Updating auth

migrations/000_initial.sql

@@ -70,24 +70,43 @@ CREATE TABLE IF NOT EXISTS bestiary (
 -- Auth / Users
 -- ============================================================
 
--- Stores Discord user info, upserted on every successful OAuth login
+-- Core local user accounts. password_hash is NULL for OAuth-only users.
 CREATE TABLE IF NOT EXISTS users (
-    id BIGINT PRIMARY KEY NOT NULL,
-    username TEXT NOT NULL,
-    avatar TEXT,
+    id UUID PRIMARY KEY NOT NULL DEFAULT gen_random_uuid(),
+    username TEXT UNIQUE NOT NULL,
+    password_hash TEXT,
+    email TEXT UNIQUE,
+    first_name TEXT,
+    last_name TEXT,
     created_at TIMESTAMP NOT NULL DEFAULT NOW(),
     updated_at TIMESTAMP NOT NULL DEFAULT NOW()
 );
 
+-- External OAuth provider connections (Discord, etc.)
+CREATE TABLE IF NOT EXISTS user_connections (
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    provider TEXT NOT NULL,
+    provider_user_id TEXT NOT NULL,
+    provider_username TEXT,
+    provider_avatar TEXT,
+    PRIMARY KEY (user_id, provider),
+    UNIQUE (provider, provider_user_id)
+);
+
 -- ============================================================
 -- Grid maps: unbounded canvas, CSPRNG TEXT ids, auth-aware
 -- ============================================================
 
+-- public_access: 'private' | 'public_view' | 'public_edit'
+--   private      – only users with explicit map_permissions can see/edit
+--   public_view  – anyone with the link can view; only permissioned users can edit
+--   public_edit  – anyone with the link can view AND edit
 CREATE TABLE IF NOT EXISTS grid_maps (
     id TEXT PRIMARY KEY NOT NULL,
     name TEXT NOT NULL,
-    is_public BOOLEAN NOT NULL DEFAULT FALSE,
-    owner_id BIGINT NOT NULL REFERENCES users(id),
+    public_access TEXT NOT NULL DEFAULT 'private'
+        CHECK (public_access IN ('private', 'public_view', 'public_edit')),
+    owner_id UUID NOT NULL REFERENCES users(id),
     colors TEXT[] NOT NULL DEFAULT ARRAY[
         '#6b7280',
         '#92400e',
@@ -106,11 +125,32 @@ CREATE TABLE IF NOT EXISTS grid_maps (
 -- Per-map role assignments; owner is auto-inserted on map creation
 CREATE TABLE IF NOT EXISTS map_permissions (
     map_id TEXT NOT NULL REFERENCES grid_maps(id) ON DELETE CASCADE,
-    user_id BIGINT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
     role TEXT NOT NULL CHECK (role IN ('owner', 'editor', 'viewer')),
     PRIMARY KEY (map_id, user_id)
 );
 
+-- Maps a user has favorited; makes them appear in the user's map list modal
+-- even if they have no explicit map_permissions entry (e.g. public maps)
+CREATE TABLE IF NOT EXISTS map_favorites (
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    map_id TEXT NOT NULL REFERENCES grid_maps(id) ON DELETE CASCADE,
+    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
+    PRIMARY KEY (user_id, map_id)
+);
+
+-- Pending/resolved requests from users wanting viewer or editor access
+CREATE TABLE IF NOT EXISTS map_access_requests (
+    id UUID PRIMARY KEY NOT NULL DEFAULT gen_random_uuid(),
+    map_id TEXT NOT NULL REFERENCES grid_maps(id) ON DELETE CASCADE,
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    requested_role TEXT NOT NULL CHECK (requested_role IN ('editor', 'viewer')),
+    status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'approved', 'denied')),
+    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMP NOT NULL DEFAULT NOW(),
+    UNIQUE (map_id, user_id)
+);
+
 -- Composite primary key replaces the old UUID id column
 CREATE TABLE IF NOT EXISTS grid_cells (
     map_id TEXT NOT NULL REFERENCES grid_maps(id) ON DELETE CASCADE,