE INDEX "auth_identities_provider_provider_subject_key" ON "auth_identities"("provider", "provider_subject");
+CREATE INDEX "auth_identities_user_id_idx" ON "auth_identities"("user_id");
+
+CREATE UNIQUE INDEX "auth_sessions_refresh_token_hash_key" ON "auth_sessions"("refresh_token_hash");
+CREATE INDEX "auth_sessions_user_id_idx" ON "auth_sessions"("user_id");
+
+CREATE UNIQUE INDEX "auth_exchange_codes_code_hash_key" ON "auth_exchange_codes"("code_hash");
+CREATE INDEX "auth_exchange_codes_user_id_idx" ON "auth_exchange_codes"("user_id");
+
+ALTER TABLE "auth_identities"
+ADD CONSTRAINT "auth_identities_user_id_fkey"
+FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+
+ALTER TABLE "auth_sessions"
+ADD CONSTRAINT "auth_sessions_user_id_fkey"
+FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+
+ALTER TABLE "auth_exchange_codes"
+ADD CONSTRAINT "auth_exchange_codes_user_id_fkey"
+FOREIGN KEY ("user_id") REFERENCES "users"("id") ON DELETE CASCADE ON UPDATE CASCADE;
--- a/prisma/migrations/20260317110000_normalize_user_emails/migration.sql
+++ b/prisma/migrations/20260317110000_normalize_user_emails/migration.sql
@@ -0,0 +1,8 @@
+UPDATE "users"
+SET "email" = LOWER(TRIM("email"))
+WHERE "email" <> LOWER(TRIM("email"));
+
+ALTER TABLE "users"
+  DROP CONSTRAINT IF EXISTS "users_email_key";
+
+CREATE UNIQUE INDEX "users_email_key" ON "users"(LOWER("email"));
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -9,7 +9,7 @@ datasource db {
  provider = "postgresql"
 }

-/// User model representing authenticated users from local auth
+/// User model representing authenticated users from Friendolls auth
 model User {
  /// Internal unique identifier (UUID)
  id String @id @default(uuid())
@@ -54,10 +54,64 @@ model User {
  userFriendships        Friendship[]    @relation("UserFriendships")
  friendFriendships      Friendship[]    @relation("FriendFriendships")
  dolls                  Doll[]
+  authIdentities         AuthIdentity[]
+  authSessions           AuthSession[]
+  authExchangeCodes      AuthExchangeCode[]

  @@map("users")
 }

+model AuthIdentity {
+  id              String       @id @default(uuid())
+  provider        AuthProvider
+  providerSubject String       @map("provider_subject")
+  providerEmail   String?      @map("provider_email")
+  providerName    String?      @map("provider_name")
+  providerUsername String?     @map("provider_username")
+  providerPicture String?      @map("provider_picture")
+  emailVerified   Boolean      @default(false) @map("email_verified")
+  createdAt       DateTime     @default(now()) @map("created_at")
+  updatedAt       DateTime     @updatedAt @map("updated_at")
+  userId          String       @map("user_id")
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@unique([provider, providerSubject])
+  @@index([userId])
+  @@map("auth_identities")
+}
+
+model AuthSession {
+  id               String       @id @default(uuid())
+  provider         AuthProvider?
+  refreshTokenHash String       @unique @map("refresh_token_hash")
+  expiresAt        DateTime     @map("expires_at")
+  revokedAt        DateTime?    @map("revoked_at")
+  createdAt        DateTime     @default(now()) @map("created_at")
+  updatedAt        DateTime     @updatedAt @map("updated_at")
+  userId           String       @map("user_id")
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@index([userId])
+  @@map("auth_sessions")
+}
+
+model AuthExchangeCode {
+  id        String       @id @default(uuid())
+  provider  AuthProvider
+  codeHash  String       @unique @map("code_hash")
+  expiresAt DateTime     @map("expires_at")
+  consumedAt DateTime?   @map("consumed_at")
+  createdAt DateTime     @default(now()) @map("created_at")
+  userId    String       @map("user_id")
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@index([userId])
+  @@map("auth_exchange_codes")
+}
+
 model FriendRequest {
  id         String              @id @default(uuid())
  senderId   String              @map("sender_id")
@@ -108,3 +162,8 @@ enum FriendRequestStatus {
  ACCEPTED
  DENIED
 }
+
+enum AuthProvider {
+  GOOGLE
+  DISCORD
+}