migrations
This commit is contained in:
@@ -0,0 +1,357 @@
|
|||||||
|
"""empty message
|
||||||
|
|
||||||
|
Revision ID: 0abed208e728
|
||||||
|
Revises: None
|
||||||
|
Create Date: 2026-01-11 16:07:05.491356
|
||||||
|
|
||||||
|
"""
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = '001'
|
||||||
|
down_revision = None
|
||||||
|
branch_labels = None
|
||||||
|
depends_on = None
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.create_table('organizations',
|
||||||
|
sa.Column('name', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('slug', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('description', sa.Text(), nullable=True),
|
||||||
|
sa.Column('logo_url', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('is_active', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('settings', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_organizations_slug'), 'organizations', ['slug'], unique=True)
|
||||||
|
op.create_table('users',
|
||||||
|
sa.Column('email', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('email_verified', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('full_name', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('avatar_url', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('status', sa.Enum('ACTIVE', 'INACTIVE', 'SUSPENDED', 'PENDING', name='userstatus'), nullable=False),
|
||||||
|
sa.Column('last_login_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('last_login_ip', sa.String(length=45), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_users_email'), 'users', ['email'], unique=True)
|
||||||
|
op.create_index(op.f('ix_users_status'), 'users', ['status'], unique=False)
|
||||||
|
op.create_table('audit_logs',
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('action', sa.Enum('USER_LOGIN', 'USER_LOGOUT', 'USER_REGISTER', 'USER_UPDATE', 'USER_DELETE', 'PASSWORD_CHANGE', 'PASSWORD_RESET', 'ORG_CREATE', 'ORG_UPDATE', 'ORG_DELETE', 'ORG_MEMBER_ADD', 'ORG_MEMBER_REMOVE', 'ORG_MEMBER_ROLE_CHANGE', 'SESSION_CREATE', 'SESSION_REVOKE', 'AUTH_METHOD_ADD', 'AUTH_METHOD_REMOVE', name='auditaction'), nullable=False),
|
||||||
|
sa.Column('resource_type', sa.String(length=50), nullable=True),
|
||||||
|
sa.Column('resource_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
||||||
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
||||||
|
sa.Column('request_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('extra_data', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('description', sa.Text(), nullable=True),
|
||||||
|
sa.Column('success', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('error_message', sa.Text(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index('idx_audit_org', 'audit_logs', ['organization_id', 'created_at'], unique=False)
|
||||||
|
op.create_index('idx_audit_resource', 'audit_logs', ['resource_type', 'resource_id'], unique=False)
|
||||||
|
op.create_index('idx_audit_user_action', 'audit_logs', ['user_id', 'action'], unique=False)
|
||||||
|
op.create_index(op.f('ix_audit_logs_action'), 'audit_logs', ['action'], unique=False)
|
||||||
|
op.create_index(op.f('ix_audit_logs_organization_id'), 'audit_logs', ['organization_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_audit_logs_request_id'), 'audit_logs', ['request_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_audit_logs_resource_id'), 'audit_logs', ['resource_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_audit_logs_resource_type'), 'audit_logs', ['resource_type'], unique=False)
|
||||||
|
op.create_index(op.f('ix_audit_logs_user_id'), 'audit_logs', ['user_id'], unique=False)
|
||||||
|
op.create_table('authentication_methods',
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('method_type', sa.Enum('PASSWORD', 'GOOGLE', 'GITHUB', 'MICROSOFT', 'SAML', 'OIDC', name='authmethodtype'), nullable=False),
|
||||||
|
sa.Column('password_hash', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('provider_user_id', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('provider_data', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('is_primary', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('verified', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('last_used_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id'),
|
||||||
|
sa.UniqueConstraint('user_id', 'method_type', 'provider_user_id', name='uix_user_method_provider')
|
||||||
|
)
|
||||||
|
op.create_index('idx_user_method', 'authentication_methods', ['user_id', 'method_type'], unique=False)
|
||||||
|
op.create_index(op.f('ix_authentication_methods_method_type'), 'authentication_methods', ['method_type'], unique=False)
|
||||||
|
op.create_index(op.f('ix_authentication_methods_user_id'), 'authentication_methods', ['user_id'], unique=False)
|
||||||
|
op.create_table('oidc_clients',
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('name', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('client_secret_hash', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('redirect_uris', sa.JSON(), nullable=False),
|
||||||
|
sa.Column('grant_types', sa.JSON(), nullable=False),
|
||||||
|
sa.Column('response_types', sa.JSON(), nullable=False),
|
||||||
|
sa.Column('scopes', sa.JSON(), nullable=False),
|
||||||
|
