feat: Add Auth Service with JWT authentication

2025-11-26 11:47:00 -08:00
parent 2c4eb7d432
commit 5aaf6cbf21
23 changed files with 3522 additions and 26 deletions
--- a/migrations/011_create_auth_tables.sql
+++ b/migrations/011_create_auth_tables.sql
@@ -0,0 +1,72 @@
+-- Migration: 011_create_auth_tables.sql
+-- Auth system for DAARION.city
+
+-- Users table
+CREATE TABLE IF NOT EXISTS auth_users (
+    id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    email         TEXT UNIQUE NOT NULL,
+    password_hash TEXT NOT NULL,
+    display_name  TEXT,
+    avatar_url    TEXT,
+    is_active     BOOLEAN NOT NULL DEFAULT TRUE,
+    is_admin      BOOLEAN NOT NULL DEFAULT FALSE,
+    locale        TEXT DEFAULT 'uk',
+    timezone      TEXT DEFAULT 'Europe/Kyiv',
+    meta          JSONB DEFAULT '{}'::jsonb,
+    created_at    TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at    TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS ix_auth_users_email ON auth_users(email);
+
+-- Roles table
+CREATE TABLE IF NOT EXISTS auth_roles (
+    id          TEXT PRIMARY KEY,
+    description TEXT
+);
+
+-- Default roles
+INSERT INTO auth_roles (id, description) VALUES
+    ('user', 'Regular user'),
+    ('admin', 'Administrator'),
+    ('agent-system', 'System agent')
+ON CONFLICT (id) DO NOTHING;
+
+-- User-Role mapping
+CREATE TABLE IF NOT EXISTS auth_user_roles (
+    user_id UUID NOT NULL REFERENCES auth_users(id) ON DELETE CASCADE,
+    role_id TEXT NOT NULL REFERENCES auth_roles(id) ON DELETE CASCADE,
+    PRIMARY KEY (user_id, role_id)
+);
+
+-- Sessions table for refresh tokens
+CREATE TABLE IF NOT EXISTS auth_sessions (
+    id          UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    user_id     UUID NOT NULL REFERENCES auth_users(id) ON DELETE CASCADE,
+    user_agent  TEXT,
+    ip_address  INET,
+    created_at  TIMESTAMPTZ NOT NULL DEFAULT now(),
+    expires_at  TIMESTAMPTZ NOT NULL,
+    revoked_at  TIMESTAMPTZ,
+    meta        JSONB DEFAULT '{}'::jsonb
+);
+
+CREATE INDEX IF NOT EXISTS ix_auth_sessions_user_id ON auth_sessions(user_id);
+CREATE INDEX IF NOT EXISTS ix_auth_sessions_expires ON auth_sessions(expires_at);
+
+-- Function to update updated_at timestamp
+CREATE OR REPLACE FUNCTION update_auth_users_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = now();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Trigger for updated_at
+DROP TRIGGER IF EXISTS trigger_auth_users_updated_at ON auth_users;
+CREATE TRIGGER trigger_auth_users_updated_at
+    BEFORE UPDATE ON auth_users
+    FOR EACH ROW
+    EXECUTE FUNCTION update_auth_users_updated_at();
+