Use Drizzle adapter and Drizzle CLI auth migrations

2026-02-24 16:21:03 -05:00
parent 11eeafafef
commit 0ab464f910
10 changed files with 1133 additions and 110 deletions
--- a/lib/server/db/index.ts
+++ b/lib/server/db/index.ts
@@ -0,0 +1,41 @@
+import { drizzle } from 'drizzle-orm/node-postgres';
+import { Pool } from 'pg';
+import { authSchema } from './schema';
+
+type AuthDrizzleDb = ReturnType<typeof createDb>;
+
+declare global {
+  // eslint-disable-next-line no-var
+  var __fiscalAuthPgPool: Pool | undefined;
+  // eslint-disable-next-line no-var
+  var __fiscalAuthDrizzleDb: AuthDrizzleDb | undefined;
+}
+
+function getConnectionString() {
+  const connectionString = process.env.DATABASE_URL?.trim();
+  if (!connectionString) {
+    throw new Error('DATABASE_URL is required for PostgreSQL.');
+  }
+
+  return connectionString;
+}
+
+export function getPool() {
+  if (!globalThis.__fiscalAuthPgPool) {
+    globalThis.__fiscalAuthPgPool = new Pool({
+      connectionString: getConnectionString()
+    });
+  }
+
+  return globalThis.__fiscalAuthPgPool;
+}
+
+function createDb() {
+  return drizzle(getPool(), { schema: authSchema });
+}
+
+export const db = globalThis.__fiscalAuthDrizzleDb ?? createDb();
+
+if (!globalThis.__fiscalAuthDrizzleDb) {
+  globalThis.__fiscalAuthDrizzleDb = db;
+}
--- a/lib/server/db/schema.ts
+++ b/lib/server/db/schema.ts
@@ -0,0 +1,113 @@
+import { boolean, index, pgTable, text, timestamp, uniqueIndex } from 'drizzle-orm/pg-core';
+
+const dateColumn = {
+  withTimezone: true,
+  mode: 'date'
+} as const;
+
+export const user = pgTable('user', {
+  id: text('id').primaryKey().notNull(),
+  name: text('name').notNull(),
+  email: text('email').notNull(),
+  emailVerified: boolean('emailVerified').notNull().default(false),
+  image: text('image'),
+  createdAt: timestamp('createdAt', dateColumn).notNull(),
+  updatedAt: timestamp('updatedAt', dateColumn).notNull(),
+  role: text('role'),
+  banned: boolean('banned').default(false),
+  banReason: text('banReason'),
+  banExpires: timestamp('banExpires', dateColumn)
+}, (table) => ({
+  userEmailUnique: uniqueIndex('user_email_uidx').on(table.email)
+}));
+
+export const organization = pgTable('organization', {
+  id: text('id').primaryKey().notNull(),
+  name: text('name').notNull(),
+  slug: text('slug').notNull(),
+  logo: text('logo'),
+  createdAt: timestamp('createdAt', dateColumn).notNull(),
+  metadata: text('metadata')
+}, (table) => ({
+  organizationSlugUnique: uniqueIndex('organization_slug_uidx').on(table.slug)
+}));
+
+export const session = pgTable('session', {
+  id: text('id').primaryKey().notNull(),
+  expiresAt: timestamp('expiresAt', dateColumn).notNull(),
+  token: text('token').notNull(),
+  createdAt: timestamp('createdAt', dateColumn).notNull(),
+  updatedAt: timestamp('updatedAt', dateColumn).notNull(),
+  ipAddress: text('ipAddress'),
+  userAgent: text('userAgent'),
+  userId: text('userId').notNull().references(() => user.id, { onDelete: 'cascade' }),
+  impersonatedBy: text('impersonatedBy'),
+  activeOrganizationId: text('activeOrganizationId')
+}, (table) => ({
+  sessionTokenUnique: uniqueIndex('session_token_uidx').on(table.token),
+  sessionUserIdIndex: index('session_userId_idx').on(table.userId)
+}));
+
+export const account = pgTable('account', {
+  id: text('id').primaryKey().notNull(),
+  accountId: text('accountId').notNull(),
+  providerId: text('providerId').notNull(),
+  userId: text('userId').notNull().references(() => user.id, { onDelete: 'cascade' }),
+  accessToken: text('accessToken'),
+  refreshToken: text('refreshToken'),
+  idToken: text('idToken'),
+  accessTokenExpiresAt: timestamp('accessTokenExpiresAt', dateColumn),
+  refreshTokenExpiresAt: timestamp('refreshTokenExpiresAt', dateColumn),
+  scope: text('scope'),
+  password: text('password'),
+  createdAt: timestamp('createdAt', dateColumn).notNull(),
+  updatedAt: timestamp('updatedAt', dateColumn).notNull()
+}, (table) => ({
+  accountUserIdIndex: index('account_userId_idx').on(table.userId)
+}));
+
+export const verification = pgTable('verification', {
+  id: text('id').primaryKey().notNull(),
+  identifier: text('identifier').notNull(),
+  value: text('value').notNull(),
+  expiresAt: timestamp('expiresAt', dateColumn).notNull(),
+  createdAt: timestamp('createdAt', dateColumn).notNull(),
+  updatedAt: timestamp('updatedAt', dateColumn).notNull()
+}, (table) => ({
+  verificationIdentifierIndex: index('verification_identifier_idx').on(table.identifier)
+}));
+
+export const member = pgTable('member', {
+  id: text('id').primaryKey().notNull(),
+  organizationId: text('organizationId').notNull().references(() => organization.id, { onDelete: 'cascade' }),
+  userId: text('userId').notNull().references(() => user.id, { onDelete: 'cascade' }),
+  role: text('role').notNull().default('member'),
+  createdAt: timestamp('createdAt', dateColumn).notNull()
+}, (table) => ({
+  memberOrganizationIdIndex: index('member_organizationId_idx').on(table.organizationId),
+  memberUserIdIndex: index('member_userId_idx').on(table.userId)
+}));
+
+export const invitation = pgTable('invitation', {
+  id: text('id').primaryKey().notNull(),
+  organizationId: text('organizationId').notNull().references(() => organization.id, { onDelete: 'cascade' }),
+  email: text('email').notNull(),
+  role: text('role'),
+  status: text('status').notNull().default('pending'),
+  expiresAt: timestamp('expiresAt', dateColumn).notNull(),
+  createdAt: timestamp('createdAt', dateColumn).notNull(),
+  inviterId: text('inviterId').notNull().references(() => user.id, { onDelete: 'cascade' })
+}, (table) => ({
+  invitationOrganizationIdIndex: index('invitation_organizationId_idx').on(table.organizationId),
+  invitationEmailIndex: index('invitation_email_idx').on(table.email)
+}));
+
+export const authSchema = {
+  user,
+  session,
+  account,
+  verification,
+  organization,
+  member,
+  invitation
+};