"""Unified initial schema for auth service This migration combines all previous migrations into a single initial schema: - Initial tables (users, refresh_tokens, login_attempts, audit_logs, onboarding) - GDPR consent tables (user_consents, consent_history) - Payment columns added to users table - Password reset tokens table - Tenant ID made nullable in audit logs Revision ID: initial_unified Revises: Create Date: 2026-01-16 14:00:00.000000 """ from typing import Sequence, Union from alembic import op import sqlalchemy as sa from sqlalchemy.dialects import postgresql # revision identifiers, used by Alembic. revision: str = 'initial_unified' down_revision: Union[str, None] = None branch_labels: Union[str, Sequence[str], None] = None depends_on: Union[str, Sequence[str], None] = None def upgrade() -> None: # Create all tables in the correct order (respecting foreign key dependencies) # Base tables without dependencies op.create_table('users', sa.Column('id', sa.UUID(), nullable=False), sa.Column('email', sa.String(length=255), nullable=False), sa.Column('hashed_password', sa.String(length=255), nullable=False), sa.Column('full_name', sa.String(length=255), nullable=False), sa.Column('is_active', sa.Boolean(), nullable=True), sa.Column('is_verified', sa.Boolean(), nullable=True), sa.Column('created_at', sa.DateTime(timezone=True), nullable=True), sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True), sa.Column('last_login', sa.DateTime(timezone=True), nullable=True), sa.Column('phone', sa.String(length=20), nullable=True), sa.Column('language', sa.String(length=10), nullable=True), sa.Column('timezone', sa.String(length=50), nullable=True), sa.Column('role', sa.String(length=20), nullable=False), # Payment-related columns sa.Column('payment_customer_id', sa.String(length=255), nullable=True), sa.Column('default_payment_method_id', sa.String(length=255), nullable=True), sa.PrimaryKeyConstraint('id') ) op.create_index(op.f('ix_users_email'), 'users', ['email'], unique=True) op.create_index(op.f('ix_users_payment_customer_id'), 'users', ['payment_customer_id'], unique=False) op.create_table('login_attempts', sa.Column('id', sa.UUID(), nullable=False), sa.Column('email', sa.String(length=255), nullable=False), sa.Column('ip_address', sa.String(length=45), nullable=False), sa.Column('user_agent', sa.Text(), nullable=True), sa.Column('success', sa.Boolean(), nullable=True), sa.Column('failure_reason', sa.String(length=255), nullable=True), sa.Column('created_at', sa.DateTime(timezone=True), nullable=True), sa.PrimaryKeyConstraint('id') ) op.create_index(op.f('ix_login_attempts_email'), 'login_attempts', ['email'], unique=False) # Tables that reference users op.create_table('refresh_tokens', sa.Column('id', sa.UUID(), nullable=False), sa.Column('user_id', sa.UUID(), nullable=False), sa.Column('token', sa.Text(), nullable=False), sa.Column('token_hash', sa.String(length=255), nullable=True), sa.Column('expires_at', sa.DateTime(timezone=True), nullable=False), sa.Column('is_revoked', sa.Boolean(), nullable=False), sa.Column('created_at', sa.DateTime(timezone=True), nullable=True), sa.Column('revoked_at', sa.DateTime(timezone=True), nullable=True), sa.PrimaryKeyConstraint('id'), sa.UniqueConstraint('token_hash') ) op.create_index('ix_refresh_tokens_expires_at', 'refresh_tokens', ['expires_at'], unique=False) op.create_index('ix_refresh_tokens_token_hash', 'refresh_tokens', ['token_hash'], unique=False) op.create_index(op.f('ix_refresh_tokens_user_id'), 'refresh_tokens', ['user_id'], unique=False) op.create_index('ix_refresh_tokens_user_id_active', 'refresh_tokens', ['user_id', 'is_revoked'], unique=False) op.create_table('user_onboarding_progress', sa.Column('id', sa.UUID(), nullable=False), sa.Column('user_id', sa.UUID(), nullable=False), sa.Column('step_name', sa.String(length=50), nullable=False), sa.Column('completed', sa.Boolean(), nullable=False), sa.Column('completed_at', sa.DateTime(timezone=True), nullable=True), sa.Column('step_data', sa.JSON(), nullable=True), sa.Column('created_at', sa.DateTime(timezone=True), nullable=True), sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True), sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'), sa.PrimaryKeyConstraint('id'), sa.UniqueConstraint('user_id', 'step_name', name='uq_user_step') ) op.create_index(op.f('ix_user_onboarding_progress_user_id'), 