sa.Column('logo_uri', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('client_uri', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('policy_uri', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('tos_uri', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('is_active', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('is_confidential', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('require_pkce', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('access_token_lifetime', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('refresh_token_lifetime', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('id_token_lifetime', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['organization_id'], ['organizations.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_oidc_clients_client_id'), 'oidc_clients', ['client_id'], unique=True)
|
||||||
|
op.create_index(op.f('ix_oidc_clients_organization_id'), 'oidc_clients', ['organization_id'], unique=False)
|
||||||
|
op.create_table('organization_members',
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('role', sa.Enum('OWNER', 'ADMIN', 'MEMBER', 'GUEST', name='organizationrole'), nullable=False),
|
||||||
|
sa.Column('invited_by_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('invited_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('joined_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['invited_by_id'], ['users.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['organization_id'], ['organizations.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id'),
|
||||||
|
sa.UniqueConstraint('user_id', 'organization_id', name='uix_user_org')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_organization_members_organization_id'), 'organization_members', ['organization_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_organization_members_user_id'), 'organization_members', ['user_id'], unique=False)
|
||||||
|
op.create_table('sessions',
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('token', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('status', sa.Enum('ACTIVE', 'EXPIRED', 'REVOKED', name='sessionstatus'), nullable=False),
|
||||||
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
||||||
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
||||||
|
sa.Column('device_info', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('expires_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('last_activity_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('revoked_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('revoked_reason', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_sessions_token'), 'sessions', ['token'], unique=True)
|
||||||
|
op.create_index(op.f('ix_sessions_user_id'), 'sessions', ['user_id'], unique=False)
|
||||||
|
op.create_table('oidc_audit_logs',
|
||||||
|
sa.Column('event_type', sa.String(length=100), nullable=False),
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('success', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('error_code', sa.String(length=100), nullable=True),
|
||||||
|
sa.Column('error_description', sa.Text(), nullable=True),
|
||||||
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
||||||
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
||||||
|
sa.Column('request_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('event_metadata', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['client_id'], ['oidc_clients.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_oidc_audit_logs_client_id'), 'oidc_audit_logs', ['client_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_audit_logs_event_type'), 'oidc_audit_logs', ['event_type'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_audit_logs_ip_address'), 'oidc_audit_logs', ['ip_address'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_audit_logs_request_id'), 'oidc_audit_logs', ['request_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_audit_logs_success'), 'oidc_audit_logs', ['success'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_audit_logs_user_id'), 'oidc_audit_logs', ['user_id'], unique=False)
|
||||||
|
op.create_table('oidc_authorization_codes',
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('code_hash', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('redirect_uri', sa.String(length=512), nullable=False),
|
||||||
|
sa.Column('scope', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('nonce', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('code_verifier', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('expires_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('used_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('is_used', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
||||||
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['client_id'], ['oidc_clients.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_oidc_authorization_codes_client_id'), 'oidc_authorization_codes', ['client_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_authorization_codes_expires_at'), 'oidc_authorization_codes', ['expires_at'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_authorization_codes_user_id'), 'oidc_authorization_codes', ['user_id'], unique=False)
|
||||||
|
op.create_table('oidc_refresh_tokens',
