@spfn/auth 0.2.0-beta.1 → 0.2.0-beta.3

package/dist/{dto-81uR9gzF.d.ts → dto-CLYtuAom.d.ts}

@@ -500,7 +500,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
             id: number;
             name: string;
             displayName: string;
-            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
+            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
         }[];
         userId: number;
         email: string | null;

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import * as _spfn_core_nextjs from '@spfn/core/nextjs';
-import { R as RoleConfig, P as PermissionConfig, U as UserProfile, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, m as mainAuthRouter } from './dto-81uR9gzF.js';
-export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, c as ProfileInfo, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './dto-81uR9gzF.js';
+import { R as RoleConfig, P as PermissionConfig, U as UserProfile, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, m as mainAuthRouter } from './dto-CLYtuAom.js';
+export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, c as ProfileInfo, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './dto-CLYtuAom.js';
 import * as _spfn_core_route from '@spfn/core/route';
 import * as _sinclair_typebox from '@sinclair/typebox';
 import '@spfn/auth/server';
@@ -260,7 +260,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
             id: number;
             name: string;
             displayName: string;
-            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
+            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
         }[];
         userId: number;
         email: string | null;

package/dist/server.d.ts

@@ -1,5 +1,5 @@
-import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, q as AuthContext } from './dto-81uR9gzF.js';
-export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, X as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, Z as PasswordSchema, Y as PhoneSchema, x as RegisterParams, O as RegisterPublicKeyParams, a as RegisterResult, T as RevokeKeyParams, Q as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, p as SocialProvider, _ as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, $ as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, W as authenticate, v as changePasswordService, r as checkAccountExistsService, t as loginService, u as logoutService, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './dto-81uR9gzF.js';
+import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, q as AuthContext } from './dto-CLYtuAom.js';
+export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, X as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, Z as PasswordSchema, Y as PhoneSchema, x as RegisterParams, O as RegisterPublicKeyParams, a as RegisterResult, T as RevokeKeyParams, Q as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, p as SocialProvider, _ as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, $ as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, W as authenticate, v as changePasswordService, r as checkAccountExistsService, t as loginService, u as logoutService, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './dto-CLYtuAom.js';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
 import { UserProfile as UserProfile$1 } from '@spfn/auth';
 import { BaseRepository } from '@spfn/core/db';
@@ -1242,7 +1242,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
         id: number;
         name: string;
         displayName: string;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
     }[];
     userId: number;
     email: string | null;
@@ -2694,7 +2694,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
             tableName: "permissions";
             dataType: "string";
             columnType: "PgText";
-            data: "custom" | "user" | "auth" | "rbac" | "system";
+            data: "auth" | "custom" | "user" | "rbac" | "system";
             driverParam: string;
             notNull: false;
             hasDefault: false;
@@ -3143,13 +3143,13 @@ declare class UsersRepository extends BaseRepository {
     create(data: NewUser): Promise<{
         email: string | null;
         phone: string | null;
-        status: "active" | "inactive" | "suspended";
         id: number;
-        createdAt: Date;
-        updatedAt: Date;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
+        createdAt: Date;
+        updatedAt: Date;
+        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3215,13 +3215,13 @@ declare class UsersRepository extends BaseRepository {
     deleteById(id: number): Promise<{
         email: string | null;
         phone: string | null;
-        status: "active" | "inactive" | "suspended";
         id: number;
-        createdAt: Date;
-        updatedAt: Date;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
+        createdAt: Date;
+        updatedAt: Date;
+        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3244,7 +3244,7 @@ declare class UsersRepository extends BaseRepository {
             id: number;
             name: string;
             displayName: string;
-            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
+            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
         }[];
     }>;
     /**
@@ -3354,16 +3354,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewUserPublicKey): Promise<{
