2026-01-16 20:25:45 +01:00
|
|
|
"""Unified initial schema for auth service
|
2025-10-01 11:24:06 +02:00
|
|
|
|
2026-01-16 20:25:45 +01:00
|
|
|
This migration combines all previous migrations into a single initial schema:
|
|
|
|
|
- Initial tables (users, refresh_tokens, login_attempts, audit_logs, onboarding)
|
|
|
|
|
- GDPR consent tables (user_consents, consent_history)
|
|
|
|
|
- Payment columns added to users table
|
|
|
|
|
- Password reset tokens table
|
|
|
|
|
- Tenant ID made nullable in audit logs
|
|
|
|
|
|
|
|
|
|
Revision ID: initial_unified
|
2025-10-01 11:24:06 +02:00
|
|
|
Revises:
|
2026-01-16 20:25:45 +01:00
|
|
|
Create Date: 2026-01-16 14:00:00.000000
|
2025-10-01 11:24:06 +02:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
from typing import Sequence, Union
|
|
|
|
|
|
|
|
|
|
from alembic import op
|
|
|
|
|
import sqlalchemy as sa
|
2025-10-15 16:12:49 +02:00
|
|
|
from sqlalchemy.dialects import postgresql
|
2025-10-01 11:24:06 +02:00
|
|
|
|
|
|
|
|
# revision identifiers, used by Alembic.
|
2026-01-16 20:25:45 +01:00
|
|
|
revision: str = 'initial_unified'
|
2025-10-01 11:24:06 +02:00
|
|
|
down_revision: Union[str, None] = None
|
|
|
|
|
branch_labels: Union[str, Sequence[str], None] = None
|
|
|
|
|
depends_on: Union[str, Sequence[str], None] = None
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def upgrade() -> None:
|
2026-01-16 20:25:45 +01:00
|
|
|
# Create all tables in the correct order (respecting foreign key dependencies)
|
|
|
|
|
|
|
|
|
|
# Base tables without dependencies
|
|
|
|
|
op.create_table('users',
|
2025-10-15 16:12:49 +02:00
|
|
|
sa.Column('id', sa.UUID(), nullable=False),
|
2026-01-16 20:25:45 +01:00
|
|
|
sa.Column('email', sa.String(length=255), nullable=False),
|
|
|
|
|
sa.Column('hashed_password', sa.String(length=255), nullable=False),
|
|
|
|
|
sa.Column('full_name', sa.String(length=255), nullable=False),
|
|
|
|
|
sa.Column('is_active', sa.Boolean(), nullable=True),
|
|
|
|
|
sa.Column('is_verified', sa.Boolean(), nullable=True),
|
|
|
|
|
sa.Column('created_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('last_login', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('phone', sa.String(length=20), nullable=True),
|
|
|
|
|
sa.Column('language', sa.String(length=10), nullable=True),
|
|
|
|
|
sa.Column('timezone', sa.String(length=50), nullable=True),
|
|
|
|
|
sa.Column('role', sa.String(length=20), nullable=False),
|
|
|
|
|
# Payment-related columns
|
|
|
|
|
sa.Column('payment_customer_id', sa.String(length=255), nullable=True),
|
|
|
|
|
sa.Column('default_payment_method_id', sa.String(length=255), nullable=True),
|
2025-10-15 16:12:49 +02:00
|
|
|
sa.PrimaryKeyConstraint('id')
|
|
|
|
|
)
|
2026-01-16 20:25:45 +01:00
|
|
|
op.create_index(op.f('ix_users_email'), 'users', ['email'], unique=True)
|
|
|
|
|
op.create_index(op.f('ix_users_payment_customer_id'), 'users', ['payment_customer_id'], unique=False)
|
|
|
|
|
|
2025-10-01 11:24:06 +02:00
|
|
|
op.create_table('login_attempts',
|
|
|
|
|
sa.Column('id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('email', sa.String(length=255), nullable=False),
|
|
|
|
|
sa.Column('ip_address', sa.String(length=45), nullable=False),
|
|
|
|
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
|
|
|
|
sa.Column('success', sa.Boolean(), nullable=True),
|
|
|
|
|
sa.Column('failure_reason', sa.String(length=255), nullable=True),
|
|
|
|
