insforge 0.3.3 → 1.3.0

package/backend/{migrations → src/infra/database/migrations}/006_modify-ai-usage-table.sql

@@ -1,25 +1,25 @@
--- Migration: 006 - Modify AI usage table
--- This migration modifies the _ai_usage table to:
--- 1. Change foreign key constraint on config_id to SET NULL
--- 2. Make config_id nullable
--- 3. Add model_id column
-
--- Drop existing foreign key constraint
-ALTER TABLE _ai_usage 
-DROP CONSTRAINT IF EXISTS _ai_usage_config_id_fkey;
-
--- Make config_id nullable
-ALTER TABLE _ai_usage 
-ALTER COLUMN config_id DROP NOT NULL;
-
--- Add new foreign key constraint with SET NULL on delete
-ALTER TABLE _ai_usage 
-ADD CONSTRAINT _ai_usage_config_id_fkey 
-FOREIGN KEY (config_id) REFERENCES _ai_configs(id) ON DELETE SET NULL;
-
--- Add new columns for model identification
-ALTER TABLE _ai_usage 
-ADD COLUMN IF NOT EXISTS model_id VARCHAR(255);
-
--- Create indexes for the new columns
+-- Migration: 006 - Modify AI usage table
+-- This migration modifies the _ai_usage table to:
+-- 1. Change foreign key constraint on config_id to SET NULL
+-- 2. Make config_id nullable
+-- 3. Add model_id column
+
+-- Drop existing foreign key constraint
+ALTER TABLE _ai_usage 
+DROP CONSTRAINT IF EXISTS _ai_usage_config_id_fkey;
+
+-- Make config_id nullable
+ALTER TABLE _ai_usage 
+ALTER COLUMN config_id DROP NOT NULL;
+
+-- Add new foreign key constraint with SET NULL on delete
+ALTER TABLE _ai_usage 
+ADD CONSTRAINT _ai_usage_config_id_fkey 
+FOREIGN KEY (config_id) REFERENCES _ai_configs(id) ON DELETE SET NULL;
+
+-- Add new columns for model identification
+ALTER TABLE _ai_usage 
+ADD COLUMN IF NOT EXISTS model_id VARCHAR(255);
+
+-- Create indexes for the new columns
 CREATE INDEX IF NOT EXISTS idx_ai_usage_model_id ON _ai_usage(model_id);

package/backend/{migrations → src/infra/database/migrations}/007_drop-metadata-table.sql

@@ -1,2 +1,2 @@
--- Drop the _metadata table if it exists
+-- Drop the _metadata table if it exists
 DROP TABLE IF EXISTS _metadata CASCADE;

package/backend/{migrations → src/infra/database/migrations}/008_add-system-tables.sql

