wip: test

2025-11-21 04:01:45 +10:00 · 2025-01-05 15:44:16 +11:00
parent 866b036484
commit 071ce70292
20 changed files with 903 additions and 349 deletions
--- a/packages/prisma/migrations/20250104024352_add_user_secondary_id/migration.sql
+++ b/packages/prisma/migrations/20250104024352_add_user_secondary_id/migration.sql
@ -0,0 +1,11 @@
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "secondaryId" TEXT;
+
+-- Set all null secondaryId fields to a uuid
+UPDATE "User" SET "secondaryId" = gen_random_uuid()::text WHERE "secondaryId" IS NULL;
+
+-- Restrict the User to required
+ALTER TABLE "User" ALTER COLUMN "secondaryId" SET NOT NULL;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "User_secondaryId_key" ON "User"("secondaryId");
--- a/packages/prisma/migrations/20250104055239_add_better_auth_fields/migration.sql
+++ b/packages/prisma/migrations/20250104055239_add_better_auth_fields/migration.sql
@ -0,0 +1,36 @@
+/*
+  Warnings:
+
+  - Added the required column `updatedAt` to the `Account` table without a default value. This is not possible if the table is not empty.
+  - Added the required column `updatedAt` to the `Session` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "Account" ADD COLUMN     "accessTokenExpiresAt" TIMESTAMP(3),
+ADD COLUMN     "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ADD COLUMN     "password" TEXT,
+ADD COLUMN     "refreshTokenExpiresAt" TIMESTAMP(3),
+ADD COLUMN     "updatedAt" TIMESTAMP(3) NOT NULL,
+ALTER COLUMN "type" SET DEFAULT 'legacy';
+
+-- AlterTable
+ALTER TABLE "Session" ADD COLUMN     "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ADD COLUMN     "ipAddress" TEXT,
+ADD COLUMN     "updatedAt" TIMESTAMP(3) NOT NULL,
+ADD COLUMN     "userAgent" TEXT;
+
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "image" TEXT,
+ADD COLUMN     "isEmailVerified" BOOLEAN NOT NULL DEFAULT false;
+
+-- CreateTable
+CREATE TABLE "verification" (
+    "id" TEXT NOT NULL,
+    "identifier" TEXT NOT NULL,
+    "value" TEXT NOT NULL,
+    "expiresAt" TIMESTAMP(3) NOT NULL,
+    "createdAt" TIMESTAMP(3),
+    "updatedAt" TIMESTAMP(3),
+
+    CONSTRAINT "verification_pkey" PRIMARY KEY ("id")
+);
--- a/packages/prisma/migrations/20250104055250_migrate_documenso_users_to_accounts/migration.sql
+++ b/packages/prisma/migrations/20250104055250_migrate_documenso_users_to_accounts/migration.sql
@ -0,0 +1,28 @@
+-- Migrate DOCUMENSO users to have proper Account records
+DO $$
+BEGIN
+  INSERT INTO "Account" (
+    "id",
+    "userId",
+    "type",
+    "provider",
+    "providerAccountId",
+    "password",
+    "createdAt",
+    "updatedAt"
+  )
+  SELECT
+    gen_random_uuid()::text,
+    u.id,
+    'legacy',
+    'credential',
+    u.email,
+    u.password,
+    CURRENT_TIMESTAMP,
+    CURRENT_TIMESTAMP
+  FROM "User" u
+  LEFT JOIN "Account" a ON a."userId" = u.id AND a."provider" = 'documenso'
+  WHERE
+    u."identityProvider" = 'DOCUMENSO'
+    AND a.id IS NULL;
+END $$;
--- a/packages/prisma/migrations/20250104070109_extract_two_factor_into_table/migration.sql
+++ b/packages/prisma/migrations/20250104070109_extract_two_factor_into_table/migration.sql
@ -0,0 +1,32 @@
+-- CreateTable
+CREATE TABLE "TwoFactor" (
+    "id" TEXT NOT NULL,
+    "secret" TEXT NOT NULL,
+    "backupCodes" TEXT NOT NULL,
+    "userId" INTEGER NOT NULL,
+
+    CONSTRAINT "TwoFactor_pkey" PRIMARY KEY ("id")
+);
+
+-- AddForeignKey
+ALTER TABLE "TwoFactor" ADD CONSTRAINT "TwoFactor_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+
+DO $$
+BEGIN
+  -- Then migrate two factor data
+  INSERT INTO "TwoFactor" (
+    "secret",
+    "backupCodes",
+    "userId"
+  )
+  SELECT
+    u."twoFactorSecret",
+    COALESCE(u."twoFactorBackupCodes", ''),
+    u.id
+  FROM "User" u
+  LEFT JOIN "TwoFactor" tf ON tf."userId" = u.id
+  WHERE
+    u."twoFactorSecret" IS NOT NULL
+    AND u."twoFactorEnabled" = true
+    AND tf.id IS NULL;
+END $$;
--- a/packages/prisma/schema.prisma
+++ b/packages/prisma/schema.prisma
@ -29,10 +29,12 @@ enum Role {