|
sa.Column('created_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.PrimaryKeyConstraint('id')
|
|
|
|
|
)
|
|
|
|
|
op.create_index(op.f('ix_login_attempts_email'), 'login_attempts', ['email'], unique=False)
|
2026-01-16 20:25:45 +01:00
|
|
|
|
|
|
|
|
# Tables that reference users
|
2025-10-01 11:24:06 +02:00
|
|
|
op.create_table('refresh_tokens',
|
|
|
|
|
sa.Column('id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('user_id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('token', sa.Text(), nullable=False),
|
|
|
|
|
sa.Column('token_hash', sa.String(length=255), nullable=True),
|
|
|
|
|
sa.Column('expires_at', sa.DateTime(timezone=True), nullable=False),
|
|
|
|
|
sa.Column('is_revoked', sa.Boolean(), nullable=False),
|
|
|
|
|
sa.Column('created_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('revoked_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.PrimaryKeyConstraint('id'),
|
|
|
|
|
sa.UniqueConstraint('token_hash')
|
|
|
|
|
)
|
|
|
|
|
op.create_index('ix_refresh_tokens_expires_at', 'refresh_tokens', ['expires_at'], unique=False)
|
|
|
|
|
op.create_index('ix_refresh_tokens_token_hash', 'refresh_tokens', ['token_hash'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_refresh_tokens_user_id'), 'refresh_tokens', ['user_id'], unique=False)
|
|
|
|
|
op.create_index('ix_refresh_tokens_user_id_active', 'refresh_tokens', ['user_id', 'is_revoked'], unique=False)
|
2026-01-16 20:25:45 +01:00
|
|
|
|
2025-10-01 11:24:06 +02:00
|
|
|
op.create_table('user_onboarding_progress',
|
|
|
|
|
sa.Column('id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('user_id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('step_name', sa.String(length=50), nullable=False),
|
|
|
|
|
sa.Column('completed', sa.Boolean(), nullable=False),
|
|
|
|
|
sa.Column('completed_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('step_data', sa.JSON(), nullable=True),
|
|
|
|
|
sa.Column('created_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
|
|
|
|
|
sa.PrimaryKeyConstraint('id'),
|
|
|
|
|
sa.UniqueConstraint('user_id', 'step_name', name='uq_user_step')
|
|
|
|
|
)
|
|
|
|
|
op.create_index(op.f('ix_user_onboarding_progress_user_id'), 'user_onboarding_progress', ['user_id'], unique=False)
|
2026-01-16 20:25:45 +01:00
|
|
|
|
2025-10-01 11:24:06 +02:00
|
|
|
op.create_table('user_onboarding_summary',
|
|
|
|
|
sa.Column('id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('user_id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('current_step', sa.String(length=50), nullable=False),
|
|
|
|
|
sa.Column('next_step', sa.String(length=50), nullable=True),
|
|
|
|
|
sa.Column('completion_percentage', sa.String(length=50), nullable=True),
|
|
|
|
|
sa.Column('fully_completed', sa.Boolean(), nullable=True),
|
|
|
|
|
sa.Column('steps_completed_count', sa.String(length=50), nullable=True),
|
|
|
|
|
sa.Column('created_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('last_activity_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
|
|
|
|
|
sa.PrimaryKeyConstraint('id')
|
|
|
|
|
)
|
|
|
|
|
op.create_index(op.f('ix_user_onboarding_summary_user_id'), 'user_onboarding_summary', ['user_id'], unique=True)
|
2026-01-16 20:25:45 +01:00
|
|
|
|
|
|
|
|
op.create_table('password_reset_tokens',
|
|
|
|
|
sa.Column('id', postgresql.UUID(as_uuid=True), nullable=False),
|
|
|
|
|
sa.Column('user_id', postgresql.UUID(as_uuid=True), nullable=False),