@@ -1,77 +1,77 @@
--- Migration: 008 - Create new system tables and rename OAuth connections table
-
--- 1. Create _secrets table for storing application secrets
-CREATE TABLE IF NOT EXISTS _secrets (
-  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
-  name TEXT UNIQUE NOT NULL,
-  value_ciphertext TEXT NOT NULL,
-  is_active BOOLEAN DEFAULT TRUE,
-  last_used_at TIMESTAMPTZ,
-  expires_at TIMESTAMPTZ,
-  created_at TIMESTAMPTZ DEFAULT NOW(),
-  updated_at TIMESTAMPTZ DEFAULT NOW()
-);
-
--- 2. Create _oauth_configs table for OAuth provider configurations
-CREATE TABLE IF NOT EXISTS _oauth_configs (
-  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
-  provider TEXT UNIQUE NOT NULL,
-  client_id TEXT,
-  secret_id UUID REFERENCES _secrets(id) ON DELETE RESTRICT,
-  scopes TEXT[],
-  redirect_uri TEXT,
-  use_shared_key BOOLEAN DEFAULT FALSE,
-  created_at TIMESTAMPTZ DEFAULT NOW(),
-  updated_at TIMESTAMPTZ DEFAULT NOW()
-);
-
--- 3. Create _audit_logs table for storing admin operation logs
-CREATE TABLE IF NOT EXISTS _audit_logs (
-  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
-  actor TEXT NOT NULL,
-  action TEXT NOT NULL,
-  module TEXT NOT NULL,
-  details JSONB,
-  ip_address INET,
-  created_at TIMESTAMPTZ DEFAULT NOW(),
-  updated_at TIMESTAMPTZ DEFAULT NOW()
-);
-
--- 4. Rename _oauth_connections to _account_providers
-DO $$
-BEGIN
-    IF EXISTS (SELECT FROM information_schema.tables
-              WHERE table_name = '_oauth_connections' AND table_schema = 'public') THEN
-        IF EXISTS (SELECT FROM information_schema.tables
-                  WHERE table_name = '_account_providers' AND table_schema = 'public') THEN
-            -- _account_providers already exists, just drop _oauth_connections
-            DROP TABLE _oauth_connections CASCADE;
-        ELSE
-            -- _account_providers doesn't exist, rename _oauth_connections to _account_providers
-            ALTER TABLE _oauth_connections RENAME TO _account_providers;
-        END IF;
-    END IF;
-END $$;
-
--- 5. Drop the old _config system table
-DROP TABLE IF EXISTS _config CASCADE;
-
--- Create indexes for better query performance
-CREATE INDEX IF NOT EXISTS idx_secrets_name ON _secrets(name);
-CREATE INDEX IF NOT EXISTS idx_oauth_configs_provider ON _oauth_configs(provider);
-CREATE INDEX IF NOT EXISTS idx_audit_logs_actor ON _audit_logs(actor);
-CREATE INDEX IF NOT EXISTS idx_audit_logs_module ON _audit_logs(module);
-CREATE INDEX IF NOT EXISTS idx_audit_logs_created_at ON _audit_logs(created_at DESC);
-
--- Add triggers for updated_at
-DROP TRIGGER IF EXISTS update__secrets_updated_at ON _secrets;
-CREATE TRIGGER update__secrets_updated_at BEFORE UPDATE ON _secrets
-FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
-
-DROP TRIGGER IF EXISTS update__oauth_configs_updated_at ON _oauth_configs;
-CREATE TRIGGER update__oauth_configs_updated_at BEFORE UPDATE ON _oauth_configs
-FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
-
-DROP TRIGGER IF EXISTS update__audit_logs_updated_at ON _audit_logs;
-CREATE TRIGGER update__audit_logs_updated_at BEFORE UPDATE ON _audit_logs
+-- Migration: 008 - Create new system tables and rename OAuth connections table
+
+-- 1. Create _secrets table for storing application secrets
+CREATE TABLE IF NOT EXISTS _secrets (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  name TEXT UNIQUE NOT NULL,
+  value_ciphertext TEXT NOT NULL,
+  is_active BOOLEAN DEFAULT TRUE,
+  last_used_at TIMESTAMPTZ,
+  expires_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- 2. Create _oauth_configs table for OAuth provider configurations
+CREATE TABLE IF NOT EXISTS _oauth_configs (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  provider TEXT UNIQUE NOT NULL,
+  client_id TEXT,
+  secret_id UUID REFERENCES _secrets(id) ON DELETE RESTRICT,
+  scopes TEXT[],
+  redirect_uri TEXT,
+  use_shared_key BOOLEAN DEFAULT FALSE,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- 3. Create _audit_logs table for storing admin operation logs
+CREATE TABLE IF NOT EXISTS _audit_logs (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  actor TEXT NOT NULL,
+  action TEXT NOT NULL,
+  module TEXT NOT NULL,
+  details JSONB,
+  ip_address INET,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- 4. Rename _oauth_connections to _account_providers
+DO $$
+BEGIN
+    IF EXISTS (SELECT FROM information_schema.tables
+              WHERE table_name = '_oauth_connections' AND table_schema = 'public') THEN
+        IF EXISTS (SELECT FROM information_schema.tables
+                  WHERE table_name = '_account_providers' AND table_schema = 'public') THEN
+            -- _account_providers already exists, just drop _oauth_connections
+            DROP TABLE _oauth_connections CASCADE;
+        ELSE
+            -- _account_providers doesn't exist, rename _oauth_connections to _account_providers
+            ALTER TABLE _oauth_connections RENAME TO _account_providers;
+        END IF;
+    END IF;
+END $$;
+
+-- 5. Drop the old _config system table
+DROP TABLE IF EXISTS _config CASCADE;
+
+-- Create indexes for better query performance
+CREATE INDEX IF NOT EXISTS idx_secrets_name ON _secrets(name);
+CREATE INDEX IF NOT EXISTS idx_oauth_configs_provider ON _oauth_configs(provider);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_actor ON _audit_logs(actor);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_module ON _audit_logs(module);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_created_at ON _audit_logs(created_at DESC);
+
+-- Add triggers for updated_at
+DROP TRIGGER IF EXISTS update__secrets_updated_at ON _secrets;
+CREATE TRIGGER update__secrets_updated_at BEFORE UPDATE ON _secrets
+FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+DROP TRIGGER IF EXISTS update__oauth_configs_updated_at ON _oauth_configs;
+CREATE TRIGGER update__oauth_configs_updated_at BEFORE UPDATE ON _oauth_configs
+FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+DROP TRIGGER IF EXISTS update__audit_logs_updated_at ON _audit_logs;
+CREATE TRIGGER update__audit_logs_updated_at BEFORE UPDATE ON _audit_logs
 FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();

