commit c7a6626f9f2575fe6b3debb0ba6410bfef2dc18b · bretton.dev/coves

+35
internal/db/migrations/007_add_password_encryption.sql
···

       1
       1
       +
       -- +goose Up

     

       2
       2
       +
       -- +goose StatementBegin

     

       3
       3
       +
       -- V2.0: Add encrypted password column for PDS account recovery

     

       4
       4
       +
       -- CRITICAL FIX: Password must be encrypted (not hashed) for session recovery

     

       5
       5
       +
       -- When access/refresh tokens expire (90-day window), we need the plaintext password

     

       6
       6
       +
       -- to call com.atproto.server.createSession - bcrypt hashing prevents this

     

       7
       7
       +
       

     

       8
       8
       +
       -- Add encrypted password column

     

       9
       9
       +
       ALTER TABLE communities ADD COLUMN pds_password_encrypted BYTEA;

     

       10
       10
       +
       

     

       11
       11
       +
       -- Drop legacy plaintext token columns (we now use *_encrypted versions from migration 006)

     

       12
       12
       +
       ALTER TABLE communities DROP COLUMN IF EXISTS pds_access_token;

     

       13
       13
       +
       ALTER TABLE communities DROP COLUMN IF EXISTS pds_refresh_token;

     

       14
       14
       +
       

     

       15
       15
       +
       -- Drop legacy password_hash column from migration 005 (never used in production)

     

       16
       16
       +
       ALTER TABLE communities DROP COLUMN IF EXISTS pds_password_hash;

     

       17
       17
       +
       

     

       18
       18
       +
       -- Add comment

     

       19
       19
       +
       COMMENT ON COLUMN communities.pds_password_encrypted IS 'Encrypted community PDS password (pgp_sym_encrypt) - required for session recovery when tokens expire';

     

       20
       20
       +
       

     

       21
       21
       +
       -- +goose StatementEnd

     

       22
       22
       +
       

     

       23
       23
       +
       -- +goose Down

     

       24
       24
       +
       -- +goose StatementBegin

     

       25
       25
       +
       -- Restore legacy columns (for rollback compatibility)

     

       26
       26
       +
       ALTER TABLE communities ADD COLUMN pds_access_token TEXT;

     

       27
       27
       +
       ALTER TABLE communities ADD COLUMN pds_refresh_token TEXT;

     

       28
       28
       +
       ALTER TABLE communities ADD COLUMN pds_password_hash TEXT;

     

       29
       29
       +
       

     

       30
       30
       +
       -- Drop encrypted password

     

       31
       31
       +
       ALTER TABLE communities DROP COLUMN IF EXISTS pds_password_encrypted;

     

       32
       32
       +
       

     

       33
       33
       +
       -- Restore old comment

     

       34
       34
       +
       COMMENT ON COLUMN communities.pds_password_hash IS 'bcrypt hash of community PDS password (DEPRECATED - cannot recover plaintext)';

     

       35
       35
       +
       -- +goose StatementEnd