|
|
|
|
|
sa.Column('token', sa.String(length=255), nullable=False),
|
|
|
|
|
sa.Column('expires_at', sa.DateTime(timezone=True), nullable=False),
|
|
|
|
|
sa.Column('is_used', sa.Boolean(), nullable=False, default=False),
|
|
|
|
|
sa.Column('created_at', sa.DateTime(timezone=True), nullable=False,
|
|
|
|
|
server_default=sa.text("timezone('utc', CURRENT_TIMESTAMP)")),
|
|
|
|
|
sa.Column('used_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.PrimaryKeyConstraint('id'),
|
|
|
|
|
sa.UniqueConstraint('token'),
|
|
|
|
|
)
|
|
|
|
|
op.create_index('ix_password_reset_tokens_user_id', 'password_reset_tokens', ['user_id'])
|
|
|
|
|
op.create_index('ix_password_reset_tokens_token', 'password_reset_tokens', ['token'])
|
|
|
|
|
op.create_index('ix_password_reset_tokens_expires_at', 'password_reset_tokens', ['expires_at'])
|
|
|
|
|
op.create_index('ix_password_reset_tokens_is_used', 'password_reset_tokens', ['is_used'])
|
|
|
|
|
|
|
|
|
|
# GDPR consent tables
|
|
|
|
|
op.create_table('user_consents',
|
|
|
|
|
sa.Column('id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('user_id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('terms_accepted', sa.Boolean(), nullable=False),
|
|
|
|
|
sa.Column('privacy_accepted', sa.Boolean(), nullable=False),
|
|
|
|
|
sa.Column('marketing_consent', sa.Boolean(), nullable=False),
|
|
|
|
|
sa.Column('analytics_consent', sa.Boolean(), nullable=False),
|
|
|
|
|
sa.Column('consent_version', sa.String(length=20), nullable=False),
|
|
|
|
|
sa.Column('consent_method', sa.String(length=50), nullable=False),
|
|
|
|
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
|
|
|
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
|
|
|
|
sa.Column('terms_text_hash', sa.String(length=64), nullable=True),
|
|
|
|
|
sa.Column('privacy_text_hash', sa.String(length=64), nullable=True),
|
|
|
|
|
sa.Column('consented_at', sa.DateTime(timezone=True), nullable=False),
|
|
|
|
|
sa.Column('withdrawn_at', sa.DateTime(timezone=True), nullable=True),
|
|
|
|
|
sa.Column('extra_data', postgresql.JSON(astext_type=sa.Text()), nullable=True),
|
|
|
|
|
sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
|
|
|
|
|
sa.PrimaryKeyConstraint('id')
|
|
|
|
|
)
|
|
|
|
|
op.create_index('idx_user_consent_consented_at', 'user_consents', ['consented_at'], unique=False)
|
|
|
|
|
op.create_index('idx_user_consent_user_id', 'user_consents', ['user_id'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_user_consents_user_id'), 'user_consents', ['user_id'], unique=False)
|
|
|
|
|
|
|
|
|
|
op.create_table('consent_history',
|
|
|
|
|
sa.Column('id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('user_id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('consent_id', sa.UUID(), nullable=True),
|
|
|
|
|
sa.Column('action', sa.String(length=50), nullable=False),
|
|
|
|
|
sa.Column('consent_snapshot', postgresql.JSON(astext_type=sa.Text()), nullable=False),
|
|
|
|
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
|
|
|
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
|
|
|
|
sa.Column('consent_method', sa.String(length=50), nullable=True),
|
|
|
|
|
sa.Column('created_at', sa.DateTime(timezone=True), nullable=False),
|
|
|
|
|
sa.ForeignKeyConstraint(['consent_id'], ['user_consents.id'], ondelete='SET NULL'),
|
|
|
|
|
sa.PrimaryKeyConstraint('id')
|
|
|
|
|
)
|
|
|
|
|
op.create_index('idx_consent_history_action', 'consent_history', ['action'], unique=False)