package/backend/{migrations → src/infra/database/migrations}/009_add-function-secrets.sql

@@ -1,24 +1,24 @@
--- Migration: 009 - Create function secrets table for edge functions environment variables
--- This table stores encrypted secrets that are injected into edge functions as Deno.env variables
-
-CREATE TABLE IF NOT EXISTS _function_secrets (
-  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
-  key VARCHAR(255) UNIQUE NOT NULL,
-  value_ciphertext TEXT NOT NULL,      -- Encrypted value using AES-256-GCM
-  is_reserved BOOLEAN DEFAULT FALSE,   -- System-reserved keys that can't be modified/deleted
-  created_at TIMESTAMPTZ DEFAULT NOW(),
-  updated_at TIMESTAMPTZ DEFAULT NOW()
-);
-
--- Create index for faster key lookups
-CREATE INDEX IF NOT EXISTS idx_function_secrets_key ON _function_secrets(key);
-
--- Add trigger for updated_at
-DROP TRIGGER IF EXISTS update__function_secrets_updated_at ON _function_secrets;
-CREATE TRIGGER update__function_secrets_updated_at BEFORE UPDATE ON _function_secrets
-FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
-
--- Note: Reserved system secrets will be initialized by the application on startup
-
--- Rename _edge_functions table to functions
+-- Migration: 009 - Create function secrets table for edge functions environment variables
+-- This table stores encrypted secrets that are injected into edge functions as Deno.env variables
+
+CREATE TABLE IF NOT EXISTS _function_secrets (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  key VARCHAR(255) UNIQUE NOT NULL,
+  value_ciphertext TEXT NOT NULL,      -- Encrypted value using AES-256-GCM
+  is_reserved BOOLEAN DEFAULT FALSE,   -- System-reserved keys that can't be modified/deleted
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- Create index for faster key lookups
+CREATE INDEX IF NOT EXISTS idx_function_secrets_key ON _function_secrets(key);
+
+-- Add trigger for updated_at
+DROP TRIGGER IF EXISTS update__function_secrets_updated_at ON _function_secrets;
+CREATE TRIGGER update__function_secrets_updated_at BEFORE UPDATE ON _function_secrets
+FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+-- Note: Reserved system secrets will be initialized by the application on startup
+
+-- Rename _edge_functions table to functions
 ALTER TABLE IF EXISTS _edge_functions RENAME TO _functions;

package/backend/{migrations → src/infra/database/migrations}/010_modify-ai-config-modalities.sql