-        userId: number;
+        publicKey: string;
         keyId: string;
+        fingerprint: string;
+        algorithm: "ES256" | "RS256";
+        userId: number;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        publicKey: string;
-        algorithm: "ES256" | "RS256";
-        fingerprint: string;
-        lastUsedAt: Date | null;
         expiresAt: Date | null;
+        lastUsedAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3390,16 +3390,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
-        userId: number;
+        publicKey: string;
         keyId: string;
+        fingerprint: string;
+        algorithm: "ES256" | "RS256";
+        userId: number;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        publicKey: string;
-        algorithm: "ES256" | "RS256";
-        fingerprint: string;
-        lastUsedAt: Date | null;
         expiresAt: Date | null;
+        lastUsedAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3514,14 +3514,14 @@ declare class VerificationCodesRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewVerificationCode): Promise<{
+        target: string;
+        targetType: "email" | "phone";
+        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
+        code: string;
         id: number;
         createdAt: Date;
         updatedAt: Date;
         expiresAt: Date;
-        target: string;
-        targetType: "email" | "phone";
-        code: string;
-        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
         usedAt: Date | null;
         attempts: number;
     }>;
@@ -3710,7 +3710,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3726,7 +3726,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3766,7 +3766,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3785,8 +3785,8 @@ declare class PermissionsRepository extends BaseRepository {
         isActive: boolean;
         createdAt: Date;
         updatedAt: Date;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         metadata: Record<string, any> | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
     }>;
 }
 declare const permissionsRepository: PermissionsRepository;
@@ -3831,9 +3831,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     createMany(data: NewRolePermission[]): Promise<{
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
         permissionId: number;
     }[]>;
     /**
@@ -3849,9 +3849,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
         permissionId: number;
     }[]>;
 }
@@ -3916,10 +3916,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        expiresAt: Date | null;
         permissionId: number;
-        granted: boolean;
+        expiresAt: Date | null;
         reason: string | null;
+        granted: boolean;
     }>;
     /**
      * 사용자 권한 오버라이드 업데이트
@@ -3942,10 +3942,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        expiresAt: Date | null;
         permissionId: number;
-        granted: boolean;
+        expiresAt: Date | null;
         reason: string | null;
+        granted: boolean;
     }>;
     /**
      * 사용자의 모든 권한 오버라이드 삭제
@@ -4024,6 +4024,7 @@ declare class UserProfilesRepository extends BaseRepository {
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
+        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -4036,7 +4037,6 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 업데이트 (by ID)
@@ -4093,6 +4093,7 @@ declare class UserProfilesRepository extends BaseRepository {
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
+        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -4105,7 +4106,6 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 삭제 (by User ID)
@@ -4116,6 +4116,7 @@ declare class UserProfilesRepository extends BaseRepository {
         displayName: string;
         createdAt: Date;
         updatedAt: Date;
+        metadata: Record<string, any> | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -4128,7 +4129,6 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * User ID로 프로필 데이터 조회 (formatted)
@@ -4255,15 +4255,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     create(data: NewInvitation): Promise<{
         email: string;
-        status: "pending" | "accepted" | "expired" | "cancelled";
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         metadata: Record<string, any> | null;
-        expiresAt: Date;
         token: string;
         invitedBy: number;
+        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4289,15 +4289,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         email: string;
-        status: "pending" | "accepted" | "expired" | "cancelled";
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         metadata: Record<string, any> | null;
-        expiresAt: Date;
         token: string;
         invitedBy: number;
+        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4757,13 +4757,13 @@ declare function getUser(c: Context | {
 }): {
     email: string | null;
     phone: string | null;
-    status: "active" | "inactive" | "suspended";
     id: number;
-    createdAt: Date;
-    updatedAt: Date;
     passwordHash: string | null;
     passwordChangeRequired: boolean;
     roleId: number;
+    createdAt: Date;
+    updatedAt: Date;
+    status: "active" | "inactive" | "suspended";
     emailVerifiedAt: Date | null;
     phoneVerifiedAt: Date | null;
     lastLoginAt: Date | null;

