native auth

2026-02-11 01:09:08 +08:00
parent 7191035748
commit 94dae77ddd
34 changed files with 650 additions and 1801 deletions
--- a/prisma/migrations/20260210120000_add_local_auth/migration.sql
+++ b/prisma/migrations/20260210120000_add_local_auth/migration.sql
@@ -0,0 +1,15 @@
+-- Add local auth fields and make keycloak sub optional
+ALTER TABLE "users"
+  ADD COLUMN IF NOT EXISTS "password_hash" TEXT;
+
+ALTER TABLE "users"
+  ALTER COLUMN "keycloak_sub" DROP NOT NULL;
+
+DO $$
+BEGIN
+  IF NOT EXISTS (
+    SELECT 1 FROM pg_indexes WHERE indexname = 'users_email_key'
+  ) THEN
+    CREATE UNIQUE INDEX "users_email_key" ON "users"("email");
+  END IF;
+END $$;
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -9,20 +9,20 @@ datasource db {
  provider = "postgresql"
 }

-/// User model representing authenticated users from Keycloak OIDC
+/// User model representing authenticated users from local auth
 model User {
  /// Internal unique identifier (UUID)
  id String @id @default(uuid())

-  /// Keycloak subject identifier (unique per user in Keycloak)
-  /// This is the 'sub' claim from the JWT token
-  keycloakSub String @unique @map("keycloak_sub")
+  /// Keycloak subject identifier (legacy for migration)
+  /// This is the 'sub' claim from the old JWT token
+  keycloakSub String? @unique @map("keycloak_sub")

  /// User's display name
  name String

  /// User's email address
-  email String
+  email String @unique

  /// User's preferred username from Keycloak
  username String?
@@ -33,6 +33,9 @@ model User {
  /// User's roles from Keycloak (stored as JSON array)
  roles String[]

+  /// Password hash for local authentication
+  passwordHash String? @map("password_hash")
+
  /// Timestamp when the user was first created in the system
  createdAt DateTime @default(now()) @map("created_at")