Add configuration files, database migrations, and authentication implementation scaffolding

deployments/db/init-master.sql

@@ -0,0 +1,40 @@
+-- Master Database Schema
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS communities (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name TEXT NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS users (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    username TEXT UNIQUE NOT NULL,
+    display_name TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS webauthn_credentials (
+    id BYTEA PRIMARY KEY,
+    user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+    public_key BYTEA NOT NULL,
+    attestation_type TEXT NOT NULL,
+    aaguid UUID NOT NULL,
+    sign_count UINT32 NOT NULL DEFAULT 0,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS community_members (
+    community_id UUID REFERENCES communities(id) ON DELETE CASCADE,
+    user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+    role TEXT NOT NULL DEFAULT 'admin', -- 'owner', 'admin'
+    PRIMARY KEY (community_id, user_id)
+);
+
+CREATE TABLE IF NOT EXISTS storage_nodes (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    community_id UUID REFERENCES communities(id) ON DELETE CASCADE,
+    address TEXT NOT NULL, -- Internal cluster address or URL
+    status TEXT DEFAULT 'active',
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);

deployments/db/init-storage.sql

@@ -0,0 +1,36 @@
+-- Storage Node Schema (Per Community/Node)
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS encrypted_logs (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    log_type TEXT NOT NULL, -- 'chat', 'kill', 'admin', 'ban'
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    
+    -- E2EE Blob
+    encrypted_payload BYTEA NOT NULL,
+    
+    -- Searchable Metadata (Blind Indexing)
+    -- HMAC-SHA256 hashes of identifiers (e.g., SteamID, PlayerName)
+    blind_index_hash TEXT, 
+    
+    -- Plaintext Metadata (Non-sensitive)
+    server_id TEXT NOT NULL,
+    session_id TEXT
+);
+
+CREATE INDEX idx_logs_created_at ON encrypted_logs(created_at);
+CREATE INDEX idx_logs_blind_hash ON encrypted_logs(blind_index_hash);
+
+CREATE TABLE IF NOT EXISTS players (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    -- Blind Index Hash of the SteamID/GUID for searching
+    identity_hash TEXT UNIQUE NOT NULL, 
+    
+    -- E2EE encrypted player profile (names, notes, etc.)
+    encrypted_profile BYTEA NOT NULL,
+    
+    last_seen TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX idx_players_identity_hash ON players(identity_hash);

deployments/docker/Dashboard.Dockerfile

@@ -0,0 +1,12 @@
+FROM node:20-alpine
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm install
+
+COPY . .
+
+EXPOSE 5173
+
+CMD ["npm", "run", "dev", "--", "--host"]

deployments/docker/DiscordBot.Dockerfile

@@ -0,0 +1,10 @@
+FROM golang:1.26-alpine
+
+WORKDIR /app
+
+RUN go install github.com/air-verse/air@latest
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+CMD ["air", "-c", ".air.discord.toml"]

deployments/docker/Gateway.Dockerfile

@@ -0,0 +1,10 @@
+FROM golang:1.26-alpine
+
+WORKDIR /app
+
+RUN go install github.com/air-verse/air@latest
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+CMD ["air", "-c", ".air.gateway.toml"]

deployments/docker/Storage.Dockerfile

@@ -0,0 +1,10 @@
+FROM golang:1.26-alpine
+
+WORKDIR /app
+
+RUN go install github.com/air-verse/air@latest
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+CMD ["air", "-c", ".air.storage.toml"]

deployments/docker/Worker.Dockerfile

@@ -0,0 +1,10 @@
+FROM golang:1.26-alpine
+
+WORKDIR /app
+
+RUN go install github.com/air-verse/air@latest
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+CMD ["air", "-c", ".air.worker.toml"]