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('token_hash', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('access_token_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('scope', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('expires_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('revoked_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('revoked_reason', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('previous_token_hash', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('rotation_count', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
||||||
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['access_token_id'], ['sessions.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['client_id'], ['oidc_clients.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_oidc_refresh_tokens_access_token_id'), 'oidc_refresh_tokens', ['access_token_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_refresh_tokens_client_id'), 'oidc_refresh_tokens', ['client_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_refresh_tokens_expires_at'), 'oidc_refresh_tokens', ['expires_at'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_refresh_tokens_token_hash'), 'oidc_refresh_tokens', ['token_hash'], unique=True)
|
||||||
|
op.create_index(op.f('ix_oidc_refresh_tokens_user_id'), 'oidc_refresh_tokens', ['user_id'], unique=False)
|
||||||
|
op.create_table('oidc_sessions',
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('state', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('nonce', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('redirect_uri', sa.String(length=512), nullable=False),
|
||||||
|
sa.Column('scope', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('code_challenge', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('code_challenge_method', sa.String(length=10), nullable=True),
|
||||||
|
sa.Column('expires_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('authenticated_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['client_id'], ['oidc_clients.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_oidc_sessions_client_id'), 'oidc_sessions', ['client_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_sessions_expires_at'), 'oidc_sessions', ['expires_at'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_sessions_state'), 'oidc_sessions', ['state'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_sessions_user_id'), 'oidc_sessions', ['user_id'], unique=False)
|
||||||
|
op.create_table('oidc_token_metadata',
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('token_type', sa.String(length=50), nullable=False),
|
||||||
|
sa.Column('token_jti', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('expires_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('revoked_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('revoked_reason', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['client_id'], ['oidc_clients.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_oidc_token_metadata_client_id'), 'oidc_token_metadata', ['client_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_token_metadata_expires_at'), 'oidc_token_metadata', ['expires_at'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_token_metadata_token_jti'), 'oidc_token_metadata', ['token_jti'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oidc_token_metadata_user_id'), 'oidc_token_metadata', ['user_id'], unique=False)
|
||||||
|
# ### end Alembic commands ###
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.drop_index(op.f('ix_oidc_token_metadata_user_id'), table_name='oidc_token_metadata')
|
||||||
|
op.drop_index(op.f('ix_oidc_token_metadata_token_jti'), table_name='oidc_token_metadata')
|
||||||
|
op.drop_index(op.f('ix_oidc_token_metadata_expires_at'), table_name='oidc_token_metadata')
|
||||||
|
op.drop_index(op.f('ix_oidc_token_metadata_client_id'), table_name='oidc_token_metadata')
|
||||||
|
op.drop_table('oidc_token_metadata')
|
||||||
|
op.drop_index(op.f('ix_oidc_sessions_user_id'), table_name='oidc_sessions')
|
||||||
|
op.drop_index(op.f('ix_oidc_sessions_state'), table_name='oidc_sessions')
|
||||||
|
op.drop_index(op.f('ix_oidc_sessions_expires_at'), table_name='oidc_sessions')
|
||||||
|
op.drop_index(op.f('ix_oidc_sessions_client_id'), table_name='oidc_sessions')
|
||||||
|
op.drop_table('oidc_sessions')
|
||||||
|
op.drop_index(op.f('ix_oidc_refresh_tokens_user_id'), table_name='oidc_refresh_tokens')
|
||||||
|
op.drop_index(op.f('ix_oidc_refresh_tokens_token_hash'), table_name='oidc_refresh_tokens')
|
||||||
|
op.drop_index(op.f('ix_oidc_refresh_tokens_expires_at'), table_name='oidc_refresh_tokens')
|
||||||
|
op.drop_index(op.f('ix_oidc_refresh_tokens_client_id'), table_name='oidc_refresh_tokens')
|
||||||
|
op.drop_index(op.f('ix_oidc_refresh_tokens_access_token_id'), table_name='oidc_refresh_tokens')
|
||||||
|
op.drop_table('oidc_refresh_tokens')
|
||||||
|
op.drop_index(op.f('ix_oidc_authorization_codes_user_id'), table_name='oidc_authorization_codes')
|
||||||
|
op.drop_index(op.f('ix_oidc_authorization_codes_expires_at'), table_name='oidc_authorization_codes')
|
||||||
|
op.drop_index(op.f('ix_oidc_authorization_codes_client_id'), table_name='oidc_authorization_codes')
|
||||||
|
op.drop_table('oidc_authorization_codes')
|
||||||
