Add auth schema drizzle migrations 11 and 12

packages/db/drizzle/0011_wise_jane_foster.sql

@@ -0,0 +1,58 @@
+CREATE SCHEMA IF NOT EXISTS "auth";
+--> statement-breakpoint
+CREATE TABLE "auth"."email_mfa_codes" (
+	"id" text PRIMARY KEY NOT NULL,
+	"email" text NOT NULL,
+	"code_hash" text NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"consumed_at" timestamp,
+	"attempt_count" integer DEFAULT 0 NOT NULL,
+	"created_at" timestamp DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "auth"."oauth_access_tokens" (
+	"token" text PRIMARY KEY NOT NULL,
+	"client_id" text NOT NULL,
+	"user_id" integer NOT NULL,
+	"scopes" text,
+	"expires_at" timestamp NOT NULL,
+	"created_at" timestamp DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "auth"."oauth_authorization_codes" (
+	"code" text PRIMARY KEY NOT NULL,
+	"client_id" text NOT NULL,
+	"user_id" integer NOT NULL,
+	"redirect_uri" text NOT NULL,
+	"scopes" text,
+	"code_challenge" text,
+	"code_challenge_method" text,
+	"expires_at" timestamp NOT NULL,
+	"created_at" timestamp DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "auth"."oauth_clients" (
+	"id" text PRIMARY KEY NOT NULL,
+	"name" text NOT NULL,
+	"client_secret_hash" text NOT NULL,
+	"redirect_uris" text NOT NULL,
+	"allowed_origin" text NOT NULL,
+	"scopes" text DEFAULT 'openid profile email',
+	"created_at" timestamp DEFAULT timezone('utc'::text, now()) NOT NULL,
+	"is_active" boolean DEFAULT true NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "auth"."oauth_refresh_tokens" (
+	"token" text PRIMARY KEY NOT NULL,
+	"client_id" text NOT NULL,
+	"user_id" integer NOT NULL,
+	"expires_at" timestamp NOT NULL,
+	"created_at" timestamp DEFAULT timezone('utc'::text, now()) NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "auth"."oauth_access_tokens" ADD CONSTRAINT "oauth_access_tokens_client_id_oauth_clients_id_fk" FOREIGN KEY ("client_id") REFERENCES "auth"."oauth_clients"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "auth"."oauth_access_tokens" ADD CONSTRAINT "oauth_access_tokens_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "auth"."oauth_authorization_codes" ADD CONSTRAINT "oauth_authorization_codes_client_id_oauth_clients_id_fk" FOREIGN KEY ("client_id") REFERENCES "auth"."oauth_clients"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "auth"."oauth_authorization_codes" ADD CONSTRAINT "oauth_authorization_codes_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "auth"."oauth_refresh_tokens" ADD CONSTRAINT "oauth_refresh_tokens_client_id_oauth_clients_id_fk" FOREIGN KEY ("client_id") REFERENCES "auth"."oauth_clients"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "auth"."oauth_refresh_tokens" ADD CONSTRAINT "oauth_refresh_tokens_user_id_users_id_fk" FOREIGN KEY ("user_id") REFERENCES "public"."users"("id") ON DELETE no action ON UPDATE no action;

packages/db/drizzle/0012_fix_client_secret_hash_column.sql

@@ -0,0 +1,11 @@
+DO $$
+BEGIN
+  IF EXISTS (
+    SELECT 1 FROM information_schema.columns
+    WHERE table_schema = 'auth'
+      AND table_name = 'oauth_clients'
+      AND column_name = 'client_secret'
+  ) THEN
+    ALTER TABLE "auth"."oauth_clients" RENAME COLUMN "client_secret" TO "client_secret_hash";
+  END IF;
+END $$;