28 lines
1.4 KiB
MySQL
28 lines
1.4 KiB
MySQL
|
-- v0.13.3: F022 WebAuthn Credentials + F025 GeoIP on login_history + F016 Password expiration
|
||
|
|
-- Up migration
|
||
|
|
|
||
|
|
-- F022: WebAuthn credentials — stores FIDO2 passkeys per user
|
||
|
|
CREATE TABLE IF NOT EXISTS webauthn_credentials (
|
||
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
||
|
|
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
|
||
|
|
credential_id BYTEA NOT NULL UNIQUE,
|
||
|
|
public_key BYTEA NOT NULL,
|
||
|
|
attestation_type VARCHAR(50) NOT NULL DEFAULT 'none',
|
||
|
|
aaguid BYTEA,
|
||
|
|
sign_count BIGINT NOT NULL DEFAULT 0,
|
||
|
|
name VARCHAR(100) NOT NULL DEFAULT 'My Passkey',
|
||
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
||
|
|
last_used_at TIMESTAMPTZ
|
||
|
|
);
|
||
|
|
CREATE INDEX IF NOT EXISTS idx_webauthn_user_id ON webauthn_credentials(user_id);
|
||
|
|
CREATE INDEX IF NOT EXISTS idx_webauthn_credential_id ON webauthn_credentials(credential_id);
|
||
|
|
|
||
|
|
-- F025: Add geolocation columns to login_history
|
||
|
|
ALTER TABLE login_history ADD COLUMN IF NOT EXISTS country VARCHAR(2) DEFAULT '';
|
||
|
|
ALTER TABLE login_history ADD COLUMN IF NOT EXISTS city VARCHAR(100) DEFAULT '';
|
||
|
|
|
||
|
|
-- F016: Add password_changed_at to users for expiration tracking
|
||
|
|
ALTER TABLE users ADD COLUMN IF NOT EXISTS password_changed_at TIMESTAMPTZ;
|
||
|
|
-- Backfill: set password_changed_at = updated_at for existing users with passwords
|
||
|
|
UPDATE users SET password_changed_at = updated_at WHERE password_hash != '' AND password_changed_at IS NULL;
|