|
op.drop_index(op.f('ix_oidc_audit_logs_user_id'), table_name='oidc_audit_logs')
|
||||||
|
op.drop_index(op.f('ix_oidc_audit_logs_success'), table_name='oidc_audit_logs')
|
||||||
|
op.drop_index(op.f('ix_oidc_audit_logs_request_id'), table_name='oidc_audit_logs')
|
||||||
|
op.drop_index(op.f('ix_oidc_audit_logs_ip_address'), table_name='oidc_audit_logs')
|
||||||
|
op.drop_index(op.f('ix_oidc_audit_logs_event_type'), table_name='oidc_audit_logs')
|
||||||
|
op.drop_index(op.f('ix_oidc_audit_logs_client_id'), table_name='oidc_audit_logs')
|
||||||
|
op.drop_table('oidc_audit_logs')
|
||||||
|
op.drop_index(op.f('ix_sessions_user_id'), table_name='sessions')
|
||||||
|
op.drop_index(op.f('ix_sessions_token'), table_name='sessions')
|
||||||
|
op.drop_table('sessions')
|
||||||
|
op.drop_index(op.f('ix_organization_members_user_id'), table_name='organization_members')
|
||||||
|
op.drop_index(op.f('ix_organization_members_organization_id'), table_name='organization_members')
|
||||||
|
op.drop_table('organization_members')
|
||||||
|
op.drop_index(op.f('ix_oidc_clients_organization_id'), table_name='oidc_clients')
|
||||||
|
op.drop_index(op.f('ix_oidc_clients_client_id'), table_name='oidc_clients')
|
||||||
|
op.drop_table('oidc_clients')
|
||||||
|
op.drop_index(op.f('ix_authentication_methods_user_id'), table_name='authentication_methods')
|
||||||
|
op.drop_index(op.f('ix_authentication_methods_method_type'), table_name='authentication_methods')
|
||||||
|
op.drop_index('idx_user_method', table_name='authentication_methods')
|
||||||
|
op.drop_table('authentication_methods')
|
||||||
|
op.drop_index(op.f('ix_audit_logs_user_id'), table_name='audit_logs')
|
||||||
|
op.drop_index(op.f('ix_audit_logs_resource_type'), table_name='audit_logs')
|
||||||
|
op.drop_index(op.f('ix_audit_logs_resource_id'), table_name='audit_logs')
|
||||||
|
op.drop_index(op.f('ix_audit_logs_request_id'), table_name='audit_logs')
|
||||||
|
op.drop_index(op.f('ix_audit_logs_organization_id'), table_name='audit_logs')
|
||||||
|
op.drop_index(op.f('ix_audit_logs_action'), table_name='audit_logs')
|
||||||
|
op.drop_index('idx_audit_user_action', table_name='audit_logs')
|
||||||
|
op.drop_index('idx_audit_resource', table_name='audit_logs')
|
||||||
|
op.drop_index('idx_audit_org', table_name='audit_logs')
|
||||||
|
op.drop_table('audit_logs')
|
||||||
|
op.drop_index(op.f('ix_users_status'), table_name='users')
|
||||||
|
op.drop_index(op.f('ix_users_email'), table_name='users')
|
||||||
|
op.drop_table('users')
|
||||||
|
op.drop_index(op.f('ix_organizations_slug'), table_name='organizations')
|
||||||
|
op.drop_table('organizations')
|
||||||
|
# ### end Alembic commands ###
|
||||||
@@ -0,0 +1,53 @@
|
|||||||
|
"""Database migration: Add TOTP support to authentication_methods table.
|
||||||
|
|
||||||
|
Revision ID: 002
|
||||||
|
Revises: 0abed208e728
|
||||||
|
Create Date: 2026-01-11 00:00:00
|
||||||
|
|
||||||
|
This migration adds TOTP (Time-based One-Time Password) support to the
|
||||||
|
authentication_methods table by adding three new columns:
|
||||||
|
- totp_secret: Stores the TOTP secret key
|
||||||
|
- totp_backup_codes: Stores backup codes for account recovery
|
||||||
|
- totp_verified_at: Tracks when TOTP was verified
|
||||||
|
"""
|
||||||
|
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
from sqlalchemy.dialects import postgresql
|
||||||
|
|
||||||
|
# Revision identifiers
|
||||||
|
revision = '002'
|
||||||
|
down_revision = '001'
|
||||||
|
branch_labels = None
|
||||||
|
depends_on = None
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
"""Add TOTP columns to authentication_methods table."""
|
||||||
|
|
||||||
|
# Add TOTP secret column
|
||||||
|
op.add_column(
|
||||||
|
'authentication_methods',
|
||||||
|
sa.Column('totp_secret', sa.String(32), nullable=True)
|
||||||
|
)
|
||||||
|
|
||||||
|
# Add TOTP backup codes column (JSON type for PostgreSQL)
|
||||||
|
op.add_column(
|
||||||
|
'authentication_methods',
|
||||||
|
sa.Column('totp_backup_codes', postgresql.JSON, nullable=True)
|
||||||
|
)
|
||||||
|
|
||||||
|
# Add TOTP verified at column
|
||||||
|
op.add_column(
|
||||||
|
'authentication_methods',
|
||||||
|
sa.Column('totp_verified_at', sa.DateTime, nullable=True)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
"""Remove TOTP columns from authentication_methods table."""
|
||||||
|
|
||||||
|
# Remove TOTP columns in reverse order of addition
|
||||||
|
op.drop_column('authentication_methods', 'totp_verified_at')
|
||||||
|
op.drop_column('authentication_methods', 'totp_backup_codes')
|
||||||
|
op.drop_column('authentication_methods', 'totp_secret')
|
||||||
@@ -0,0 +1,50 @@
|
|||||||
|
"""Database migration: Create oidc_jwks_keys table.
|
||||||
|
|
||||||
|
Revision ID: 002
|
||||||
|
Revises: 001
|
||||||
|
Create Date: 2024-01-01 00:00:00
|
||||||
|
|
||||||
|
This migration creates the oidc_jwks_keys table for persisting OIDC signing keys.
|
||||||
|
"""
|
||||||
|
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
# Revision identifiers
|
||||||
|
revision = '003'
|
||||||
|
down_revision = '002'
|
||||||
|
branch_labels = None
|
||||||
|
depends_on = None
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
"""Create oidc_jwks_keys table."""