|
|
|
|
|
op.create_index('idx_consent_history_created_at', 'consent_history', ['created_at'], unique=False)
|
|
|
|
|
op.create_index('idx_consent_history_user_id', 'consent_history', ['user_id'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_consent_history_created_at'), 'consent_history', ['created_at'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_consent_history_user_id'), 'consent_history', ['user_id'], unique=False)
|
|
|
|
|
|
|
|
|
|
# Audit logs table (with tenant_id nullable as per the last migration)
|
|
|
|
|
op.create_table('audit_logs',
|
|
|
|
|
sa.Column('id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('tenant_id', sa.UUID(), nullable=True), # Made nullable per last migration
|
|
|
|
|
sa.Column('user_id', sa.UUID(), nullable=False),
|
|
|
|
|
sa.Column('action', sa.String(length=100), nullable=False),
|
|
|
|
|
sa.Column('resource_type', sa.String(length=100), nullable=False),
|
|
|
|
|
sa.Column('resource_id', sa.String(length=255), nullable=True),
|
|
|
|
|
sa.Column('severity', sa.String(length=20), nullable=False),
|
|
|
|
|
sa.Column('service_name', sa.String(length=100), nullable=False),
|
|
|
|
|
sa.Column('description', sa.Text(), nullable=True),
|
|
|
|
|
sa.Column('changes', postgresql.JSON(astext_type=sa.Text()), nullable=True),
|
|
|
|
|
sa.Column('audit_metadata', postgresql.JSON(astext_type=sa.Text()), nullable=True),
|
|
|
|
|
sa.Column('ip_address', sa.String(length=45), nullable=True),
|
|
|
|
|
sa.Column('user_agent', sa.Text(), nullable=True),
|
|
|
|
|
sa.Column('endpoint', sa.String(length=255), nullable=True),
|
|
|
|
|
sa.Column('method', sa.String(length=10), nullable=True),
|
|
|
|
|
sa.Column('created_at', sa.DateTime(timezone=True), nullable=False),
|
|
|
|
|
sa.PrimaryKeyConstraint('id')
|
|
|
|
|
)
|
|
|
|
|
op.create_index('idx_audit_resource_type_action', 'audit_logs', ['resource_type', 'action'], unique=False)
|
|
|
|
|
op.create_index('idx_audit_service_created', 'audit_logs', ['service_name', 'created_at'], unique=False)
|
|
|
|
|
op.create_index('idx_audit_severity_created', 'audit_logs', ['severity', 'created_at'], unique=False)
|
|
|
|
|
op.create_index('idx_audit_tenant_created', 'audit_logs', ['tenant_id', 'created_at'], unique=False)
|
|
|
|
|
op.create_index('idx_audit_user_created', 'audit_logs', ['user_id', 'created_at'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_audit_logs_action'), 'audit_logs', ['action'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_audit_logs_created_at'), 'audit_logs', ['created_at'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_audit_logs_resource_id'), 'audit_logs', ['resource_id'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_audit_logs_resource_type'), 'audit_logs', ['resource_type'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_audit_logs_service_name'), 'audit_logs', ['service_name'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_audit_logs_severity'), 'audit_logs', ['severity'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_audit_logs_tenant_id'), 'audit_logs', ['tenant_id'], unique=False)
|
|
|
|
|
op.create_index(op.f('ix_audit_logs_user_id'), 'audit_logs', ['user_id'], unique=False)
|
2025-10-01 11:24:06 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def downgrade() -> None:
|
2026-01-16 20:25:45 +01:00
|
|
|
# Drop tables in reverse order (respecting foreign key dependencies)
|