@@ -1,93 +1,93 @@
--- Migration: 010 - Modify AI configurations table to support input/output modalities
--- This migration modifies the _ai_configs table to:
--- 1. Add new columns: input_modality and output_modality (TEXT arrays)
--- 2. Migrate existing modality data to input_modality
--- 3. Set default output_modality based on existing modality
--- 4. Drop the old modality column
-
-DO $$
-BEGIN
-    -- Add new columns for input and output modalities
-    ALTER TABLE _ai_configs 
-    ADD COLUMN IF NOT EXISTS input_modality TEXT[] DEFAULT '{text}';
-    
-    ALTER TABLE _ai_configs 
-    ADD COLUMN IF NOT EXISTS output_modality TEXT[] DEFAULT '{text}';
-
-    -- Check if modality column exists and migrate data if it does
-    IF EXISTS (
-        SELECT 1
-        FROM information_schema.columns
-        WHERE table_schema = 'public'
-        AND table_name = '_ai_configs'
-        AND column_name = 'modality'
-    ) THEN
-        -- Migrate existing modality data to input_modality
-        -- For most cases, we'll set input_modality to the existing modality
-        -- and output_modality to the same value, only supporting text and image
-        UPDATE _ai_configs
-        SET
-            input_modality = CASE
-                WHEN modality = 'multi' THEN '{text,image}'::TEXT[]
-                WHEN modality = 'image' THEN '{text,image}'::TEXT[]
-                ELSE ARRAY[modality]::TEXT[]
-            END,
-            output_modality = CASE
-                WHEN modality = 'multi' THEN '{text,image}'::TEXT[]
-                WHEN modality = 'text' THEN '{text}'::TEXT[]
-                WHEN modality = 'image' THEN '{text,image}'::TEXT[]
-                ELSE '{text}'::TEXT[]
-            END
-        WHERE input_modality = '{text}' OR input_modality IS NULL;
-    END IF;
-
-    -- Make the new columns NOT NULL after migration
-    ALTER TABLE _ai_configs 
-    ALTER COLUMN input_modality SET NOT NULL;
-    
-    ALTER TABLE _ai_configs 
-    ALTER COLUMN output_modality SET NOT NULL;
-
-    -- Drop the old modality column
-    ALTER TABLE _ai_configs 
-    DROP COLUMN IF EXISTS modality;
-
-    -- Create indexes for the new TEXT array columns for better query performance
-    CREATE INDEX IF NOT EXISTS idx_ai_configs_input_modality ON _ai_configs USING GIN (input_modality);
-    CREATE INDEX IF NOT EXISTS idx_ai_configs_output_modality ON _ai_configs USING GIN (output_modality);
-
-    -- Drop existing constraints if they exist, then add them
-    ALTER TABLE _ai_configs
-    DROP CONSTRAINT IF EXISTS check_input_modality_not_empty;
-
-    ALTER TABLE _ai_configs
-    ADD CONSTRAINT check_input_modality_not_empty
-    CHECK (array_length(input_modality, 1) > 0);
-
-    ALTER TABLE _ai_configs
-    DROP CONSTRAINT IF EXISTS check_output_modality_not_empty;
-
-    ALTER TABLE _ai_configs
-    ADD CONSTRAINT check_output_modality_not_empty
-    CHECK (array_length(output_modality, 1) > 0);
-
-    -- Drop existing constraints if they exist, then add them
-    ALTER TABLE _ai_configs
-    DROP CONSTRAINT IF EXISTS check_input_modality_valid;
-
-    ALTER TABLE _ai_configs
-    ADD CONSTRAINT check_input_modality_valid
-    CHECK (
-        input_modality <@ '{text,image}'::TEXT[]
-    );
-
-    ALTER TABLE _ai_configs
-    DROP CONSTRAINT IF EXISTS check_output_modality_valid;
-
-    ALTER TABLE _ai_configs
-    ADD CONSTRAINT check_output_modality_valid
-    CHECK (
-        output_modality <@ '{text,image}'::TEXT[]
-    );
-
-END $$;
+-- Migration: 010 - Modify AI configurations table to support input/output modalities
+-- This migration modifies the _ai_configs table to:
+-- 1. Add new columns: input_modality and output_modality (TEXT arrays)
+-- 2. Migrate existing modality data to input_modality
+-- 3. Set default output_modality based on existing modality
+-- 4. Drop the old modality column
+
+DO $$
+BEGIN
+    -- Add new columns for input and output modalities
+    ALTER TABLE _ai_configs 
+    ADD COLUMN IF NOT EXISTS input_modality TEXT[] DEFAULT '{text}';
+    
+    ALTER TABLE _ai_configs 
+    ADD COLUMN IF NOT EXISTS output_modality TEXT[] DEFAULT '{text}';
+
+    -- Check if modality column exists and migrate data if it does
+    IF EXISTS (
+        SELECT 1
+        FROM information_schema.columns
+        WHERE table_schema = 'public'
+        AND table_name = '_ai_configs'
+        AND column_name = 'modality'
+    ) THEN
+        -- Migrate existing modality data to input_modality
+        -- For most cases, we'll set input_modality to the existing modality
+        -- and output_modality to the same value, only supporting text and image
+        UPDATE _ai_configs
+        SET
+            input_modality = CASE
+                WHEN modality = 'multi' THEN '{text,image}'::TEXT[]
+                WHEN modality = 'image' THEN '{text,image}'::TEXT[]
+                ELSE ARRAY[modality]::TEXT[]
+            END,
+            output_modality = CASE
+                WHEN modality = 'multi' THEN '{text,image}'::TEXT[]
+                WHEN modality = 'text' THEN '{text}'::TEXT[]
+                WHEN modality = 'image' THEN '{text,image}'::TEXT[]
+                ELSE '{text}'::TEXT[]
+            END
+        WHERE input_modality = '{text}' OR input_modality IS NULL;
+    END IF;
+
+    -- Make the new columns NOT NULL after migration
+    ALTER TABLE _ai_configs 
+    ALTER COLUMN input_modality SET NOT NULL;
+    
+    ALTER TABLE _ai_configs 
+    ALTER COLUMN output_modality SET NOT NULL;
+
+    -- Drop the old modality column
+    ALTER TABLE _ai_configs 
+    DROP COLUMN IF EXISTS modality;
+
+    -- Create indexes for the new TEXT array columns for better query performance
+    CREATE INDEX IF NOT EXISTS idx_ai_configs_input_modality ON _ai_configs USING GIN (input_modality);
+    CREATE INDEX IF NOT EXISTS idx_ai_configs_output_modality ON _ai_configs USING GIN (output_modality);
+
+    -- Drop existing constraints if they exist, then add them
+    ALTER TABLE _ai_configs
+    DROP CONSTRAINT IF EXISTS check_input_modality_not_empty;
+
+    ALTER TABLE _ai_configs
+    ADD CONSTRAINT check_input_modality_not_empty
+    CHECK (array_length(input_modality, 1) > 0);
+
+    ALTER TABLE _ai_configs
+    DROP CONSTRAINT IF EXISTS check_output_modality_not_empty;
+
+    ALTER TABLE _ai_configs
+    ADD CONSTRAINT check_output_modality_not_empty
+    CHECK (array_length(output_modality, 1) > 0);
+
+    -- Drop existing constraints if they exist, then add them
+    ALTER TABLE _ai_configs
+    DROP CONSTRAINT IF EXISTS check_input_modality_valid;
+
+    ALTER TABLE _ai_configs
+    ADD CONSTRAINT check_input_modality_valid
+    CHECK (
+        input_modality <@ '{text,image}'::TEXT[]
+    );
+
+    ALTER TABLE _ai_configs
+    DROP CONSTRAINT IF EXISTS check_output_modality_valid;
+
+    ALTER TABLE _ai_configs
+    ADD CONSTRAINT check_output_modality_valid
+    CHECK (
+        output_modality <@ '{text,image}'::TEXT[]
+    );
+
+END $$;

