enum AuthMec {
    Simple
    OpenID
}

model LinkedAuthMec {
    userId  String
    mec     AuthMec
    enabled Boolean @default(true)

    version     Int  @default(1)
    credentials Json

    user User @relation(fields: [userId], references: [id], onDelete: Cascade)

    @@id([userId, mec])
}

model Invitation {
    id      String  @id @default(uuid())
    isAdmin Boolean @default(false)

    username String?
    email    String?
    expires  DateTime
}

enum APITokenMode {
    User
    System
    Client
}

model APIToken {
    id    String       @id @default(uuid())
    token String       @unique @default(uuid())
    mode  APITokenMode
    name  String

    userId String?
    user   User?   @relation(fields: [userId], references: [id], onDelete: Cascade)

    clientId String?
    client   Client? @relation(fields: [clientId], references: [id], onDelete: Cascade)

    acls String[]

    expiresAt DateTime?

    @@index([token])
}

model Certificate {
    id String @id @default(uuid())

    privateKey  String
    certificate String

    blacklisted Boolean @default(false)
}

model Session {
    token     String   @id
    expiresAt DateTime

    userId String
    user   User?  @relation(fields: [userId], references: [id], onDelete: Cascade)

    data Json // misc extra data
}