2025-10-15 16:12:49 +02:00
|
|
|
op.drop_index(op.f('ix_audit_logs_user_id'), table_name='audit_logs')
|
|
|
|
|
op.drop_index(op.f('ix_audit_logs_tenant_id'), table_name='audit_logs')
|
|
|
|
|
op.drop_index(op.f('ix_audit_logs_severity'), table_name='audit_logs')
|
|
|
|
|
op.drop_index(op.f('ix_audit_logs_service_name'), table_name='audit_logs')
|
|
|
|
|
op.drop_index(op.f('ix_audit_logs_resource_type'), table_name='audit_logs')
|
|
|
|
|
op.drop_index(op.f('ix_audit_logs_resource_id'), table_name='audit_logs')
|
|
|
|
|
op.drop_index(op.f('ix_audit_logs_created_at'), table_name='audit_logs')
|
|
|
|
|
op.drop_index(op.f('ix_audit_logs_action'), table_name='audit_logs')
|
|
|
|
|
op.drop_index('idx_audit_user_created', table_name='audit_logs')
|
|
|
|
|
op.drop_index('idx_audit_tenant_created', table_name='audit_logs')
|
|
|
|
|
op.drop_index('idx_audit_severity_created', table_name='audit_logs')
|
|
|
|
|
op.drop_index('idx_audit_service_created', table_name='audit_logs')
|
|
|
|
|
op.drop_index('idx_audit_resource_type_action', table_name='audit_logs')
|
|
|
|
|
op.drop_table('audit_logs')
|
2026-01-16 20:25:45 +01:00
|
|
|
|
|
|
|
|
op.drop_index(op.f('ix_consent_history_user_id'), table_name='consent_history')
|
|
|
|
|
op.drop_index(op.f('ix_consent_history_created_at'), table_name='consent_history')
|
|
|
|
|
op.drop_index('idx_consent_history_user_id', table_name='consent_history')
|
|
|
|
|
op.drop_index('idx_consent_history_created_at', table_name='consent_history')
|
|
|
|
|
op.drop_index('idx_consent_history_action', table_name='consent_history')
|
|
|
|
|
op.drop_table('consent_history')
|
|
|
|
|
|
|
|
|
|
op.drop_index(op.f('ix_user_consents_user_id'), table_name='user_consents')
|
|
|
|
|
op.drop_index('idx_user_consent_user_id', table_name='user_consents')
|
|
|
|
|
op.drop_index('idx_user_consent_consented_at', table_name='user_consents')
|
|
|
|
|
op.drop_table('user_consents')
|
|
|
|
|
|
|
|
|
|
op.drop_index('ix_password_reset_tokens_is_used', table_name='password_reset_tokens')
|
|
|
|
|
op.drop_index('ix_password_reset_tokens_expires_at', table_name='password_reset_tokens')
|
|
|
|
|
op.drop_index('ix_password_reset_tokens_token', table_name='password_reset_tokens')
|
|
|
|
|
op.drop_index('ix_password_reset_tokens_user_id', table_name='password_reset_tokens')
|
|
|
|
|
op.drop_table('password_reset_tokens')
|
|
|
|
|
|
|
|
|
|
op.drop_index(op.f('ix_user_onboarding_summary_user_id'), table_name='user_onboarding_summary')
|
|
|
|
|
op.drop_table('user_onboarding_summary')
|
|
|
|
|
|
|
|
|
|
op.drop_index(op.f('ix_user_onboarding_progress_user_id'), table_name='user_onboarding_progress')
|
|
|
|
|
op.drop_table('user_onboarding_progress')
|
|
|
|
|
|
|
|
|
|
op.drop_index('ix_refresh_tokens_user_id_active', table_name='refresh_tokens')
|
|
|
|
|
op.drop_index(op.f('ix_refresh_tokens_user_id'), table_name='refresh_tokens')
|
|
|
|
|
op.drop_index('ix_refresh_tokens_token_hash', table_name='refresh_tokens')
|
|
|
|
|
op.drop_index('ix_refresh_tokens_expires_at', table_name='refresh_tokens')
|
|
|
|
|
op.drop_table('refresh_tokens')
|
|
|
|
|
|
|
|
|
|
op.drop_index(op.f('ix_login_attempts_email'), table_name='login_attempts')
|
|
|
|
|
op.drop_table('login_attempts')
|
|
|
|
|
|
|
|
|
|
op.drop_index(op.f('ix_users_payment_customer_id'), table_name='users')
|
|
|
|
|
op.drop_index(op.f('ix_users_email'), table_name='users')
|
|
|
|
|
op.drop_table('users')
|
