feat(db): users table + repository (create/by_id/by_email/list), audited

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-02 14:37:43 +02:00
parent 9597a42eeb
commit f8ec2d7cf1
4 changed files with 233 additions and 0 deletions
@@ -0,0 +1,11 @@
+-- Users of this organization's instance. One database == one organization, so no
+-- org_id. Email is stored already-normalized (lowercase) by the application, so a
+-- plain UNIQUE suffices. Passwords are stored only as argon2id PHC strings.
+CREATE TABLE app_user (
+    id            UUID PRIMARY KEY,
+    email         TEXT NOT NULL UNIQUE CHECK (email <> ''),
+    password_hash TEXT NOT NULL CHECK (password_hash <> ''),
+    role          TEXT NOT NULL CHECK (role IN ('admin', 'editor')),
+    created_at    TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at    TIMESTAMPTZ NOT NULL DEFAULT now()
+);