|
||||||
|
|
||||||
|
op.create_table(
|
||||||
|
'oidc_jwks_keys',
|
||||||
|
sa.Column('id', sa.Integer, primary_key=True),
|
||||||
|
sa.Column('created_at', sa.DateTime, nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime, nullable=False),
|
||||||
|
sa.Column('expires_at', sa.DateTime, nullable=True),
|
||||||
|
sa.Column('deleted_at', sa.DateTime, nullable=True),
|
||||||
|
sa.Column('kid', sa.String(255), nullable=False),
|
||||||
|
sa.Column('key_type', sa.String(50), nullable=False),
|
||||||
|
sa.Column('private_key', sa.Text, nullable=False),
|
||||||
|
sa.Column('public_key', sa.Text, nullable=False),
|
||||||
|
sa.Column('algorithm', sa.String(50), nullable=False),
|
||||||
|
sa.Column('is_active', sa.Boolean, default=True, nullable=False),
|
||||||
|
sa.Column('is_primary', sa.Boolean, default=False, nullable=False),
|
||||||
|
)
|
||||||
|
|
||||||
|
# Create unique index on kid
|
||||||
|
op.create_index('ix_oidc_jwks_keys_kid', 'oidc_jwks_keys', ['kid'], unique=True)
|
||||||
|
|
||||||
|
# Create index on is_active for filtering active keys
|
||||||
|
op.create_index('ix_oidc_jwks_keys_is_active', 'oidc_jwks_keys', ['is_active'])
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
"""Drop oidc_jwks_keys table."""
|
||||||
|
op.drop_index('ix_oidc_jwks_keys_is_active', table_name='oidc_jwks_keys')
|
||||||
|
op.drop_index('ix_oidc_jwks_keys_kid', table_name='oidc_jwks_keys')
|
||||||
|
op.drop_table('oidc_jwks_keys')
|
||||||
@@ -0,0 +1,122 @@
|
|||||||
|
"""empty message
|
||||||
|
|
||||||
|
Revision ID: 5d99e6d4cdc6
|
||||||
|
Revises: 003
|
||||||
|
Create Date: 2026-01-16 15:31:36.288933
|
||||||
|
|
||||||
|
"""
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = '004'
|
||||||
|
down_revision = '003'
|
||||||
|
branch_labels = None
|
||||||
|
depends_on = None
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.create_table('mfa_policy_compliance',
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('status', sa.Enum('NOT_APPLICABLE', 'PENDING', 'IN_GRACE', 'COMPLIANT', 'PAST_DUE', 'SUSPENDED', name='mfacompliancestatus'), nullable=False),
|
||||||
|
sa.Column('policy_version', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('applied_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('deadline_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('compliant_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('suspended_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('last_notified_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.Column('notification_count', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['organization_id'], ['organizations.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id'),
|
||||||
|
sa.UniqueConstraint('user_id', 'organization_id', name='uix_user_org_compliance')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_mfa_policy_compliance_organization_id'), 'mfa_policy_compliance', ['organization_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_mfa_policy_compliance_user_id'), 'mfa_policy_compliance', ['user_id'], unique=False)
|
||||||
|
op.create_table('organization_security_policies',
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('mfa_policy_mode', sa.Enum('DISABLED', 'OPTIONAL', 'REQUIRE_TOTP', 'REQUIRE_WEBAUTHN', 'REQUIRE_TOTP_OR_WEBAUTHN', name='mfapolicymode'), nullable=False),
|
||||||
|
sa.Column('mfa_grace_period_days', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('notify_days_before', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('policy_version', sa.Integer(), nullable=False),
|
||||||
|
sa.Column('updated_by_user_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['organization_id'], ['organizations.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['updated_by_user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_organization_security_policies_organization_id'), 'organization_security_policies', ['organization_id'], unique=True)
|
||||||
|
op.create_table('user_security_policies',
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('mfa_override_mode', sa.Enum('INHERIT', 'REQUIRED', 'EXEMPT', name='mfarequirementoverride'), nullable=False),
