First crack

db/migrate/20251023053651_create_users.rb

@@ -0,0 +1,11 @@
+class CreateUsers < ActiveRecord::Migration[8.1]
+  def change
+    create_table :users do |t|
+      t.string :email_address, null: false
+      t.string :password_digest, null: false
+
+      t.timestamps
+    end
+    add_index :users, :email_address, unique: true
+  end
+end

db/migrate/20251023053652_create_sessions.rb

@@ -0,0 +1,11 @@
+class CreateSessions < ActiveRecord::Migration[8.1]
+  def change
+    create_table :sessions do |t|
+      t.references :user, null: false, foreign_key: true
+      t.string :ip_address
+      t.string :user_agent
+
+      t.timestamps
+    end
+  end
+end

db/migrate/20251023053722_add_auth_fields_to_users.rb

@@ -0,0 +1,11 @@
+class AddAuthFieldsToUsers < ActiveRecord::Migration[8.1]
+  def change
+    add_column :users, :admin, :boolean, default: false, null: false
+    add_column :users, :totp_secret, :string
+    add_column :users, :totp_required, :boolean, default: false, null: false
+    add_column :users, :backup_codes, :text
+    add_column :users, :status, :string, default: "active", null: false
+
+    add_index :users, :status
+  end
+end

db/migrate/20251023053740_add_device_tracking_to_sessions.rb

@@ -0,0 +1,11 @@
+class AddDeviceTrackingToSessions < ActiveRecord::Migration[8.1]
+  def change
+    add_column :sessions, :device_name, :string
+    add_column :sessions, :remember_me, :boolean, default: false, null: false
+    add_column :sessions, :expires_at, :datetime
+    add_column :sessions, :last_activity_at, :datetime
+
+    add_index :sessions, :expires_at
+    add_index :sessions, :last_activity_at
+  end
+end

db/migrate/20251023053836_create_groups.rb

@@ -0,0 +1,11 @@
+class CreateGroups < ActiveRecord::Migration[8.1]
+  def change
+    create_table :groups do |t|
+      t.string :name, null: false
+      t.text :description
+
+      t.timestamps
+    end
+    add_index :groups, :name, unique: true
+  end
+end

db/migrate/20251023053837_create_user_groups.rb

@@ -0,0 +1,12 @@
+class CreateUserGroups < ActiveRecord::Migration[8.1]
+  def change
+    create_table :user_groups do |t|
+      t.references :user, null: false, foreign_key: true
+      t.references :group, null: false, foreign_key: true
+
+      t.timestamps
+    end
+
+    add_index :user_groups, [ :user_id, :group_id ], unique: true
+  end
+end

db/migrate/20251023053927_create_applications.rb

@@ -0,0 +1,19 @@
+class CreateApplications < ActiveRecord::Migration[8.1]
+  def change
+    create_table :applications do |t|
+      t.string :name, null: false
+      t.string :slug, null: false
+      t.string :app_type, null: false
+      t.string :client_id
+      t.string :client_secret
+      t.text :redirect_uris
+      t.text :metadata
+      t.boolean :active, default: true, null: false
+
+      t.timestamps
+    end
+    add_index :applications, :slug, unique: true
+    add_index :applications, :client_id, unique: true
+    add_index :applications, :active
+  end
+end

db/migrate/20251023053938_create_application_groups.rb

@@ -0,0 +1,12 @@
+class CreateApplicationGroups < ActiveRecord::Migration[8.1]
+  def change
+    create_table :application_groups do |t|
+      t.references :application, null: false, foreign_key: true
+      t.references :group, null: false, foreign_key: true
+
+      t.timestamps
+    end
+
+    add_index :application_groups, [ :application_id, :group_id ], unique: true
+  end
+end

db/migrate/20251023054038_create_oidc_authorization_codes.rb

@@ -0,0 +1,18 @@
+class CreateOidcAuthorizationCodes < ActiveRecord::Migration[8.1]
+  def change
+    create_table :oidc_authorization_codes do |t|
+      t.string :code, null: false
+      t.references :application, null: false, foreign_key: true
+      t.references :user, null: false, foreign_key: true
+      t.string :redirect_uri, null: false
+      t.string :scope
+      t.datetime :expires_at, null: false
+      t.boolean :used, default: false, null: false
+
+      t.timestamps
+    end
+    add_index :oidc_authorization_codes, :code, unique: true
+    add_index :oidc_authorization_codes, :expires_at
+    add_index :oidc_authorization_codes, [ :application_id, :user_id ]
+  end
+end

db/migrate/20251023054039_create_oidc_access_tokens.rb

@@ -0,0 +1,16 @@
+class CreateOidcAccessTokens < ActiveRecord::Migration[8.1]
+  def change
+    create_table :oidc_access_tokens do |t|
+      t.string :token, null: false
+      t.references :application, null: false, foreign_key: true
+      t.references :user, null: false, foreign_key: true
+      t.string :scope
+      t.datetime :expires_at, null: false
+
+      t.timestamps
+    end
+    add_index :oidc_access_tokens, :token, unique: true
+    add_index :oidc_access_tokens, :expires_at
+    add_index :oidc_access_tokens, [ :application_id, :user_id ]
+  end
+end

