defmodule SsoBsn.Repo.Migrations.CreateBoruta do
  use Ecto.Migration

  def change do
    create table(:oauth_clients, primary_key: false) do
      add :id, :uuid, primary_key: true
      add :name, :string, default: "", null: false
      add :secret, :string, null: false
      add :redirect_uris, {:array, :string}, default: [], null: false
      add :scope, :string
      add :authorize_scope, :boolean, default: false, null: false

      add :supported_grant_types, {:array, :string},
        default: [
          "client_credentials",
          "password",
          "authorization_code",
          "refresh_token",
          "implicit",
          "revoke",
          "introspect"
        ],
        null: false

      add :authorization_code_ttl, :integer, null: false
      add :access_token_ttl, :integer, null: false
      add :pkce, :boolean, default: false, null: false
      add :public_key, :text 
      add :private_key, :text, null: false
      add :id_token_ttl, :integer, default: 3600
      add :public_refresh_token, :boolean, null: false, default: false
      add :refresh_token_ttl, :integer, null: false, default: "2592000"
      add :public_revoke, :boolean, null: false, default: false
      add :id_token_signature_alg, :string, default: "RS512"
      add :confidential, :boolean, default: false, null: false
      add :jwt_public_key, :text
      add :token_endpoint_auth_methods, {:array, :string}, null: false,
        default: ["client_secret_basic", "client_secret_post"]
      add :token_endpoint_jwt_auth_alg, :string, default: "HS256", null: false
      add :userinfo_signed_response_alg, :string
      timestamps()
    end

    create table(:oauth_tokens, primary_key: false) do
      add :id, :uuid, primary_key: true
      add :type, :string
      add :value, :string
      add :refresh_token, :string
      add :expires_at, :integer
      add :redirect_uri, :string
      add :state, :string
      add :scope, :string, default: ""
      add :revoked_at, :utc_datetime_usec
      add :code_challenge_hash, :string
      add :code_challenge_method, :string
      add :nonce, :string
      add :previous_token, :string
      add :refresh_token_revoked_at, :utc_datetime_usec
      add :previous_code, :string

      add :client_id, references(:oauth_clients, type: :uuid, on_delete: :nilify_all)
      add :sub, :string

      timestamps(type: :utc_datetime_usec)
    end

    create table(:oauth_scopes, primary_key: false) do
      add :id, :binary_id, primary_key: true
      add :label, :string
      add :name, :string, default: ""
      add :public, :boolean, default: false, null: false

      timestamps()
    end

    create table(:oauth_clients_scopes) do
      add :client_id, references(:oauth_clients, type: :uuid, on_delete: :delete_all)
      add :scope_id, references(:oauth_scopes, type: :uuid, on_delete: :delete_all)
    end

    create unique_index(:oauth_clients, [:id, :secret])
    create index(:oauth_tokens, [:value])
    create unique_index(:oauth_tokens, [:client_id, :value])
    create unique_index(:oauth_tokens, [:client_id, :refresh_token])
    create unique_index(:oauth_scopes, [:name])
  end
end