|
||||||
|
sa.Column('force_totp', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('force_webauthn', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['organization_id'], ['organizations.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id'),
|
||||||
|
sa.UniqueConstraint('user_id', 'organization_id', name='uix_user_org_policy')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_user_security_policies_organization_id'), 'user_security_policies', ['organization_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_user_security_policies_user_id'), 'user_security_policies', ['user_id'], unique=False)
|
||||||
|
|
||||||
|
# Use batch operations for SQLite-compatible column type changes
|
||||||
|
with op.batch_alter_table('audit_logs', schema=None) as batch_op:
|
||||||
|
batch_op.alter_column('action',
|
||||||
|
existing_type=sa.VARCHAR(length=22),
|
||||||
|
type_=sa.Enum('USER_LOGIN', 'USER_LOGOUT', 'USER_REGISTER', 'USER_UPDATE', 'USER_DELETE', 'PASSWORD_CHANGE', 'PASSWORD_RESET', 'ORG_CREATE', 'ORG_UPDATE', 'ORG_DELETE', 'ORG_MEMBER_ADD', 'ORG_MEMBER_REMOVE', 'ORG_MEMBER_ROLE_CHANGE', 'SESSION_CREATE', 'SESSION_REVOKE', 'AUTH_METHOD_ADD', 'AUTH_METHOD_REMOVE', 'TOTP_ENROLL_INITIATED', 'TOTP_ENROLL_COMPLETED', 'TOTP_VERIFY_SUCCESS', 'TOTP_VERIFY_FAILED', 'TOTP_DISABLED', 'TOTP_BACKUP_CODE_USED', 'TOTP_BACKUP_CODES_REGENERATED', 'WEBAUTHN_REGISTER_INITIATED', 'WEBAUTHN_REGISTER_COMPLETED', 'WEBAUTHN_REGISTER_FAILED', 'WEBAUTHN_LOGIN_INITIATED', 'WEBAUTHN_LOGIN_SUCCESS', 'WEBAUTHN_LOGIN_FAILED', 'WEBAUTHN_CREDENTIAL_DELETED', 'WEBAUTHN_CREDENTIAL_RENAMED', 'ORG_SECURITY_POLICY_UPDATE', 'USER_SECURITY_POLICY_OVERRIDE_UPDATE', 'MFA_POLICY_USER_SUSPENDED', 'MFA_POLICY_USER_COMPLIANT', name='auditaction'),
|
||||||
|
existing_nullable=False)
|
||||||
|
|
||||||
|
op.drop_index(op.f('ix_oidc_jwks_keys_is_active'), table_name='oidc_jwks_keys')
|
||||||
|
op.add_column('sessions', sa.Column('is_compliance_only', sa.Boolean(), nullable=False))
|
||||||
|
|
||||||
|
with op.batch_alter_table('users', schema=None) as batch_op:
|
||||||
|
batch_op.alter_column('status',
|
||||||
|
existing_type=sa.VARCHAR(length=9),
|
||||||
|
type_=sa.Enum('ACTIVE', 'INACTIVE', 'SUSPENDED', 'PENDING', 'COMPLIANCE_SUSPENDED', name='userstatus'),
|
||||||
|
existing_nullable=False)
|
||||||
|
# ### end Alembic commands ###
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
with op.batch_alter_table('users', schema=None) as batch_op:
|
||||||
|
batch_op.alter_column('status',
|
||||||
|
existing_type=sa.Enum('ACTIVE', 'INACTIVE', 'SUSPENDED', 'PENDING', 'COMPLIANCE_SUSPENDED', name='userstatus'),
|
||||||
|
type_=sa.VARCHAR(length=9),
|
||||||
|
existing_nullable=False)
|
||||||
|
op.drop_column('sessions', 'is_compliance_only')
|
||||||
|
op.create_index(op.f('ix_oidc_jwks_keys_is_active'), 'oidc_jwks_keys', ['is_active'], unique=False)
|
||||||
|
|
||||||
|
with op.batch_alter_table('audit_logs', schema=None) as batch_op:
|
||||||
|
batch_op.alter_column('action',
|
||||||
|
existing_type=sa.Enum('USER_LOGIN', 'USER_LOGOUT', 'USER_REGISTER', 'USER_UPDATE', 'USER_DELETE', 'PASSWORD_CHANGE', 'PASSWORD_RESET', 'ORG_CREATE', 'ORG_UPDATE', 'ORG_DELETE', 'ORG_MEMBER_ADD', 'ORG_MEMBER_REMOVE', 'ORG_MEMBER_ROLE_CHANGE', 'SESSION_CREATE', 'SESSION_REVOKE', 'AUTH_METHOD_ADD', 'AUTH_METHOD_REMOVE', 'TOTP_ENROLL_INITIATED', 'TOTP_ENROLL_COMPLETED', 'TOTP_VERIFY_SUCCESS', 'TOTP_VERIFY_FAILED', 'TOTP_DISABLED', 'TOTP_BACKUP_CODE_USED', 'TOTP_BACKUP_CODES_REGENERATED', 'WEBAUTHN_REGISTER_INITIATED', 'WEBAUTHN_REGISTER_COMPLETED', 'WEBAUTHN_REGISTER_FAILED', 'WEBAUTHN_LOGIN_INITIATED', 'WEBAUTHN_LOGIN_SUCCESS', 'WEBAUTHN_LOGIN_FAILED', 'WEBAUTHN_CREDENTIAL_DELETED', 'WEBAUTHN_CREDENTIAL_RENAMED', 'ORG_SECURITY_POLICY_UPDATE', 'USER_SECURITY_POLICY_OVERRIDE_UPDATE', 'MFA_POLICY_USER_SUSPENDED', 'MFA_POLICY_USER_COMPLIANT', name='auditaction'),
|
||||||
|
type_=sa.VARCHAR(length=22),
|
||||||
|
existing_nullable=False)
|
||||||
|
|
||||||
|