package/migrations/0000_premium_famine.sql

@@ -0,0 +1,292 @@
+CREATE SCHEMA IF NOT EXISTS "spfn_auth";
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."users" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"email" text,
+	"phone" text,
+	"password_hash" text,
+	"password_change_required" boolean DEFAULT false NOT NULL,
+	"role_id" bigserial NOT NULL,
+	"status" text DEFAULT 'active' NOT NULL,
+	"email_verified_at" timestamp with time zone,
+	"phone_verified_at" timestamp with time zone,
+	"last_login_at" timestamp with time zone,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "users_email_unique" UNIQUE("email"),
+	CONSTRAINT "users_phone_unique" UNIQUE("phone"),
+	CONSTRAINT "email_or_phone_check" CHECK ("spfn_auth"."users"."email" IS NOT NULL OR "spfn_auth"."users"."phone" IS NOT NULL)
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_profiles" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"user_id" bigserial NOT NULL,
+	"display_name" text NOT NULL,
+	"first_name" text,
+	"last_name" text,
+	"avatar_url" text,
+	"bio" text,
+	"locale" text DEFAULT 'en',
+	"timezone" text DEFAULT 'UTC',
+	"date_of_birth" text,
+	"gender" text,
+	"website" text,
+	"location" text,
+	"company" text,
+	"job_title" text,
+	"metadata" jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "user_profiles_user_id_unique" UNIQUE("user_id")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_public_keys" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"user_id" bigserial NOT NULL,
+	"key_id" text NOT NULL,
+	"public_key" text NOT NULL,
+	"algorithm" text DEFAULT 'ES256' NOT NULL,
+	"fingerprint" text NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"last_used_at" timestamp with time zone,
+	"expires_at" timestamp with time zone,
+	"revoked_at" timestamp with time zone,
+	"revoked_reason" text,
+	CONSTRAINT "user_public_keys_key_id_unique" UNIQUE("key_id")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_social_accounts" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"user_id" bigserial NOT NULL,
+	"provider" text NOT NULL,
+	"provider_user_id" text NOT NULL,
+	"provider_email" text,
+	"access_token" text,
+	"refresh_token" text,
+	"token_expires_at" timestamp with time zone,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."verification_codes" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"target" text NOT NULL,
+	"target_type" text NOT NULL,
+	"code" text NOT NULL,
+	"purpose" text NOT NULL,
+	"expires_at" timestamp with time zone NOT NULL,
+	"used_at" timestamp with time zone,
+	"attempts" integer DEFAULT 0 NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "attempts_limit_check" CHECK ("spfn_auth"."verification_codes"."attempts" >= 0 AND "spfn_auth"."verification_codes"."attempts" <= 10)
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_invitations" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"email" text NOT NULL,
+	"token" text NOT NULL,
+	"role_id" bigserial NOT NULL,
+	"invited_by_id" bigserial NOT NULL,
+	"status" text DEFAULT 'pending' NOT NULL,
+	"expires_at" timestamp with time zone NOT NULL,
+	"accepted_at" timestamp with time zone,
+	"cancelled_at" timestamp with time zone,
+	"metadata" jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "user_invitations_token_unique" UNIQUE("token")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."roles" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"display_name" text NOT NULL,
+	"description" text,
+	"is_builtin" boolean DEFAULT false NOT NULL,
+	"is_system" boolean DEFAULT false NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"priority" integer DEFAULT 10 NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "roles_name_unique" UNIQUE("name")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."permissions" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"display_name" text NOT NULL,
+	"description" text,
+	"category" text,
+	"is_builtin" boolean DEFAULT false NOT NULL,
+	"is_system" boolean DEFAULT false NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL,
+	"metadata" jsonb,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "permissions_name_unique" UNIQUE("name")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."role_permissions" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"role_id" bigserial NOT NULL,
+	"permission_id" bigserial NOT NULL,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "role_permissions_unique" UNIQUE("role_id","permission_id")
+);
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "spfn_auth"."user_permissions" (
+	"id" bigserial PRIMARY KEY NOT NULL,
+	"user_id" bigserial NOT NULL,
+	"permission_id" bigserial NOT NULL,
+	"granted" boolean DEFAULT true NOT NULL,
+	"reason" text,
+	"expires_at" timestamp with time zone,
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
+	CONSTRAINT "user_permissions_unique" UNIQUE("user_id","permission_id")
+);
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'users_role_id_roles_id_fk') THEN
+        ALTER TABLE "spfn_auth"."users" ADD CONSTRAINT "users_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_profiles_user_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_profiles" ADD CONSTRAINT "user_profiles_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_public_keys_user_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_public_keys" ADD CONSTRAINT "user_public_keys_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_social_accounts_user_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_social_accounts" ADD CONSTRAINT "user_social_accounts_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_invitations_role_id_roles_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_invitations" ADD CONSTRAINT "user_invitations_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_invitations_invited_by_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_invitations" ADD CONSTRAINT "user_invitations_invited_by_id_users_id_fk" FOREIGN KEY ("invited_by_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'role_permissions_role_id_roles_id_fk') THEN
