Barcode Betty
c68838acf2
CI / lint (pull_request) Successful in 5s
CI / typecheck (pull_request) Failing after 29s
CI / test (pull_request) Failing after 48s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
- Auto-fix F401 (unused imports) and I001 (unsorted imports) with ruff --fix - Manually fix E501 (line too long) in alembic migrations and src/ models - Run ruff format to ensure consistent formatting Co-Authored-By: Paperclip <noreply@paperclip.ing>
150 lines
5.9 KiB
Python
150 lines
5.9 KiB
Python
"""Add Better-Auth tables and extend users table.
|
|
|
|
Creates sessions, accounts, and verifications tables for Better-Auth.
|
|
Adds email_verified and image columns to existing users table.
|
|
Migrates password hashes from users.hashed_password to accounts.password.
|
|
|
|
Revision ID: 002_better_auth_tables
|
|
Revises: 001_encrypt_session_data
|
|
Create Date: 2026-03-28
|
|
"""
|
|
|
|
import sqlalchemy as sa
|
|
from sqlalchemy import text
|
|
|
|
from alembic import op
|
|
|
|
revision = "002_better_auth_tables"
|
|
down_revision = "001_encrypt_session_data"
|
|
branch_labels = None
|
|
depends_on = None
|
|
|
|
|
|
def upgrade() -> None:
|
|
conn = op.get_bind()
|
|
inspector = sa.inspect(conn)
|
|
|
|
# --- Extend users table for Better-Auth compatibility ---
|
|
# Guard: on a fresh DB Base.metadata.create_all (called in env.py after migrations)
|
|
# creates the users table with all columns, so migration 002 must not re-run add_column.
|
|
if inspector.has_table("users"):
|
|
existing_user_cols = [c["name"] for c in inspector.get_columns("users")]
|
|
if "email_verified" not in existing_user_cols:
|
|
op.add_column(
|
|
"users",
|
|
sa.Column("email_verified", sa.Boolean(), nullable=False, server_default="false"),
|
|
)
|
|
if "image" not in existing_user_cols:
|
|
op.add_column("users", sa.Column("image", sa.Text(), nullable=True))
|
|
|
|
# --- Create sessions table ---
|
|
if not inspector.has_table("sessions"):
|
|
op.create_table(
|
|
"sessions",
|
|
sa.Column("id", sa.Text(), nullable=False),
|
|
sa.Column("token", sa.Text(), nullable=False),
|
|
sa.Column("user_id", sa.Text(), nullable=False),
|
|
sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
|
|
sa.Column("ip_address", sa.Text(), nullable=True),
|
|
sa.Column("user_agent", sa.Text(), nullable=True),
|
|
sa.Column(
|
|
"created_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.func.now(),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"updated_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.func.now(),
|
|
nullable=False,
|
|
),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
)
|
|
op.create_index("ix_sessions_token", "sessions", ["token"], unique=True)
|
|
op.create_index("ix_sessions_user_id", "sessions", ["user_id"])
|
|
|
|
# --- Create accounts table ---
|
|
if not inspector.has_table("accounts"):
|
|
op.create_table(
|
|
"accounts",
|
|
sa.Column("id", sa.Text(), nullable=False),
|
|
sa.Column("user_id", sa.Text(), nullable=False),
|
|
sa.Column("account_id", sa.Text(), nullable=False),
|
|
sa.Column("provider_id", sa.Text(), nullable=False),
|
|
sa.Column("access_token", sa.Text(), nullable=True),
|
|
sa.Column("refresh_token", sa.Text(), nullable=True),
|
|
sa.Column("access_token_expires_at", sa.DateTime(timezone=True), nullable=True),
|
|
sa.Column("refresh_token_expires_at", sa.DateTime(timezone=True), nullable=True),
|
|
sa.Column("scope", sa.Text(), nullable=True),
|
|
sa.Column("id_token", sa.Text(), nullable=True),
|
|
sa.Column("password", sa.Text(), nullable=True),
|
|
sa.Column(
|
|
"created_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.func.now(),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"updated_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.func.now(),
|
|
nullable=False,
|
|
),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
)
|
|
op.create_index("ix_accounts_user_id", "accounts", ["user_id"])
|
|
|
|
# --- Create verifications table ---
|
|
if not inspector.has_table("verifications"):
|
|
op.create_table(
|
|
"verifications",
|
|
sa.Column("id", sa.Text(), nullable=False),
|
|
sa.Column("identifier", sa.Text(), nullable=False),
|
|
sa.Column("value", sa.Text(), nullable=False),
|
|
sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
|
|
sa.Column(
|
|
"created_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.func.now(),
|
|
nullable=False,
|
|
),
|
|
sa.Column(
|
|
"updated_at",
|
|
sa.DateTime(timezone=True),
|
|
server_default=sa.func.now(),
|
|
nullable=False,
|
|
),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
)
|
|
|
|
# --- Migrate existing password hashes to accounts table ---
|
|
# Only run on existing (non-fresh) DBs that already have users table with data
|
|
if inspector.has_table("users"):
|
|
users = conn.execute(
|
|
text("SELECT id, hashed_password FROM users WHERE hashed_password IS NOT NULL")
|
|
).fetchall()
|
|
|
|
for user_id, hashed_password in users:
|
|
user_id_str = str(user_id)
|
|
conn.execute(
|
|
text(
|
|
"INSERT INTO accounts "
|
|
"(id, user_id, account_id, provider_id, password, created_at, updated_at) "
|
|
"VALUES (gen_random_uuid()::text, :user_id, :account_id, "
|
|
"'credential', :password, now(), now())"
|
|
),
|
|
{"user_id": user_id_str, "account_id": user_id_str, "password": hashed_password},
|
|
)
|
|
|
|
|
|
def downgrade() -> None:
|
|
op.execute(text("DROP INDEX IF EXISTS ix_accounts_user_id"))
|
|
op.execute(text("DROP TABLE IF EXISTS verifications"))
|
|
op.execute(text("DROP TABLE IF EXISTS accounts"))
|
|
op.execute(text("DROP INDEX IF EXISTS ix_sessions_user_id"))
|
|
op.execute(text("DROP INDEX IF EXISTS ix_sessions_token"))
|
|
op.execute(text("DROP TABLE IF EXISTS sessions"))
|
|
op.execute(text("ALTER TABLE users DROP COLUMN IF EXISTS image"))
|
|
op.execute(text("ALTER TABLE users DROP COLUMN IF EXISTS email_verified"))
|