npm - @s-hirano-ist/s-database - Versions diffs - 1.20.0 → 1.21.0 - Mend

@s-hirano-ist/s-database 1.20.0 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@s-hirano-ist/s-database",
-  "version": "1.20.0",
+  "version": "1.21.0",
   "description": "Prisma database schema and client for s-private project",
   "type": "module",
   "main": "./src/index.ts",
@@ -10,7 +10,6 @@
       "types": "./src/index.ts",
       "default": "./src/index.ts"
     },
-    "./resolve-db-env": "./src/resolve-db-env.ts",
     "./generated": "./src/generated/index.js",
     "./generated/*": "./src/generated/*"
   },
@@ -36,12 +35,12 @@
     "prisma": "7.8.0"
   },
   "devDependencies": {
-    "prisma-erd-generator": "2.4.2",
+    "prisma-erd-generator": "2.4.3",
     "typescript": "6.0.3"
   },
   "scripts": {
     "prisma:generate": "mkdir -p erd && prisma generate",
-    "prisma:migrate": "prisma migrate dev",
+    "prisma:migrate:diff": "prisma migrate diff --from-migrations prisma/migrations --to-schema prisma/schema.prisma --script",
     "prisma:deploy": "prisma migrate deploy",
     "prisma:studio": "prisma studio",
     "docs:build": "bash scripts/generate-db-docs.sh",

package/prisma/migrations/0_init/migration.sql ADDED Viewed

@@ -0,0 +1,107 @@
+-- CreateSchema
+CREATE SCHEMA IF NOT EXISTS "public";
+-- CreateEnum
+CREATE TYPE "Status" AS ENUM ('UNEXPORTED', 'LAST_UPDATED', 'EXPORTED');
+-- CreateTable
+CREATE TABLE "categories" (
+    "id" STRING(36) NOT NULL,
+    "name" STRING(16) NOT NULL,
+    "created_at" TIMESTAMP(3) NOT NULL,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    "user_id" STRING(128) NOT NULL,
+    CONSTRAINT "categories_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateTable
+CREATE TABLE "articles" (
+    "id" STRING(36) NOT NULL,
+    "title" STRING(128) NOT NULL,
+    "url" STRING(2048) NOT NULL,
+    "quote" STRING(512),
+    "og_image_url" STRING(4096),
+    "og_title" STRING(512),
+    "og_description" STRING(1024),
+    "category_id" STRING(36) NOT NULL,
+    "status" "Status" NOT NULL,
+    "user_id" STRING(128) NOT NULL,
+    "created_at" TIMESTAMP(3) NOT NULL,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    "exported_at" TIMESTAMP(3),
+    CONSTRAINT "articles_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateTable
+CREATE TABLE "notes" (
+    "id" STRING(36) NOT NULL,
+    "title" STRING(64) NOT NULL,
+    "markdown" STRING NOT NULL,
+    "status" "Status" NOT NULL,
+    "user_id" STRING(128) NOT NULL,
+    "created_at" TIMESTAMP(3) NOT NULL,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    "exported_at" TIMESTAMP(3),
+    CONSTRAINT "notes_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateTable
+CREATE TABLE "images" (
+    "id" STRING(36) NOT NULL,
+    "path" STRING(512) NOT NULL,
+    "content_type" STRING(32) NOT NULL,
+    "file_size" INT4,
+    "width" INT4,
+    "height" INT4,
+    "status" "Status" NOT NULL,
+    "user_id" STRING(128) NOT NULL,
+    "created_at" TIMESTAMP(3) NOT NULL,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    "exported_at" TIMESTAMP(3),
+    CONSTRAINT "images_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateTable
+CREATE TABLE "books" (
+    "id" STRING(36) NOT NULL,
+    "isbn" STRING(17) NOT NULL,
+    "title" STRING(512) NOT NULL,
+    "google_subtitle" STRING(512),
+    "google_authors" STRING[],
+    "google_description" STRING,
+    "google_img_src" STRING(2048),
+    "google_href" STRING(2048),
+    "image_path" STRING(512),
+    "markdown" STRING,
+    "rating" INT4 NOT NULL,
+    "tags" STRING[],
+    "status" "Status" NOT NULL,
+    "user_id" STRING(128) NOT NULL,
+    "created_at" TIMESTAMP(3) NOT NULL,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    "exported_at" TIMESTAMP(3),
+    CONSTRAINT "books_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateIndex
+CREATE UNIQUE INDEX "categories_name_user_id_key" ON "categories"("name", "user_id");
+-- CreateIndex
+CREATE UNIQUE INDEX "articles_url_user_id_key" ON "articles"("url", "user_id");
+-- CreateIndex
+CREATE UNIQUE INDEX "notes_title_user_id_key" ON "notes"("title", "user_id");
+-- CreateIndex
+CREATE UNIQUE INDEX "images_path_user_id_key" ON "images"("path", "user_id");
+-- CreateIndex
+CREATE UNIQUE INDEX "books_isbn_user_id_key" ON "books"("isbn", "user_id");
+-- AddForeignKey
+ALTER TABLE "articles" ADD CONSTRAINT "articles_category_id_fkey" FOREIGN KEY ("category_id") REFERENCES "categories"("id") ON DELETE CASCADE ON UPDATE CASCADE;