+        ALTER TABLE "spfn_auth"."role_permissions" ADD CONSTRAINT "role_permissions_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'role_permissions_permission_id_permissions_id_fk') THEN
+        ALTER TABLE "spfn_auth"."role_permissions" ADD CONSTRAINT "role_permissions_permission_id_permissions_id_fk" FOREIGN KEY ("permission_id") REFERENCES "spfn_auth"."permissions"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_permissions_user_id_users_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_permissions" ADD CONSTRAINT "user_permissions_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_constraint WHERE conname = 'user_permissions_permission_id_permissions_id_fk') THEN
+        ALTER TABLE "spfn_auth"."user_permissions" ADD CONSTRAINT "user_permissions_permission_id_permissions_id_fk" FOREIGN KEY ("permission_id") REFERENCES "spfn_auth"."permissions"("id") ON DELETE cascade ON UPDATE no action;
+    END IF;
+END $$;
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "users_email_idx" ON "spfn_auth"."users" USING btree ("email");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "users_phone_idx" ON "spfn_auth"."users" USING btree ("phone");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "users_status_idx" ON "spfn_auth"."users" USING btree ("status");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "users_role_id_idx" ON "spfn_auth"."users" USING btree ("role_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_profiles_user_id_idx" ON "spfn_auth"."user_profiles" USING btree ("user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_profiles_display_name_idx" ON "spfn_auth"."user_profiles" USING btree ("display_name");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_profiles_locale_idx" ON "spfn_auth"."user_profiles" USING btree ("locale");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_public_keys_user_id_idx" ON "spfn_auth"."user_public_keys" USING btree ("user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_public_keys_key_id_idx" ON "spfn_auth"."user_public_keys" USING btree ("key_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_public_keys_active_idx" ON "spfn_auth"."user_public_keys" USING btree ("is_active");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_public_keys_fingerprint_idx" ON "spfn_auth"."user_public_keys" USING btree ("fingerprint");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_social_accounts_user_id_idx" ON "spfn_auth"."user_social_accounts" USING btree ("user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_social_accounts_provider_idx" ON "spfn_auth"."user_social_accounts" USING btree ("provider");
+--> statement-breakpoint
+CREATE UNIQUE INDEX IF NOT EXISTS "provider_user_unique_idx" ON "spfn_auth"."user_social_accounts" USING btree ("provider","provider_user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "target_purpose_idx" ON "spfn_auth"."verification_codes" USING btree ("target","purpose","expires_at");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_token_idx" ON "spfn_auth"."user_invitations" USING btree ("token");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_email_idx" ON "spfn_auth"."user_invitations" USING btree ("email");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_status_idx" ON "spfn_auth"."user_invitations" USING btree ("status");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_invited_by_idx" ON "spfn_auth"."user_invitations" USING btree ("invited_by_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_expires_at_idx" ON "spfn_auth"."user_invitations" USING btree ("expires_at");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "invitations_role_id_idx" ON "spfn_auth"."user_invitations" USING btree ("role_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_name_idx" ON "spfn_auth"."roles" USING btree ("name");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_is_system_idx" ON "spfn_auth"."roles" USING btree ("is_system");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_is_active_idx" ON "spfn_auth"."roles" USING btree ("is_active");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_is_builtin_idx" ON "spfn_auth"."roles" USING btree ("is_builtin");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "roles_priority_idx" ON "spfn_auth"."roles" USING btree ("priority");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_name_idx" ON "spfn_auth"."permissions" USING btree ("name");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_category_idx" ON "spfn_auth"."permissions" USING btree ("category");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_is_system_idx" ON "spfn_auth"."permissions" USING btree ("is_system");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_is_active_idx" ON "spfn_auth"."permissions" USING btree ("is_active");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "permissions_is_builtin_idx" ON "spfn_auth"."permissions" USING btree ("is_builtin");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "role_permissions_role_id_idx" ON "spfn_auth"."role_permissions" USING btree ("role_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "role_permissions_permission_id_idx" ON "spfn_auth"."role_permissions" USING btree ("permission_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_permissions_user_id_idx" ON "spfn_auth"."user_permissions" USING btree ("user_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_permissions_permission_id_idx" ON "spfn_auth"."user_permissions" USING btree ("permission_id");
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "user_permissions_expires_at_idx" ON "spfn_auth"."user_permissions" USING btree ("expires_at");