 model User {
  id               Int              @id @default(autoincrement())
+  secondaryId      String           @unique @default(cuid())
  name             String?
  customerId       String?          @unique
  email            String           @unique
  emailVerified    DateTime?
+  isEmailVerified  Boolean          @default(false)
  password         String?
  source           String?
  signature        String?
@ -44,18 +46,22 @@ model User {
  avatarImageId    String?
  disabled         Boolean          @default(false)

-  accounts             Account[]
-  sessions             Session[]
-  Document             Document[]
-  Subscription         Subscription[]
-  PasswordResetToken   PasswordResetToken[]
-  ownedTeams           Team[]
-  ownedPendingTeams    TeamPending[]
-  teamMembers          TeamMember[]
-  twoFactorSecret      String?
-  twoFactorEnabled     Boolean              @default(false)
+  accounts           Account[]
+  sessions           Session[]
+  Document           Document[]
+  Subscription       Subscription[]
+  PasswordResetToken PasswordResetToken[]
+  ownedTeams         Team[]
+  ownedPendingTeams  TeamPending[]
+  teamMembers        TeamMember[]
+  twoFactorEnabled   Boolean              @default(false)
+
+  // Todo: Delete these after full auth migration.
  twoFactorBackupCodes String?
-  url                  String?              @unique
+  twoFactorSecret      String?
+  // End of Todo.
+
+  url String? @unique

  profile           UserProfile?
  VerificationToken VerificationToken[]
@ -67,9 +73,21 @@ model User {
  passkeys          Passkey[]
  avatarImage       AvatarImage?           @relation(fields: [avatarImageId], references: [id], onDelete: SetNull)

+  image String?
+
+  twofactors TwoFactor[]
+
  @@index([email])
 }

+model TwoFactor {
+  id          String @id @default(cuid())
+  secret      String
+  backupCodes String
+  userId      Int
+  user        User   @relation(fields: [userId], references: [id], onDelete: Cascade)
+}
+
 model UserProfile {
  id      String  @id @default(cuid())
  enabled Boolean @default(false)
@ -248,7 +266,6 @@ model Subscription {
 model Account {
  id                String  @id @default(cuid())
  userId            Int
-  type              String
  provider          String
  providerAccountId String
  refresh_token     String? @db.Text
@ -256,12 +273,24 @@ model Account {
  expires_at        Int?
  // Some providers return created_at so we need to make it optional
  created_at        Int?
-  // Stops next-auth from crashing when dealing with AzureAD
-  ext_expires_in    Int?
-  token_type        String?
  scope             String?
  id_token          String? @db.Text
-  session_state     String?
+
+  // Betterauth
+  createdAt             DateTime  @default(now())
+  updatedAt             DateTime  @updatedAt
+  accessTokenExpiresAt  DateTime?
+  refreshTokenExpiresAt DateTime?
+  password              String?
+
+  // Stops next-auth from crashing when dealing with AzureAD
+  ext_expires_in Int?
+
+  // Todo: Remove these fields after auth migration.
+  type          String  @default("legacy")
+  token_type    String?
+  session_state String?
+  // End of Todo.

  user User? @relation(fields: [userId], references: [id], onDelete: Cascade)

@ -274,6 +303,23 @@ model Session {
  userId       Int
  expires      DateTime
  user         User?    @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  // Better auth fields.
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  ipAddress String?
+  userAgent String?
+}
+
+model Verification {
+  id         String    @id @default(cuid())
+  identifier String
+  value      String
+  expiresAt  DateTime
+  createdAt  DateTime?
+  updatedAt  DateTime?
+
+  @@map("verification")
 }

 enum DocumentStatus {