From 81555d920eff4b73e618882aac406fec0764e222 Mon Sep 17 00:00:00 2001
From: xfy <i@rua.plus>
Date: Thu, 11 Jun 2026 09:42:32 +0800
Subject: [PATCH] refactor: sessions table stores token hash instead of
 plaintext

---
 migrations/001_init.sql | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/migrations/001_init.sql b/migrations/001_init.sql
index 228323e..0c33d21 100644
--- a/migrations/001_init.sql
+++ b/migrations/001_init.sql
@@ -12,10 +12,11 @@ CREATE UNIQUE INDEX IF NOT EXISTS idx_one_admin ON users(role) WHERE role = 'adm
 CREATE TABLE IF NOT EXISTS sessions (
     id SERIAL PRIMARY KEY,
     user_id INT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
-    token VARCHAR(255) UNIQUE NOT NULL,
+    token_hash CHAR(64) UNIQUE NOT NULL,
+    user_agent VARCHAR(500),
     expires_at TIMESTAMPTZ NOT NULL,
     created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
 );
 
-CREATE INDEX IF NOT EXISTS idx_sessions_token ON sessions(token);
+CREATE INDEX IF NOT EXISTS idx_sessions_token_hash ON sessions(token_hash);
 CREATE INDEX IF NOT EXISTS idx_sessions_expires ON sessions(expires_at);