package/migrations/meta/0000_snapshot.json

@@ -1,5 +1,5 @@
 {
-  "id": "7dedce95-7ceb-4691-aaad-0989041d8828",
+  "id": "e610afd0-f072-4f82-92cd-2bb8c156f284",
   "prevId": "00000000-0000-0000-0000-000000000000",
   "version": "7",
   "dialect": "postgresql",

package/migrations/meta/_journal.json

@@ -5,8 +5,8 @@
     {
       "idx": 0,
       "version": "7",
-      "when": 1765167910869,
-      "tag": "0000_mysterious_colossus",
+      "when": 1764036749408,
+      "tag": "0000_premium_famine",
       "breakpoints": true
     }
   ]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spfn/auth",
-  "version": "0.2.0-beta.1",
+  "version": "0.2.0-beta.3",
   "type": "module",
   "description": "Authentication, authorization, and RBAC module for SPFN",
   "main": "./dist/index.js",
@@ -112,11 +112,11 @@
     }
   },
   "scripts": {
-    "build": "pnpm check:circular && npm run db:generate && tsup",
+    "build": "pnpm check:circular && tsup",
     "watch": "tsup --watch",
     "dev": "tsup --watch",
     "type-check": "tsc --noEmit",
-    "clean": "rm -rf dist migrations",
+    "clean": "rm -rf dist",
     "db:generate": "drizzle-kit generate",
     "codegen": "spfn codegen run",
     "test": "vitest run",

