-- Migration to cleanup refresh_tokens table
-- Remove legacy column 'token' which caused NULL constraint violations
-- Ensure correct constraints on token_hash

BEGIN;

-- 1. Remove the legacy 'token' column which is no longer used by the application
-- The application now uses 'token_hash' for secure storage
ALTER TABLE refresh_tokens DROP COLUMN IF EXISTS token;

-- 2. Ensure token_hash has the correct constraints
-- It should be NOT NULL and UNIQUE to prevent duplicates and ensure integrity
ALTER TABLE refresh_tokens ALTER COLUMN token_hash SET NOT NULL;

-- 3. Add comment to clarify the column usage
COMMENT ON COLUMN refresh_tokens.token_hash IS 'SHA-256 hash of the refresh token. The raw token is never stored.';

COMMIT;