refactor: restructure

monorepo with apps/ and services/ directories
2026-05-14 22:01:09 +02:00 · 2025-11-26 03:03:24 +01:00 · 2025-11-26 03:03:24 +01:00 · ff80aeec1f
commit ff80aeec1f
parent 25824ed0ac
4062 changed files with 2592 additions and 1278 deletions
--- a/services/mana-core-auth/postgres/init/01-init-schemas.sql
+++ b/services/mana-core-auth/postgres/init/01-init-schemas.sql
@ -0,0 +1,28 @@
+-- Create schemas
+CREATE SCHEMA IF NOT EXISTS auth;
+CREATE SCHEMA IF NOT EXISTS credits;
+
+-- Enable necessary extensions
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+CREATE EXTENSION IF NOT EXISTS "pgcrypto";
+
+-- Create enums
+CREATE TYPE auth.user_role AS ENUM ('user', 'admin', 'service');
+CREATE TYPE credits.transaction_type AS ENUM ('purchase', 'usage', 'refund', 'bonus', 'expiry', 'adjustment');
+CREATE TYPE credits.transaction_status AS ENUM ('pending', 'completed', 'failed', 'cancelled');
+
+-- Grant usage on schemas
+GRANT USAGE ON SCHEMA auth TO PUBLIC;
+GRANT USAGE ON SCHEMA credits TO PUBLIC;
+
+-- Create updated_at trigger function
+CREATE OR REPLACE FUNCTION update_updated_at_column()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    RETURN NEW;
+END;
+$$ language 'plpgsql';
+
+COMMENT ON SCHEMA auth IS 'Authentication and user management';
+COMMENT ON SCHEMA credits IS 'Credit system and transactions';
--- a/services/mana-core-auth/postgres/init/02-init-rls.sql
+++ b/services/mana-core-auth/postgres/init/02-init-rls.sql
@ -0,0 +1,67 @@
+-- Enable Row Level Security on auth tables
+ALTER TABLE auth.users ENABLE ROW LEVEL SECURITY;
+ALTER TABLE auth.sessions ENABLE ROW LEVEL SECURITY;
+ALTER TABLE auth.passwords ENABLE ROW LEVEL SECURITY;
+ALTER TABLE auth.two_factor_auth ENABLE ROW LEVEL SECURITY;
+
+-- Enable Row Level Security on credits tables
+ALTER TABLE credits.balances ENABLE ROW LEVEL SECURITY;
+ALTER TABLE credits.transactions ENABLE ROW LEVEL SECURITY;
+ALTER TABLE credits.purchases ENABLE ROW LEVEL SECURITY;
+ALTER TABLE credits.usage_stats ENABLE ROW LEVEL SECURITY;
+
+-- RLS Policies for users table
+CREATE POLICY "Users can view their own profile"
+  ON auth.users
+  FOR SELECT
+  USING (auth.uid() = id OR auth.role() = 'admin');
+
+CREATE POLICY "Users can update their own profile"
+  ON auth.users
+  FOR UPDATE
+  USING (auth.uid() = id)
+  WITH CHECK (auth.uid() = id);
+
+-- RLS Policies for sessions table
+CREATE POLICY "Users can view their own sessions"
+  ON auth.sessions
+  FOR SELECT
+  USING (auth.uid() = user_id OR auth.role() = 'admin');
+
+CREATE POLICY "Users can delete their own sessions"
+  ON auth.sessions
+  FOR DELETE
+  USING (auth.uid() = user_id);
+
+-- RLS Policies for balances table
+CREATE POLICY "Users can view their own balance"
+  ON credits.balances
+  FOR SELECT
+  USING (auth.uid() = user_id OR auth.role() = 'admin');
+
+-- RLS Policies for transactions table
+CREATE POLICY "Users can view their own transactions"
+  ON credits.transactions
+  FOR SELECT
+  USING (auth.uid() = user_id OR auth.role() = 'admin');
+
+-- RLS Policies for purchases table
+CREATE POLICY "Users can view their own purchases"
+  ON credits.purchases
+  FOR SELECT
+  USING (auth.uid() = user_id OR auth.role() = 'admin');
+
+-- RLS Policies for usage_stats table
+CREATE POLICY "Users can view their own usage stats"
+  ON credits.usage_stats
+  FOR SELECT
+  USING (auth.uid() = user_id OR auth.role() = 'admin');
+
+-- Helper functions for RLS
+CREATE OR REPLACE FUNCTION auth.uid() RETURNS UUID AS $$
+  SELECT NULLIF(current_setting('request.jwt.claims', true)::json->>'sub', '')::UUID;
+$$ LANGUAGE SQL STABLE;
+
+CREATE OR REPLACE FUNCTION auth.role() RETURNS TEXT AS $$
+  SELECT NULLIF(current_setting('request.jwt.claims', true)::json->>'role', '')::TEXT;
+$$ LANGUAGE SQL STABLE;