package/prisma/migrations/1_better_auth/migration.sql ADDED Viewed

@@ -0,0 +1,69 @@
+-- CreateTable
+CREATE TABLE "user" (
+    "id" STRING(64) NOT NULL,
+    "name" STRING NOT NULL,
+    "email" STRING NOT NULL,
+    "email_verified" BOOL NOT NULL DEFAULT false,
+    "image" STRING,
+    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    CONSTRAINT "user_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateTable
+CREATE TABLE "session" (
+    "id" STRING(64) NOT NULL,
+    "expires_at" TIMESTAMP(3) NOT NULL,
+    "token" STRING NOT NULL,
+    "ip_address" STRING,
+    "user_agent" STRING,
+    "user_id" STRING(64) NOT NULL,
+    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    CONSTRAINT "session_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateTable
+CREATE TABLE "account" (
+    "id" STRING(64) NOT NULL,
+    "account_id" STRING(128) NOT NULL,
+    "provider_id" STRING(64) NOT NULL,
+    "user_id" STRING(64) NOT NULL,
+    "access_token" STRING,
+    "refresh_token" STRING,
+    "id_token" STRING,
+    "access_token_expires_at" TIMESTAMP(3),
+    "refresh_token_expires_at" TIMESTAMP(3),
+    "scope" STRING,
+    "password" STRING,
+    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    CONSTRAINT "account_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateTable
+CREATE TABLE "verification" (
+    "id" STRING(64) NOT NULL,
+    "identifier" STRING NOT NULL,
+    "value" STRING NOT NULL,
+    "expires_at" TIMESTAMP(3) NOT NULL,
+    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updated_at" TIMESTAMP(3) NOT NULL,
+    CONSTRAINT "verification_pkey" PRIMARY KEY ("id")
+) WITH (schema_locked = false);
+-- CreateIndex
+CREATE UNIQUE INDEX "user_email_key" ON "user"("email");
+-- CreateIndex
+CREATE UNIQUE INDEX "session_token_key" ON "session"("token");
+-- AddForeignKey
+ALTER TABLE "session" ADD CONSTRAINT "session_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+-- AddForeignKey
+ALTER TABLE "account" ADD CONSTRAINT "account_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "user"("id") ON DELETE CASCADE ON UPDATE CASCADE;

package/prisma/migrations/migration_lock.toml CHANGED Viewed

@@ -1,3 +1,3 @@
 # Please do not edit this file manually
 # It should be added in your version-control system (e.g., Git)
-provider = "postgresql"
+provider = "cockroachdb"