package/backend/{migrations → src/infra/database/migrations}/011_refactor-secrets-table.sql

@@ -1,15 +1,15 @@
--- Migration: 011 - Drop function secrets table and update main secrets table
--- This migration is part of the refactoring to unify all secrets management
-
--- 1. Drop the _function_secrets table (replaced by main _secrets table)
-DROP TRIGGER IF EXISTS update__function_secrets_updated_at ON _function_secrets;
-DROP INDEX IF EXISTS idx_function_secrets_key;
-DROP TABLE IF EXISTS _function_secrets;
-
--- 2. Add is_reserved column to _secrets table
-ALTER TABLE _secrets 
-ADD COLUMN IF NOT EXISTS is_reserved BOOLEAN DEFAULT FALSE;
-
--- 3. Rename name column to key
-ALTER TABLE _secrets 
-RENAME COLUMN name TO key;
+-- Migration: 011 - Drop function secrets table and update main secrets table
+-- This migration is part of the refactoring to unify all secrets management
+
+-- 1. Drop the _function_secrets table (replaced by main _secrets table)
+DROP TRIGGER IF EXISTS update__function_secrets_updated_at ON _function_secrets;
+DROP INDEX IF EXISTS idx_function_secrets_key;
+DROP TABLE IF EXISTS _function_secrets;
+
+-- 2. Add is_reserved column to _secrets table
+ALTER TABLE _secrets 
+ADD COLUMN IF NOT EXISTS is_reserved BOOLEAN DEFAULT FALSE;
+
+-- 3. Rename name column to key
+ALTER TABLE _secrets 
+RENAME COLUMN name TO key;

package/backend/{migrations → src/infra/database/migrations}/012_add-storage-uploaded-by.sql