op.drop_index(op.f('ix_user_security_policies_user_id'), table_name='user_security_policies')
|
||||||
|
op.drop_index(op.f('ix_user_security_policies_organization_id'), table_name='user_security_policies')
|
||||||
|
op.drop_table('user_security_policies')
|
||||||
|
op.drop_index(op.f('ix_organization_security_policies_organization_id'), table_name='organization_security_policies')
|
||||||
|
op.drop_table('organization_security_policies')
|
||||||
|
op.drop_index(op.f('ix_mfa_policy_compliance_user_id'), table_name='mfa_policy_compliance')
|
||||||
|
op.drop_index(op.f('ix_mfa_policy_compliance_organization_id'), table_name='mfa_policy_compliance')
|
||||||
|
op.drop_table('mfa_policy_compliance')
|
||||||
|
# ### end Alembic commands ###
|
||||||
@@ -0,0 +1,69 @@
|
|||||||
|
"""Add application-wide external auth provider config tables
|
||||||
|
|
||||||
|
Revision ID: 4edc2fce47c5
|
||||||
|
Revises: a4d4a17a5d15
|
||||||
|
Create Date: 2026-01-20 16:02:34.196815
|
||||||
|
|
||||||
|
"""
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = '4edc2fce47c5'
|
||||||
|
down_revision = 'a4d4a17a5d15'
|
||||||
|
branch_labels = None
|
||||||
|
depends_on = None
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.create_table('application_provider_configs',
|
||||||
|
sa.Column('provider_type', sa.String(length=50), nullable=False),
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('client_secret_encrypted', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('is_enabled', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('default_redirect_url', sa.String(length=2048), nullable=True),
|
||||||
|
sa.Column('additional_config', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_application_provider_configs_provider_type'), 'application_provider_configs', ['provider_type'], unique=True)
|
||||||
|
op.create_table('organization_provider_overrides',
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('provider_type', sa.String(length=50), nullable=False),
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=True),
|
||||||
|
sa.Column('client_secret_encrypted', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('is_enabled', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('redirect_url_override', sa.String(length=2048), nullable=True),
|
||||||
|
sa.Column('additional_config', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['organization_id'], ['organizations.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id'),
|
||||||
|
sa.UniqueConstraint('organization_id', 'provider_type', name='uix_org_provider_type')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_organization_provider_overrides_organization_id'), 'organization_provider_overrides', ['organization_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_organization_provider_overrides_provider_type'), 'organization_provider_overrides', ['provider_type'], unique=False)
|
||||||
|
op.add_column('oauth_states', sa.Column('return_url', sa.String(length=2048), nullable=True))
|
||||||
|
op.drop_index(op.f('ix_oauth_states_user_id'), table_name='oauth_states')
|
||||||
|
# ### end Alembic commands ###
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.create_index(op.f('ix_oauth_states_user_id'), 'oauth_states', ['user_id'], unique=False)
|
||||||
|
op.drop_column('oauth_states', 'return_url')
|
||||||
|
op.drop_index(op.f('ix_organization_provider_overrides_provider_type'), table_name='organization_provider_overrides')
|
||||||
|
op.drop_index(op.f('ix_organization_provider_overrides_organization_id'), table_name='organization_provider_overrides')
|
||||||
|
op.drop_table('organization_provider_overrides')
|
||||||
|
op.drop_index(op.f('ix_application_provider_configs_provider_type'), table_name='application_provider_configs')
|
||||||
|
op.drop_table('application_provider_configs')
|
||||||
|
# ### end Alembic commands ###
|
||||||
@@ -0,0 +1,86 @@
|
|||||||
|
"""empty message
|
||||||
|
|
||||||
|
Revision ID: a4d4a17a5d15
|
||||||
|
Revises: 004
|
||||||
|
Create Date: 2026-01-20 14:30:36.898886
|
||||||
|
|
||||||
|
"""