package/prisma/remap-userids-better-auth.sql ADDED Viewed

@@ -0,0 +1,98 @@
+-- One-time userId remap after migrating from NextAuth (Auth0 sub) to Better Auth.
+--
+-- Context
+-- -------
+-- Before: every content row's `user_id` held the Auth0 `sub` (e.g. "auth0|abc").
+-- After:  Better Auth generates its own `user.id` and stores the Auth0 sub in
+--         `account.account_id` (provider_id = 'auth0'). `getSelfId()` now returns
+--         the Better Auth `user.id`, so existing content rows must be remapped
+--         from the old sub to the new user.id to stay visible / tenant-scoped.
+--
+-- Prerequisites (run IN ORDER, before this script)
+-- ------------------------------------------------
+--   1. `pnpm prisma:deploy` (creates user/session/account/verification tables).
+--   2. PROD ONLY: grant DML on the 4 new tables to the runtime user
+--      `s-prod-runtime`, or the first sign-in fails with
+--      `42501 user s-prod-runtime does not have INSERT privilege on relation verification`.
+--      Run the GRANT (+ ALTER DEFAULT PRIVILEGES) from
+--      docs/cockroachdb-role-minimization-runbook.md Step 2 in the Cloud Console.
+--      (dev uses the all-privilege `s-dev` user, so this step is prod-only.)
+--   3. Log in ONCE through Better Auth (Auth0) so the user + account rows exist.
+--
+-- How to run — CockroachDB Cloud Console (no psql needed)
+-- ------------------------------------------------------
+--   Cloud Console -> your cluster -> "SQL Shell" tab. Make sure the correct
+--   database is selected (top of the shell, or run `USE <database>;` first —
+--   the same database as DATABASE_URL). Paste the STEP 2 block below and run.
+--   Then paste STEP 3 to verify (every row count must be 0).
+--
+-- How to run — psql (alternative)
+-- -------------------------------
+--   psql "$DATABASE_URL" -f packages/database/prisma/remap-userids-better-auth.sql
+--
+-- Notes
+-- -----
+-- * Pure SQL (no psql meta-commands), so it pastes into the Cloud Console as-is.
+-- * The five UPDATEs are independent and idempotent (no BEGIN/COMMIT needed):
+--   once a row's user_id is the new id it no longer matches any account_id, so
+--   re-running is safe and is a no-op.
+-- * Run as raw SQL only. Do NOT route through the Prisma client: the tenant
+--   extension (app/src/prisma.ts) rewrites updateMany to force the active
+--   tenant's user_id, which would defeat the remap. Raw SQL bypasses it.
+-- * The join through `account` (account_id = old sub -> user_id = new id) means
+--   you never have to hardcode any id.
+-- ===========================================================================
+-- STEP 1 (optional pre-check): inspect the Auth0 account mapping.
+-- Expect exactly one row for a single-user app: old_sub -> new_user_id.
+-- ===========================================================================
+SELECT provider_id, account_id AS old_sub, user_id AS new_user_id
+FROM account
+WHERE provider_id = 'auth0';
+-- ===========================================================================
+-- STEP 2: remap content rows from the old Auth0 sub to the new Better Auth id.
+-- ===========================================================================
+UPDATE articles a
+SET user_id = acc.user_id
+FROM account acc
+WHERE acc.provider_id = 'auth0' AND a.user_id = acc.account_id;
+UPDATE notes n
+SET user_id = acc.user_id
+FROM account acc
+WHERE acc.provider_id = 'auth0' AND n.user_id = acc.account_id;
+UPDATE images i
+SET user_id = acc.user_id
+FROM account acc
+WHERE acc.provider_id = 'auth0' AND i.user_id = acc.account_id;
+UPDATE books b
+SET user_id = acc.user_id
+FROM account acc
+WHERE acc.provider_id = 'auth0' AND b.user_id = acc.account_id;
+UPDATE categories c
+SET user_id = acc.user_id
+FROM account acc
+WHERE acc.provider_id = 'auth0' AND c.user_id = acc.account_id;
+-- ===========================================================================
+-- STEP 3 (verification): every count MUST be 0 after STEP 2 (no row left on the
+-- old sub). If any count is > 0, re-run STEP 2.
+-- ===========================================================================
+SELECT 'articles' AS tbl, count(*) AS rows_still_on_old_sub
+FROM articles a JOIN account acc ON acc.provider_id = 'auth0' AND a.user_id = acc.account_id
+UNION ALL
+SELECT 'notes', count(*)
+FROM notes n JOIN account acc ON acc.provider_id = 'auth0' AND n.user_id = acc.account_id
+UNION ALL
+SELECT 'images', count(*)
+FROM images i JOIN account acc ON acc.provider_id = 'auth0' AND i.user_id = acc.account_id
+UNION ALL
+SELECT 'books', count(*)
+FROM books b JOIN account acc ON acc.provider_id = 'auth0' AND b.user_id = acc.account_id
+UNION ALL
+SELECT 'categories', count(*)
+FROM categories c JOIN account acc ON acc.provider_id = 'auth0' AND c.user_id = acc.account_id;