@@ -1,8 +1,8 @@
--- Migration: 012 - Add uploaded_by column to _storage table
--- This migration adds a foreign key relationship to track which account uploaded each file
-
-ALTER TABLE _storage
-ADD COLUMN uploaded_by UUID REFERENCES _accounts(id) ON DELETE SET NULL;
-
--- Create an index for better query performance when filtering by uploader
+-- Migration: 012 - Add uploaded_by column to _storage table
+-- This migration adds a foreign key relationship to track which account uploaded each file
+
+ALTER TABLE _storage
+ADD COLUMN uploaded_by UUID REFERENCES _accounts(id) ON DELETE SET NULL;
+
+-- Create an index for better query performance when filtering by uploader
 CREATE INDEX IF NOT EXISTS idx_storage_uploaded_by ON _storage(uploaded_by);

package/backend/src/infra/database/migrations/013_create-auth-schema-functions.sql

@@ -0,0 +1,44 @@
+-- Migration: 013 - Create auth schema and copy helper functions
+-- Creates auth schema if it doesn't exist and copies JWT helper functions
+
+-- Create auth schema if not exists
+CREATE SCHEMA IF NOT EXISTS auth;
+
+-- Function to get current user ID from JWT (in auth schema)
+CREATE OR REPLACE FUNCTION auth.uid()
+RETURNS uuid
+LANGUAGE sql STABLE
+AS $$
+  SELECT
+  nullif(
+    coalesce(
+      current_setting('request.jwt.claim.sub', true),
+      (current_setting('request.jwt.claims', true)::jsonb ->> 'sub')
+    ),
+    ''
+  )::uuid
+$$;
+
+-- Function to get current user role from JWT (in auth schema)
+CREATE OR REPLACE FUNCTION auth.role()
+RETURNS text
+LANGUAGE sql STABLE
+AS $$
+  SELECT
+  coalesce(
+    current_setting('request.jwt.claim.role', true),
+    (current_setting('request.jwt.claims', true)::jsonb ->> 'role')
+  )::text
+$$;
+
+-- Function to get current user email from JWT (in auth schema)
+CREATE OR REPLACE FUNCTION auth.email()
+RETURNS text
+LANGUAGE sql STABLE
+AS $$
+  SELECT
+  coalesce(
+    current_setting('request.jwt.claim.email', true),
+    (current_setting('request.jwt.claims', true)::jsonb ->> 'email')
+  )::text
+$$;

package/backend/src/infra/database/migrations/014_add-updated-at-trigger-user-table.sql

@@ -0,0 +1,8 @@
+-- Migration: 014 - Add updated_at trigger to users table
+-- Adds the updated_at trigger to the users table for automatic timestamp management
+
+
+DROP TRIGGER IF EXISTS update_users_updated_at ON users;
+CREATE TRIGGER update_users_updated_at
+BEFORE UPDATE ON users
+FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();

package/backend/src/infra/database/migrations/015_create-auth-config-and-email-otp-tables.sql