package/migrations/0000_mysterious_colossus.sql

@@ -1,197 +0,0 @@
-CREATE SCHEMA "spfn_auth";
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."users" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"email" text,
-	"phone" text,
-	"password_hash" text,
-	"password_change_required" boolean DEFAULT false NOT NULL,
-	"role_id" bigserial NOT NULL,
-	"status" text DEFAULT 'active' NOT NULL,
-	"email_verified_at" timestamp with time zone,
-	"phone_verified_at" timestamp with time zone,
-	"last_login_at" timestamp with time zone,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "users_email_unique" UNIQUE("email"),
-	CONSTRAINT "users_phone_unique" UNIQUE("phone"),
-	CONSTRAINT "email_or_phone_check" CHECK ("spfn_auth"."users"."email" IS NOT NULL OR "spfn_auth"."users"."phone" IS NOT NULL)
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_profiles" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"user_id" bigserial NOT NULL,
-	"display_name" text NOT NULL,
-	"first_name" text,
-	"last_name" text,
-	"avatar_url" text,
-	"bio" text,
-	"locale" text DEFAULT 'en',
-	"timezone" text DEFAULT 'UTC',
-	"date_of_birth" text,
-	"gender" text,
-	"website" text,
-	"location" text,
-	"company" text,
-	"job_title" text,
-	"metadata" jsonb,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "user_profiles_user_id_unique" UNIQUE("user_id")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_public_keys" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"user_id" bigserial NOT NULL,
-	"key_id" text NOT NULL,
-	"public_key" text NOT NULL,
-	"algorithm" text DEFAULT 'ES256' NOT NULL,
-	"fingerprint" text NOT NULL,
-	"is_active" boolean DEFAULT true NOT NULL,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"last_used_at" timestamp with time zone,
-	"expires_at" timestamp with time zone,
-	"revoked_at" timestamp with time zone,
-	"revoked_reason" text,
-	CONSTRAINT "user_public_keys_key_id_unique" UNIQUE("key_id")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_social_accounts" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"user_id" bigserial NOT NULL,
-	"provider" text NOT NULL,
-	"provider_user_id" text NOT NULL,
-	"provider_email" text,
-	"access_token" text,
-	"refresh_token" text,
-	"token_expires_at" timestamp with time zone,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."verification_codes" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"target" text NOT NULL,
-	"target_type" text NOT NULL,
-	"code" text NOT NULL,
-	"purpose" text NOT NULL,
-	"expires_at" timestamp with time zone NOT NULL,
-	"used_at" timestamp with time zone,
-	"attempts" integer DEFAULT 0 NOT NULL,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "attempts_limit_check" CHECK ("spfn_auth"."verification_codes"."attempts" >= 0 AND "spfn_auth"."verification_codes"."attempts" <= 10)
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_invitations" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"email" text NOT NULL,
-	"token" text NOT NULL,
-	"role_id" bigserial NOT NULL,
-	"invited_by_id" bigserial NOT NULL,
-	"status" text DEFAULT 'pending' NOT NULL,
-	"expires_at" timestamp with time zone NOT NULL,
-	"accepted_at" timestamp with time zone,
-	"cancelled_at" timestamp with time zone,
-	"metadata" jsonb,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "user_invitations_token_unique" UNIQUE("token")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."roles" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"name" text NOT NULL,
-	"display_name" text NOT NULL,
-	"description" text,
-	"is_builtin" boolean DEFAULT false NOT NULL,
-	"is_system" boolean DEFAULT false NOT NULL,
-	"is_active" boolean DEFAULT true NOT NULL,
-	"priority" integer DEFAULT 10 NOT NULL,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "roles_name_unique" UNIQUE("name")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."permissions" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"name" text NOT NULL,
-	"display_name" text NOT NULL,
-	"description" text,
-	"category" text,
-	"is_builtin" boolean DEFAULT false NOT NULL,
-	"is_system" boolean DEFAULT false NOT NULL,
-	"is_active" boolean DEFAULT true NOT NULL,
-	"metadata" jsonb,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "permissions_name_unique" UNIQUE("name")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."role_permissions" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"role_id" bigserial NOT NULL,
-	"permission_id" bigserial NOT NULL,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "role_permissions_unique" UNIQUE("role_id","permission_id")
-);
---> statement-breakpoint
-CREATE TABLE "spfn_auth"."user_permissions" (
-	"id" bigserial PRIMARY KEY NOT NULL,
-	"user_id" bigserial NOT NULL,
-	"permission_id" bigserial NOT NULL,
-	"granted" boolean DEFAULT true NOT NULL,
-	"reason" text,
-	"expires_at" timestamp with time zone,
-	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
-	"updated_at" timestamp with time zone DEFAULT now() NOT NULL,
-	CONSTRAINT "user_permissions_unique" UNIQUE("user_id","permission_id")
-);
---> statement-breakpoint