package/prisma/schema.prisma CHANGED Viewed

@@ -10,7 +10,7 @@ generator erd {
 }
 datasource db {
-  provider = "postgresql"
+  provider = "cockroachdb"
 }
 enum Status {
@@ -20,38 +20,38 @@ enum Status {
 }
 model Category {
-  id String @id @db.VarChar(36)
+  id String @id @db.String(36)
-  name String @db.VarChar(16)
+  name String @db.String(16)
   Articles Article[]
   createdAt DateTime @map("created_at")
   updatedAt DateTime @updatedAt @map("updated_at")
-  userId String @map("user_id") @db.VarChar(128)
+  userId String @map("user_id") @db.String(128)
   @@unique([name, userId])
   @@map("categories")
 }
 model Article {
-  id String @id @db.VarChar(36)
+  id String @id @db.String(36)
-  title String  @db.VarChar(128)
-  url   String  @db.VarChar(2048)
-  quote String? @db.VarChar(512)
+  title String  @db.String(128)
+  url   String  @db.String(2048)
+  quote String? @db.String(512)
-  ogImageUrl    String? @map("og_image_url") @db.VarChar(4096)
-  ogTitle       String? @map("og_title") @db.VarChar(512)
-  ogDescription String? @map("og_description") @db.VarChar(1024)
+  ogImageUrl    String? @map("og_image_url") @db.String(4096)
+  ogTitle       String? @map("og_title") @db.String(512)
+  ogDescription String? @map("og_description") @db.String(1024)
   Category   Category @relation(fields: [categoryId], references: [id], onDelete: Cascade, onUpdate: Cascade)
-  categoryId String   @map("category_id") @db.VarChar(36)
+  categoryId String   @map("category_id") @db.String(36)
   status Status
-  userId String @map("user_id") @db.VarChar(128)
+  userId String @map("user_id") @db.String(128)
   createdAt  DateTime  @map("created_at")
   updatedAt  DateTime  @updatedAt @map("updated_at")
@@ -62,14 +62,14 @@ model Article {
 }
 model Note {
-  id String @id @db.VarChar(36)
+  id String @id @db.String(36)
-  title    String @db.VarChar(64)
-  markdown String @db.Text
+  title    String @db.String(64)
+  markdown String @db.String
   status Status
-  userId String @map("user_id") @db.VarChar(128)
+  userId String @map("user_id") @db.String(128)
   createdAt  DateTime  @map("created_at")
   updatedAt  DateTime  @updatedAt @map("updated_at")
@@ -80,17 +80,17 @@ model Note {
 }
 model Image {
-  id String @id @db.VarChar(36)
+  id String @id @db.String(36)
-  path        String @db.VarChar(512)
-  contentType String @map("content_type") @db.VarChar(32) // e.g.: image/jpeg, image/png
+  path        String @db.String(512)
+  contentType String @map("content_type") @db.String(32) // e.g.: image/jpeg, image/png
   fileSize    Int?   @map("file_size") // byte
   width       Int? // pixel
   height      Int? // pixel
   status Status
-  userId String @map("user_id") @db.VarChar(128)
+  userId String @map("user_id") @db.String(128)
   createdAt  DateTime  @map("created_at")
   updatedAt  DateTime  @updatedAt @map("updated_at")
@@ -101,26 +101,26 @@ model Image {
 }
 model Book {
-  id    String @id @db.VarChar(36)
-  isbn  String @db.VarChar(17)
-  title String @db.VarChar(512)
+  id    String @id @db.String(36)
+  isbn  String @db.String(17)
+  title String @db.String(512)
-  googleSubTitle    String?  @map("google_subtitle") @db.VarChar(512)
+  googleSubTitle    String?  @map("google_subtitle") @db.String(512)
   googleAuthors     String[] @map("google_authors")
-  googleDescription String?  @map("google_description") @db.Text
-  googleImgSrc      String?  @map("google_img_src") @db.VarChar(2048)