'user_onboarding_progress', ['user_id'], unique=False) op.create_table('user_onboarding_summary', sa.Column('id', sa.UUID(), nullable=False), sa.Column('user_id', sa.UUID(), nullable=False), sa.Column('current_step', sa.String(length=50), nullable=False), sa.Column('next_step', sa.String(length=50), nullable=True), sa.Column('completion_percentage', sa.String(length=50), nullable=True), sa.Column('fully_completed', sa.Boolean(), nullable=True), sa.Column('steps_completed_count', sa.String(length=50), nullable=True), sa.Column('created_at', sa.DateTime(timezone=True), nullable=True), sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True), sa.Column('last_activity_at', sa.DateTime(timezone=True), nullable=True), sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'), sa.PrimaryKeyConstraint('id') ) op.create_index(op.f('ix_user_onboarding_summary_user_id'), 'user_onboarding_summary', ['user_id'], unique=True) op.create_table('password_reset_tokens', sa.Column('id', postgresql.UUID(as_uuid=True), nullable=False), sa.Column('user_id', postgresql.UUID(as_uuid=True), nullable=False), sa.Column('token', sa.String(length=255), nullable=False), sa.Column('expires_at', sa.DateTime(timezone=True), nullable=False), sa.Column('is_used', sa.Boolean(), nullable=False, default=False), sa.Column('created_at', sa.DateTime(timezone=True), nullable=False, server_default=sa.text("timezone('utc', CURRENT_TIMESTAMP)")), sa.Column('used_at', sa.DateTime(timezone=True), nullable=True), sa.PrimaryKeyConstraint('id'), sa.UniqueConstraint('token'), ) op.create_index('ix_password_reset_tokens_user_id', 'password_reset_tokens', ['user_id']) op.create_index('ix_password_reset_tokens_token', 'password_reset_tokens', ['token']) op.create_index('ix_password_reset_tokens_expires_at', 'password_reset_tokens', ['expires_at']) op.create_index('ix_password_reset_tokens_is_used', 'password_reset_tokens', ['is_used']) # GDPR consent tables op.create_table('user_consents', sa.Column('id', sa.UUID(), nullable=False), sa.Column('user_id', sa.UUID(), nullable=False), sa.Column('terms_accepted', sa.Boolean(), nullable=False), sa.Column('privacy_accepted', sa.Boolean(), nullable=False), sa.Column('marketing_consent', sa.Boolean(), nullable=False), sa.Column('analytics_consent', sa.Boolean(), nullable=False), sa.Column('consent_version', sa.String(length=20), nullable=False), sa.Column('consent_method', sa.String(length=50), nullable=False), sa.Column('ip_address', sa.String(length=45), nullable=True), sa.Column('user_agent', sa.Text(), nullable=True), sa.Column('terms_text_hash', sa.String(length=64), nullable=True), sa.Column('privacy_text_hash', sa.String(length=64), nullable=True), sa.Column('consented_at', sa.DateTime(timezone=True), nullable=False), sa.Column('withdrawn_at', sa.DateTime(timezone=True), nullable=True), sa.Column('extra_data', postgresql.JSON(astext_type=sa.Text()), nullable=True), sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'), sa.PrimaryKeyConstraint('id') ) op.create_index('idx_user_consent_consented_at', 'user_consents', ['consented_at'], unique=False) op.create_index('idx_user_consent_user_id', 'user_consents', ['user_id'], unique=False) op.create_index(op.f('ix_user_consents_user_id'), 'user_consents', ['user_id'], unique=False) op.create_table('consent_history', sa.Column('id', sa.UUID(), nullable=False), sa.Column('user_id', sa.UUID(), nullable=False), sa.Column('consent_id', sa.UUID(), nullable=True), sa.Column('action', sa.String(length=50), nullable=False), sa.Column('consent_snapshot', postgresql.JSON(astext_type=sa.Text()), nullable=False), sa.Column('ip_address', sa.String(length=45), nullable=True), sa.Column('user_agent', sa.Text(), nullable=True), sa.Column('consent_method', sa.String(length=50), nullable=True), sa.Column('created_at', sa.DateTime(timezone=True), nullable=False), sa.ForeignKeyConstraint(['consent_id'], ['user_consents.id'], ondelete='SET NULL'), sa.PrimaryKeyConstraint('id') ) op.create_index('idx_consent_history_action', 'consent_history', ['action'], unique=False) op.create_index('idx_consent_history_created_at', 'consent_history', ['created_at'], unique=False) op.create_index('idx_consent_history_user_id', 'consent_history', ['user_id'], unique=False) op.create_index(op.f('ix_consent_history_created_at'), 'consent_history', ['created_at'], unique=False) op.create_index(op.f('ix_consent_history_user_id'), 'consent_history', ['user_id'], unique=False) # Audit logs table (with tenant_id nullable as per the last migration) op.create_table('audit_logs', sa.Column('id', sa.UUID(), nullable=False), sa.Column('tenant_id', sa.UUID(), nullable=True), # Made nullable per last migration