-ALTER TABLE "spfn_auth"."users" ADD CONSTRAINT "users_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_profiles" ADD CONSTRAINT "user_profiles_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_public_keys" ADD CONSTRAINT "user_public_keys_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_social_accounts" ADD CONSTRAINT "user_social_accounts_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_invitations" ADD CONSTRAINT "user_invitations_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_invitations" ADD CONSTRAINT "user_invitations_invited_by_id_users_id_fk" FOREIGN KEY ("invited_by_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."role_permissions" ADD CONSTRAINT "role_permissions_role_id_roles_id_fk" FOREIGN KEY ("role_id") REFERENCES "spfn_auth"."roles"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."role_permissions" ADD CONSTRAINT "role_permissions_permission_id_permissions_id_fk" FOREIGN KEY ("permission_id") REFERENCES "spfn_auth"."permissions"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_permissions" ADD CONSTRAINT "user_permissions_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "spfn_auth"."users"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "spfn_auth"."user_permissions" ADD CONSTRAINT "user_permissions_permission_id_permissions_id_fk" FOREIGN KEY ("permission_id") REFERENCES "spfn_auth"."permissions"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-CREATE INDEX "users_email_idx" ON "spfn_auth"."users" USING btree ("email");--> statement-breakpoint
-CREATE INDEX "users_phone_idx" ON "spfn_auth"."users" USING btree ("phone");--> statement-breakpoint
-CREATE INDEX "users_status_idx" ON "spfn_auth"."users" USING btree ("status");--> statement-breakpoint
-CREATE INDEX "users_role_id_idx" ON "spfn_auth"."users" USING btree ("role_id");--> statement-breakpoint
-CREATE INDEX "user_profiles_user_id_idx" ON "spfn_auth"."user_profiles" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "user_profiles_display_name_idx" ON "spfn_auth"."user_profiles" USING btree ("display_name");--> statement-breakpoint
-CREATE INDEX "user_profiles_locale_idx" ON "spfn_auth"."user_profiles" USING btree ("locale");--> statement-breakpoint
-CREATE INDEX "user_public_keys_user_id_idx" ON "spfn_auth"."user_public_keys" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "user_public_keys_key_id_idx" ON "spfn_auth"."user_public_keys" USING btree ("key_id");--> statement-breakpoint
-CREATE INDEX "user_public_keys_active_idx" ON "spfn_auth"."user_public_keys" USING btree ("is_active");--> statement-breakpoint
-CREATE INDEX "user_public_keys_fingerprint_idx" ON "spfn_auth"."user_public_keys" USING btree ("fingerprint");--> statement-breakpoint
-CREATE INDEX "user_social_accounts_user_id_idx" ON "spfn_auth"."user_social_accounts" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "user_social_accounts_provider_idx" ON "spfn_auth"."user_social_accounts" USING btree ("provider");--> statement-breakpoint
-CREATE UNIQUE INDEX "provider_user_unique_idx" ON "spfn_auth"."user_social_accounts" USING btree ("provider","provider_user_id");--> statement-breakpoint
-CREATE INDEX "target_purpose_idx" ON "spfn_auth"."verification_codes" USING btree ("target","purpose","expires_at");--> statement-breakpoint
-CREATE INDEX "invitations_token_idx" ON "spfn_auth"."user_invitations" USING btree ("token");--> statement-breakpoint
-CREATE INDEX "invitations_email_idx" ON "spfn_auth"."user_invitations" USING btree ("email");--> statement-breakpoint
-CREATE INDEX "invitations_status_idx" ON "spfn_auth"."user_invitations" USING btree ("status");--> statement-breakpoint
-CREATE INDEX "invitations_invited_by_idx" ON "spfn_auth"."user_invitations" USING btree ("invited_by_id");--> statement-breakpoint
-CREATE INDEX "invitations_expires_at_idx" ON "spfn_auth"."user_invitations" USING btree ("expires_at");--> statement-breakpoint
-CREATE INDEX "invitations_role_id_idx" ON "spfn_auth"."user_invitations" USING btree ("role_id");--> statement-breakpoint
-CREATE INDEX "roles_name_idx" ON "spfn_auth"."roles" USING btree ("name");--> statement-breakpoint
-CREATE INDEX "roles_is_system_idx" ON "spfn_auth"."roles" USING btree ("is_system");--> statement-breakpoint
-CREATE INDEX "roles_is_active_idx" ON "spfn_auth"."roles" USING btree ("is_active");--> statement-breakpoint
-CREATE INDEX "roles_is_builtin_idx" ON "spfn_auth"."roles" USING btree ("is_builtin");--> statement-breakpoint
-CREATE INDEX "roles_priority_idx" ON "spfn_auth"."roles" USING btree ("priority");--> statement-breakpoint
-CREATE INDEX "permissions_name_idx" ON "spfn_auth"."permissions" USING btree ("name");--> statement-breakpoint
-CREATE INDEX "permissions_category_idx" ON "spfn_auth"."permissions" USING btree ("category");--> statement-breakpoint
-CREATE INDEX "permissions_is_system_idx" ON "spfn_auth"."permissions" USING btree ("is_system");--> statement-breakpoint
-CREATE INDEX "permissions_is_active_idx" ON "spfn_auth"."permissions" USING btree ("is_active");--> statement-breakpoint
-CREATE INDEX "permissions_is_builtin_idx" ON "spfn_auth"."permissions" USING btree ("is_builtin");--> statement-breakpoint
-CREATE INDEX "role_permissions_role_id_idx" ON "spfn_auth"."role_permissions" USING btree ("role_id");--> statement-breakpoint
-CREATE INDEX "role_permissions_permission_id_idx" ON "spfn_auth"."role_permissions" USING btree ("permission_id");--> statement-breakpoint
-CREATE INDEX "user_permissions_user_id_idx" ON "spfn_auth"."user_permissions" USING btree ("user_id");--> statement-breakpoint
-CREATE INDEX "user_permissions_permission_id_idx" ON "spfn_auth"."user_permissions" USING btree ("permission_id");--> statement-breakpoint
-CREATE INDEX "user_permissions_expires_at_idx" ON "spfn_auth"."user_permissions" USING btree ("expires_at");