-  googleHref        String?  @map("google_href") @db.VarChar(2048)
+  googleDescription String?  @map("google_description") @db.String
+  googleImgSrc      String?  @map("google_img_src") @db.String(2048)
+  googleHref        String?  @map("google_href") @db.String(2048)
-  imagePath String? @map("image_path") @db.VarChar(512)
+  imagePath String? @map("image_path") @db.String(512)
-  markdown String? @db.Text
+  markdown String? @db.String
   rating Int // 1-5
   tags   String[]
   status Status
-  userId String @map("user_id") @db.VarChar(128)
+  userId String @map("user_id") @db.String(128)
   createdAt  DateTime  @map("created_at")
   updatedAt  DateTime  @updatedAt @map("updated_at")
@@ -129,3 +129,84 @@ model Book {
   @@unique([isbn, userId])
   @@map("books")
 }
+// ---------------------------------------------------------------------------
+// Better Auth tables (user / session / account / verification).
+//
+// Managed entirely by Better Auth via @better-auth/prisma-adapter. These are
+// intentionally NOT registered in the Prisma tenant extension whitelist
+// (app/src/prisma.ts), so tenant filtering never touches them. createdAt has a
+// DB default and emailVerified defaults to false as a safety net for the
+// library-managed write paths (unlike the domain models, which set timestamps
+// explicitly in domain logic).
+// ---------------------------------------------------------------------------
+model User {
+  id String @id @db.String(64)
+  name          String  @db.String
+  email         String  @unique @db.String
+  emailVerified Boolean @default(false) @map("email_verified")
+  image         String? @db.String
+  Sessions Session[]
+  Accounts Account[]
+  createdAt DateTime @default(now()) @map("created_at")
+  updatedAt DateTime @updatedAt @map("updated_at")
+  @@map("user")
+}
+model Session {
+  id String @id @db.String(64)
+  expiresAt DateTime @map("expires_at")
+  token     String   @unique @db.String
+  ipAddress String?  @map("ip_address") @db.String
+  userAgent String?  @map("user_agent") @db.String
+  User   User   @relation(fields: [userId], references: [id], onDelete: Cascade, onUpdate: Cascade)
+  userId String @map("user_id") @db.String(64)
+  createdAt DateTime @default(now()) @map("created_at")
+  updatedAt DateTime @updatedAt @map("updated_at")
+  @@map("session")
+}
+model Account {
+  id String @id @db.String(64)
+  accountId  String @map("account_id") @db.String(128)
+  providerId String @map("provider_id") @db.String(64)
+  User   User   @relation(fields: [userId], references: [id], onDelete: Cascade, onUpdate: Cascade)
+  userId String @map("user_id") @db.String(64)
+  accessToken           String?   @map("access_token") @db.String
+  refreshToken          String?   @map("refresh_token") @db.String
+  idToken               String?   @map("id_token") @db.String
+  accessTokenExpiresAt  DateTime? @map("access_token_expires_at")
+  refreshTokenExpiresAt DateTime? @map("refresh_token_expires_at")
+  scope                 String?   @db.String
+  password              String?   @db.String
+  createdAt DateTime @default(now()) @map("created_at")
+  updatedAt DateTime @updatedAt @map("updated_at")
+  @@map("account")
+}
+model Verification {
+  id String @id @db.String(64)
+  identifier String   @db.String
+  value      String   @db.String
+  expiresAt  DateTime @map("expires_at")
+  createdAt DateTime @default(now()) @map("created_at")
+  updatedAt DateTime @updatedAt @map("updated_at")
+  @@map("verification")
+}