stack/packages/stack-server/prisma/schema.prisma

// This is your Prisma schema file,
// learn more about it in the docs: https://pris.ly/d/prisma-schema

generator client {
  provider = "prisma-client-js"
}

datasource db {
  provider  = "postgresql"
  url       = env("DATABASE_CONNECTION_STRING")
  directUrl = env("DIRECT_DATABASE_CONNECTION_STRING")
}

model Project {
  // Note that the project with ID `internal` is handled as a special case.
  id        String   @id
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  displayName      String
  description      String?                @default("")
  configId         String                 @db.Uuid
  config           ProjectConfig          @relation(fields: [configId], references: [id])
  configOverride   ProjectConfigOverride?
  isProductionMode Boolean

  users ProjectUser[] @relation("ProjectUsers")

  apiKeySets ApiKeySet[]
}

// Contains all the configuration for a project.
// 
// More specifically, "configuration" is what we call those settings that only depend on environment variables and overrides between different deployments.
model ProjectConfig {
  id        String   @id @default(uuid()) @db.Uuid
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  allowLocalhost Boolean

  projects             Project[]
  oauthProviderConfigs OauthProviderConfig[]
  emailServiceConfig   EmailServiceConfig?
  domains              ProjectDomain[]
}

model ProjectDomain {
  projectConfigId String @db.Uuid

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  domain      String
  handlerPath String

  projectConfig ProjectConfig @relation(fields: [projectConfigId], references: [id])

  @@unique([projectConfigId, domain])
}

// Environment-specific overrides for a configuration.
//
// This is a quick and dirty way to allow for environment-specific overrides of the configuration.
//
// For most cases, you should prefer to use environment variables.
//
// Note: Overrides (and environment variables) are currently unimplemented, so this model is empty.
model ProjectConfigOverride {
  projectId String   @id
  project   Project  @relation(fields: [projectId], references: [id])
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt
}

model ProjectUser {
  projectId     String
  projectUserId String @default(uuid()) @db.Uuid

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  project                          Project                            @relation("ProjectUsers", fields: [projectId], references: [id])
  projectUserRefreshTokens         ProjectUserRefreshToken[]
  projectUserAuthorizationCodes    ProjectUserAuthorizationCode[]
  projectUserOauthAccounts         ProjectUserOauthAccount[]
  projectUserEmailVerificationCode ProjectUserEmailVerificationCode[]
  projectUserPasswordResetCode     ProjectUserPasswordResetCode[]

  primaryEmail         String?
  primaryEmailVerified Boolean
  profileImageUrl      String?
  displayName          String?
  passwordHash         String?

  serverMetadata Json?
  clientMetadata Json?

  @@id([projectId, projectUserId])
}

model ProjectUserOauthAccount {
  projectId             String
  projectUserId         String @db.Uuid
  projectConfigId       String @db.Uuid
  oauthProviderConfigId String

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  providerConfig OauthProviderConfig @relation(fields: [projectConfigId, oauthProviderConfigId], references: [projectConfigId, id])
  projectUser    ProjectUser         @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)

  email                String?
  providerAccountId    String
  providerRefreshToken String?

  @@id([projectId, oauthProviderConfigId, providerAccountId])
}

model ProjectUserRefreshToken {
  projectId     String
  projectUserId String @db.Uuid

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  refreshToken String    @unique
  expiresAt    DateTime?

  projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)

  @@id([projectId, refreshToken])
}

model ProjectUserAuthorizationCode {
  projectId     String
  projectUserId String @db.Uuid

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  authorizationCode String   @unique
  redirectUri       String
  expiresAt         DateTime

  codeChallenge       String
  codeChallengeMethod String

  projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)

  @@id([projectId, authorizationCode])
}

model ProjectUserEmailVerificationCode {
  projectId     String
  projectUserId String @db.Uuid

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  code        String    @unique
  expiresAt   DateTime
  usedAt      DateTime?
  redirectUrl String

  projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)

  @@id([projectId, code])
}

model ProjectUserPasswordResetCode {
  projectId     String
  projectUserId String @db.Uuid

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  code        String    @unique
  expiresAt   DateTime
  usedAt      DateTime?
  redirectUrl String

  projectUser ProjectUser @relation(fields: [projectId, projectUserId], references: [projectId, projectUserId], onDelete: Cascade)

  @@id([projectId, code])
}

//#region API keys

model ApiKeySet {
  projectId String
  project   Project  @relation(fields: [projectId], references: [id])
  id        String   @default(uuid()) @db.Uuid
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  description          String
  expiresAt            DateTime
  manuallyRevokedAt    DateTime?
  publishableClientKey String?   @unique
  secretServerKey      String?   @unique
  superSecretAdminKey  String?   @unique

  @@id([projectId, id])
}

model EmailServiceConfig {
  projectConfigId String        @id @db.Uuid
  projectConfig   ProjectConfig @relation(fields: [projectConfigId], references: [id])

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  senderName String

  proxiedEmailServiceConfig  ProxiedEmailServiceConfig?
  standardEmailServiceConfig StandardEmailServiceConfig?
}

model ProxiedEmailServiceConfig {
  projectConfigId    String             @id @db.Uuid
  emailServiceConfig EmailServiceConfig @relation(fields: [projectConfigId], references: [projectConfigId])
  createdAt          DateTime           @default(now())
  updatedAt          DateTime           @updatedAt
}

model StandardEmailServiceConfig {
  projectConfigId    String             @id @db.Uuid
  emailServiceConfig EmailServiceConfig @relation(fields: [projectConfigId], references: [projectConfigId])
  createdAt          DateTime           @default(now())
  updatedAt          DateTime           @updatedAt

  senderEmail String
  host        String
  port        Int
  username    String
  password    String
}

//#endregion

//#region Oauth

// Exactly one of the xyzOauthConfig variables should be set.
model OauthProviderConfig {
  projectConfigId String        @db.Uuid
  projectConfig   ProjectConfig @relation(fields: [projectConfigId], references: [id])
  id              String

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt

  proxiedOauthConfig       ProxiedOauthProviderConfig?
  standardOauthConfig      StandardOauthProviderConfig?
  projectUserOauthAccounts ProjectUserOauthAccount[]

  @@id([projectConfigId, id])
}

model ProxiedOauthProviderConfig {
  projectConfigId String              @db.Uuid
  providerConfig  OauthProviderConfig @relation(fields: [projectConfigId, id], references: [projectConfigId, id])
  id              String
  createdAt       DateTime            @default(now())
  updatedAt       DateTime            @updatedAt

  type ProxiedOauthProviderType

  @@id([projectConfigId, id])
  @@unique([projectConfigId, type])
}

enum ProxiedOauthProviderType {
  GITHUB
  FACEBOOK
  SLACK
  TWITTER
  LINKEDIN
  GOOGLE
  MICROSOFT
}

model StandardOauthProviderConfig {
  projectConfigId String              @db.Uuid
  providerConfig  OauthProviderConfig @relation(fields: [projectConfigId, id], references: [projectConfigId, id])
  id              String
  createdAt       DateTime            @default(now())
  updatedAt       DateTime            @updatedAt

  type         StandardOauthProviderType
  tenantId     String? // Currently only used for Microsoft
  clientId     String
  clientSecret String

  @@id([projectConfigId, id])
}

enum StandardOauthProviderType {
  GITHUB
  FACEBOOK
  SLACK
  TWITTER
  LINKEDIN
  GOOGLE
  MICROSOFT
}

//#endregion