db/schema.rb

@@ -10,5 +10,119 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.1].define(version: 0) do
+ActiveRecord::Schema[8.1].define(version: 2025_10_23_054039) do
+  create_table "application_groups", force: :cascade do |t|
+    t.integer "application_id", null: false
+    t.datetime "created_at", null: false
+    t.integer "group_id", null: false
+    t.datetime "updated_at", null: false
+    t.index ["application_id", "group_id"], name: "index_application_groups_on_application_id_and_group_id", unique: true
+    t.index ["application_id"], name: "index_application_groups_on_application_id"
+    t.index ["group_id"], name: "index_application_groups_on_group_id"
+  end
+
+  create_table "applications", force: :cascade do |t|
+    t.boolean "active", default: true, null: false
+    t.string "app_type", null: false
+    t.string "client_id"
+    t.string "client_secret"
+    t.datetime "created_at", null: false
+    t.text "metadata"
+    t.string "name", null: false
+    t.text "redirect_uris"
+    t.string "slug", null: false
+    t.datetime "updated_at", null: false
+    t.index ["active"], name: "index_applications_on_active"
+    t.index ["client_id"], name: "index_applications_on_client_id", unique: true
+    t.index ["slug"], name: "index_applications_on_slug", unique: true
+  end
+
+  create_table "groups", force: :cascade do |t|
+    t.datetime "created_at", null: false
+    t.text "description"
+    t.string "name", null: false
+    t.datetime "updated_at", null: false
+    t.index ["name"], name: "index_groups_on_name", unique: true
+  end
+
+  create_table "oidc_access_tokens", force: :cascade do |t|
+    t.integer "application_id", null: false
+    t.datetime "created_at", null: false
+    t.datetime "expires_at", null: false
+    t.string "scope"
+    t.string "token", null: false
+    t.datetime "updated_at", null: false
+    t.integer "user_id", null: false
+    t.index ["application_id", "user_id"], name: "index_oidc_access_tokens_on_application_id_and_user_id"
+    t.index ["application_id"], name: "index_oidc_access_tokens_on_application_id"
+    t.index ["expires_at"], name: "index_oidc_access_tokens_on_expires_at"
+    t.index ["token"], name: "index_oidc_access_tokens_on_token", unique: true
+    t.index ["user_id"], name: "index_oidc_access_tokens_on_user_id"
+  end
+
+  create_table "oidc_authorization_codes", force: :cascade do |t|
+    t.integer "application_id", null: false
+    t.string "code", null: false
+    t.datetime "created_at", null: false
+    t.datetime "expires_at", null: false
+    t.string "redirect_uri", null: false
+    t.string "scope"
+    t.datetime "updated_at", null: false
+    t.boolean "used", default: false, null: false
+    t.integer "user_id", null: false
+    t.index ["application_id", "user_id"], name: "index_oidc_authorization_codes_on_application_id_and_user_id"
+    t.index ["application_id"], name: "index_oidc_authorization_codes_on_application_id"
+    t.index ["code"], name: "index_oidc_authorization_codes_on_code", unique: true
+    t.index ["expires_at"], name: "index_oidc_authorization_codes_on_expires_at"
+    t.index ["user_id"], name: "index_oidc_authorization_codes_on_user_id"
+  end
+
+  create_table "sessions", force: :cascade do |t|
+    t.datetime "created_at", null: false
+    t.string "device_name"
+    t.datetime "expires_at"
+    t.string "ip_address"
+    t.datetime "last_activity_at"
+    t.boolean "remember_me", default: false, null: false
+    t.datetime "updated_at", null: false
+    t.string "user_agent"
+    t.integer "user_id", null: false
+    t.index ["expires_at"], name: "index_sessions_on_expires_at"
+    t.index ["last_activity_at"], name: "index_sessions_on_last_activity_at"
+    t.index ["user_id"], name: "index_sessions_on_user_id"
+  end
+
+  create_table "user_groups", force: :cascade do |t|
+    t.datetime "created_at", null: false
+    t.integer "group_id", null: false
+    t.datetime "updated_at", null: false
+    t.integer "user_id", null: false
+    t.index ["group_id"], name: "index_user_groups_on_group_id"
+    t.index ["user_id", "group_id"], name: "index_user_groups_on_user_id_and_group_id", unique: true
+    t.index ["user_id"], name: "index_user_groups_on_user_id"
+  end
+
+  create_table "users", force: :cascade do |t|
+    t.boolean "admin", default: false, null: false
+    t.text "backup_codes"
+    t.datetime "created_at", null: false
+    t.string "email_address", null: false
+    t.string "password_digest", null: false
+    t.string "status", default: "active", null: false
+    t.boolean "totp_required", default: false, null: false
+    t.string "totp_secret"
+    t.datetime "updated_at", null: false
+    t.index ["email_address"], name: "index_users_on_email_address", unique: true
+    t.index ["status"], name: "index_users_on_status"
+  end
+
+  add_foreign_key "application_groups", "applications"
+  add_foreign_key "application_groups", "groups"
+  add_foreign_key "oidc_access_tokens", "applications"
+  add_foreign_key "oidc_access_tokens", "users"
+  add_foreign_key "oidc_authorization_codes", "applications"
+  add_foreign_key "oidc_authorization_codes", "users"
+  add_foreign_key "sessions", "users"
+  add_foreign_key "user_groups", "groups"
+  add_foreign_key "user_groups", "users"
 end