@@ -0,0 +1,60 @@
+-- Migration: 015 - Create email OTP verification table and email auth configs
+-- This migration creates:
+-- 1. _email_otps: Stores one-time tokens for email verification purposes
+--    - Supports both short numeric codes (6 digits) for manual entry
+--    - Supports long cryptographic tokens (64 chars) for magic links
+--    - Uses dual hashing strategy:
+--      * NUMERIC_CODE (6 digits): Bcrypt hash (slow, defense against brute force)
+--      * LINK_TOKEN (64 hex chars): SHA-256 hash (fast, enables direct O(1) lookup)
+-- 2. _auth_configs: Stores email authentication configuration (single-row table)
+
+-- 1. Create email OTP verification table
+CREATE TABLE IF NOT EXISTS _email_otps (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  email TEXT NOT NULL,
+  purpose TEXT NOT NULL,
+  otp_hash TEXT NOT NULL, -- Hash of OTP: bcrypt for NUMERIC_CODE, SHA-256 for LINK_TOKEN
+  expires_at TIMESTAMPTZ NOT NULL,
+  consumed_at TIMESTAMPTZ,
+  attempts_count INTEGER DEFAULT 0 NOT NULL,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW(),
+  UNIQUE (email, purpose) -- Only one active token per email/purpose combination
+);
+
+-- Create indexes for better query performance
+CREATE INDEX IF NOT EXISTS idx_email_otps_email_purpose ON _email_otps(email, purpose);
+CREATE INDEX IF NOT EXISTS idx_email_otps_expires_at ON _email_otps(expires_at);
+CREATE INDEX IF NOT EXISTS idx_email_otps_otp_hash ON _email_otps(otp_hash); -- For direct LINK_TOKEN lookup
+
+-- Add trigger for updated_at
+DROP TRIGGER IF EXISTS update__email_otps_updated_at ON _email_otps;
+CREATE TRIGGER update__email_otps_updated_at
+BEFORE UPDATE ON _email_otps
+FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+-- 2. Create email authentication configuration table (single-row design)
+-- This table stores global email authentication settings for the project
+CREATE TABLE IF NOT EXISTS _auth_configs (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  require_email_verification BOOLEAN DEFAULT FALSE NOT NULL,
+  password_min_length INTEGER DEFAULT 6 NOT NULL CHECK (password_min_length >= 4 AND password_min_length <= 128),
+  require_number BOOLEAN DEFAULT FALSE NOT NULL,
+  require_lowercase BOOLEAN DEFAULT FALSE NOT NULL,
+  require_uppercase BOOLEAN DEFAULT FALSE NOT NULL,
+  require_special_char BOOLEAN DEFAULT FALSE NOT NULL,
+  verify_email_redirect_to TEXT, -- Custom URL to redirect after successful email verification (defaults to no redirect if NULL)
+  reset_password_redirect_to TEXT, -- Custom URL to redirect after successful password reset (defaults to no redirect if NULL)
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- Ensure only one row exists (singleton pattern)
+-- This constraint prevents multiple configuration rows
+CREATE UNIQUE INDEX IF NOT EXISTS idx_auth_configs_singleton ON _auth_configs ((1));
+
+-- Add trigger for updated_at
+DROP TRIGGER IF EXISTS update__auth_configs_updated_at ON _auth_configs;
+CREATE TRIGGER update__auth_configs_updated_at
+BEFORE UPDATE ON _auth_configs
+FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();

package/backend/src/infra/database/migrations/016_update-auth-config-and-email-otp.sql

@@ -0,0 +1,24 @@
+-- Migration 016: Update _email_otps and _auth_configs tables
+--
+-- Changes:
+-- 1. _email_otps table:
+--    - Remove attempts_count column (brute force protection moved to API rate limiter)
+-- 2. _auth_configs table:
+--    - Remove verify_email_redirect_to and reset_password_redirect_to columns
+--    - Add verify_email_method and reset_password_method columns (code or link)
+--    - Add sign_in_redirect_to column
+
+-- Update _email_otps: Remove attempts_count column
+ALTER TABLE _email_otps DROP COLUMN IF EXISTS attempts_count;
+
+-- Update _auth_configs: Remove old redirect columns
+ALTER TABLE _auth_configs
+  DROP COLUMN IF EXISTS verify_email_redirect_to,
+  DROP COLUMN IF EXISTS reset_password_redirect_to;
+
+-- Add new columns to _auth_configs
+-- Note: DEFAULT 'code' NOT NULL ensures existing rows automatically get 'code' value
+ALTER TABLE _auth_configs
+  ADD COLUMN IF NOT EXISTS verify_email_method TEXT DEFAULT 'code' NOT NULL CHECK (verify_email_method IN ('code', 'link')),
+  ADD COLUMN IF NOT EXISTS reset_password_method TEXT DEFAULT 'code' NOT NULL CHECK (reset_password_method IN ('code', 'link')),
+  ADD COLUMN IF NOT EXISTS sign_in_redirect_to TEXT;