|
||||||
|
from alembic import op
|
||||||
|
import sqlalchemy as sa
|
||||||
|
|
||||||
|
|
||||||
|
# revision identifiers, used by Alembic.
|
||||||
|
revision = 'a4d4a17a5d15'
|
||||||
|
down_revision = '004'
|
||||||
|
branch_labels = None
|
||||||
|
depends_on = None
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.create_table('external_provider_configs',
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('provider_type', sa.String(length=50), nullable=False),
|
||||||
|
sa.Column('client_id', sa.String(length=255), nullable=False),
|
||||||
|
sa.Column('client_secret_encrypted', sa.String(length=512), nullable=True),
|
||||||
|
sa.Column('auth_url', sa.String(length=2048), nullable=False),
|
||||||
|
sa.Column('token_url', sa.String(length=2048), nullable=False),
|
||||||
|
sa.Column('userinfo_url', sa.String(length=2048), nullable=True),
|
||||||
|
sa.Column('jwks_url', sa.String(length=2048), nullable=True),
|
||||||
|
sa.Column('scopes', sa.JSON(), nullable=False),
|
||||||
|
sa.Column('redirect_uris', sa.JSON(), nullable=False),
|
||||||
|
sa.Column('settings', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('is_active', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['organization_id'], ['organizations.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id'),
|
||||||
|
sa.UniqueConstraint('organization_id', 'provider_type', name='uix_org_provider_type')
|
||||||
|
)
|
||||||
|
op.create_index('idx_provider_config_org', 'external_provider_configs', ['organization_id', 'provider_type'], unique=False)
|
||||||
|
op.create_index(op.f('ix_external_provider_configs_organization_id'), 'external_provider_configs', ['organization_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_external_provider_configs_provider_type'), 'external_provider_configs', ['provider_type'], unique=False)
|
||||||
|
op.create_table('oauth_states',
|
||||||
|
sa.Column('state', sa.String(length=64), nullable=False),
|
||||||
|
sa.Column('flow_type', sa.String(length=50), nullable=False),
|
||||||
|
sa.Column('user_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('organization_id', sa.String(length=36), nullable=True),
|
||||||
|
sa.Column('provider_type', sa.String(length=50), nullable=False),
|
||||||
|
sa.Column('nonce', sa.String(length=128), nullable=True),
|
||||||
|
sa.Column('code_verifier', sa.String(length=128), nullable=True),
|
||||||
|
sa.Column('code_challenge', sa.String(length=128), nullable=True),
|
||||||
|
sa.Column('redirect_uri', sa.String(length=2048), nullable=True),
|
||||||
|
sa.Column('extra_data', sa.JSON(), nullable=True),
|
||||||
|
sa.Column('expires_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('used', sa.Boolean(), nullable=False),
|
||||||
|
sa.Column('id', sa.String(length=36), nullable=False),
|
||||||
|
sa.Column('created_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('updated_at', sa.DateTime(), nullable=False),
|
||||||
|
sa.Column('deleted_at', sa.DateTime(), nullable=True),
|
||||||
|
sa.ForeignKeyConstraint(['organization_id'], ['organizations.id'], ),
|
||||||
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
|
||||||
|
sa.PrimaryKeyConstraint('id'),
|
||||||
|
sa.UniqueConstraint('id')
|
||||||
|
)
|
||||||
|
op.create_index(op.f('ix_oauth_states_expires_at'), 'oauth_states', ['expires_at'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oauth_states_organization_id'), 'oauth_states', ['organization_id'], unique=False)
|
||||||
|
op.create_index(op.f('ix_oauth_states_state'), 'oauth_states', ['state'], unique=True)
|
||||||
|
op.create_index(op.f('ix_oauth_states_user_id'), 'oauth_states', ['user_id'], unique=False)
|
||||||
|
# ### end Alembic commands ###
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade():
|
||||||
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
|
op.drop_index(op.f('ix_oauth_states_user_id'), table_name='oauth_states')
|
||||||
|
op.drop_index(op.f('ix_oauth_states_state'), table_name='oauth_states')
|
||||||
|
op.drop_index(op.f('ix_oauth_states_organization_id'), table_name='oauth_states')
|
||||||
|
op.drop_index(op.f('ix_oauth_states_expires_at'), table_name='oauth_states')
|
||||||
|
op.drop_table('oauth_states')
|
||||||
|
op.drop_index(op.f('ix_external_provider_configs_provider_type'), table_name='external_provider_configs')
|
||||||
|
op.drop_index(op.f('ix_external_provider_configs_organization_id'), table_name='external_provider_configs')
|
||||||
|
op.drop_index('idx_provider_config_org', table_name='external_provider_configs')
|
||||||
|
op.drop_table('external_provider_configs')
|
||||||
|
# ### end Alembic commands ###
|
||||||
Reference in New Issue
Block a user