Add configuration files, database migrations, and authentication implementation scaffolding

2026-04-30 19:08:07 +02:00
commit 331d60581e
83 changed files with 222264 additions and 0 deletions
--- a/deployments/db/init-master.sql
+++ b/deployments/db/init-master.sql
@@ -0,0 +1,40 @@
+-- Master Database Schema
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS communities (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    name TEXT NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS users (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    username TEXT UNIQUE NOT NULL,
+    display_name TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS webauthn_credentials (
+    id BYTEA PRIMARY KEY,
+    user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+    public_key BYTEA NOT NULL,
+    attestation_type TEXT NOT NULL,
+    aaguid UUID NOT NULL,
+    sign_count UINT32 NOT NULL DEFAULT 0,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE IF NOT EXISTS community_members (
+    community_id UUID REFERENCES communities(id) ON DELETE CASCADE,
+    user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+    role TEXT NOT NULL DEFAULT 'admin', -- 'owner', 'admin'
+    PRIMARY KEY (community_id, user_id)
+);
+
+CREATE TABLE IF NOT EXISTS storage_nodes (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    community_id UUID REFERENCES communities(id) ON DELETE CASCADE,
+    address TEXT NOT NULL, -- Internal cluster address or URL
+    status TEXT DEFAULT 'active',
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
--- a/deployments/db/init-storage.sql
+++ b/deployments/db/init-storage.sql
@@ -0,0 +1,36 @@
+-- Storage Node Schema (Per Community/Node)
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS encrypted_logs (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    log_type TEXT NOT NULL, -- 'chat', 'kill', 'admin', 'ban'
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    
+    -- E2EE Blob
+    encrypted_payload BYTEA NOT NULL,
+    
+    -- Searchable Metadata (Blind Indexing)
+    -- HMAC-SHA256 hashes of identifiers (e.g., SteamID, PlayerName)
+    blind_index_hash TEXT, 
+    
+    -- Plaintext Metadata (Non-sensitive)
+    server_id TEXT NOT NULL,
+    session_id TEXT
+);
+
+CREATE INDEX idx_logs_created_at ON encrypted_logs(created_at);
+CREATE INDEX idx_logs_blind_hash ON encrypted_logs(blind_index_hash);
+
+CREATE TABLE IF NOT EXISTS players (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    -- Blind Index Hash of the SteamID/GUID for searching
+    identity_hash TEXT UNIQUE NOT NULL, 
+    
+    -- E2EE encrypted player profile (names, notes, etc.)
+    encrypted_profile BYTEA NOT NULL,
+    
+    last_seen TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX idx_players_identity_hash ON players(identity_hash);