sa.Column('user_id', sa.UUID(), nullable=False), sa.Column('action', sa.String(length=100), nullable=False), sa.Column('resource_type', sa.String(length=100), nullable=False), sa.Column('resource_id', sa.String(length=255), nullable=True), sa.Column('severity', sa.String(length=20), nullable=False), sa.Column('service_name', sa.String(length=100), nullable=False), sa.Column('description', sa.Text(), nullable=True), sa.Column('changes', postgresql.JSON(astext_type=sa.Text()), nullable=True), sa.Column('audit_metadata', postgresql.JSON(astext_type=sa.Text()), nullable=True), sa.Column('ip_address', sa.String(length=45), nullable=True), sa.Column('user_agent', sa.Text(), nullable=True), sa.Column('endpoint', sa.String(length=255), nullable=True), sa.Column('method', sa.String(length=10), nullable=True), sa.Column('created_at', sa.DateTime(timezone=True), nullable=False), sa.PrimaryKeyConstraint('id') ) op.create_index('idx_audit_resource_type_action', 'audit_logs', ['resource_type', 'action'], unique=False) op.create_index('idx_audit_service_created', 'audit_logs', ['service_name', 'created_at'], unique=False) op.create_index('idx_audit_severity_created', 'audit_logs', ['severity', 'created_at'], unique=False) op.create_index('idx_audit_tenant_created', 'audit_logs', ['tenant_id', 'created_at'], unique=False) op.create_index('idx_audit_user_created', 'audit_logs', ['user_id', 'created_at'], unique=False) op.create_index(op.f('ix_audit_logs_action'), 'audit_logs', ['action'], unique=False) op.create_index(op.f('ix_audit_logs_created_at'), 'audit_logs', ['created_at'], unique=False) op.create_index(op.f('ix_audit_logs_resource_id'), 'audit_logs', ['resource_id'], unique=False) op.create_index(op.f('ix_audit_logs_resource_type'), 'audit_logs', ['resource_type'], unique=False) op.create_index(op.f('ix_audit_logs_service_name'), 'audit_logs', ['service_name'], unique=False) op.create_index(op.f('ix_audit_logs_severity'), 'audit_logs', ['severity'], unique=False) op.create_index(op.f('ix_audit_logs_tenant_id'), 'audit_logs', ['tenant_id'], unique=False) op.create_index(op.f('ix_audit_logs_user_id'), 'audit_logs', ['user_id'], unique=False) def downgrade() -> None: # Drop tables in reverse order (respecting foreign key dependencies) op.drop_index(op.f('ix_audit_logs_user_id'), table_name='audit_logs') op.drop_index(op.f('ix_audit_logs_tenant_id'), table_name='audit_logs') op.drop_index(op.f('ix_audit_logs_severity'), table_name='audit_logs') op.drop_index(op.f('ix_audit_logs_service_name'), table_name='audit_logs') op.drop_index(op.f('ix_audit_logs_resource_type'), table_name='audit_logs') op.drop_index(op.f('ix_audit_logs_resource_id'), table_name='audit_logs') op.drop_index(op.f('ix_audit_logs_created_at'), table_name='audit_logs') op.drop_index(op.f('ix_audit_logs_action'), table_name='audit_logs') op.drop_index('idx_audit_user_created', table_name='audit_logs') op.drop_index('idx_audit_tenant_created', table_name='audit_logs') op.drop_index('idx_audit_severity_created', table_name='audit_logs') op.drop_index('idx_audit_service_created', table_name='audit_logs') op.drop_index('idx_audit_resource_type_action', table_name='audit_logs') op.drop_table('audit_logs') op.drop_index(op.f('ix_consent_history_user_id'), table_name='consent_history') op.drop_index(op.f('ix_consent_history_created_at'), table_name='consent_history') op.drop_index('idx_consent_history_user_id', table_name='consent_history') op.drop_index('idx_consent_history_created_at', table_name='consent_history') op.drop_index('idx_consent_history_action', table_name='consent_history') op.drop_table('consent_history') op.drop_index(op.f('ix_user_consents_user_id'), table_name='user_consents') op.drop_index('idx_user_consent_user_id', table_name='user_consents') op.drop_index('idx_user_consent_consented_at', table_name='user_consents') op.drop_table('user_consents') op.drop_index('ix_password_reset_tokens_is_used', table_name='password_reset_tokens') op.drop_index('ix_password_reset_tokens_expires_at', table_name='password_reset_tokens') op.drop_index('ix_password_reset_tokens_token', table_name='password_reset_tokens') op.drop_index('ix_password_reset_tokens_user_id', table_name='password_reset_tokens') op.drop_table('password_reset_tokens') op.drop_index(op.f('ix_user_onboarding_summary_user_id'), table_name='user_onboarding_summary') op.drop_table('user_onboarding_summary') op.drop_index(op.f('ix_user_onboarding_progress_user_id'), table_name='user_onboarding_progress') op.drop_table('user_onboarding_progress') op.drop_index('ix_refresh_tokens_user_id_active', table_name='refresh_tokens') op.drop_index(op.f('ix_refresh_tokens_user_id'), table_name='refresh_tokens') op.drop_index('ix_refresh_tokens_token_hash', table_name='refresh_tokens') op.drop_index('ix_refresh_tokens_expires_at', table_name='refresh_tokens') op.drop_table('refresh_tokens') op.drop_index(op.f('ix_login_attempts_email'), table_name='login_attempts') op.drop_table('login_attempts') op.drop_index(op.f('ix_users_payment_customer_id'), table_name='users') op.drop_index(op.f('ix_users_email'), table_name='users') op.drop_table('users')