-- Profiles CREATE TABLE public.profiles ( id UUID PRIMARY KEY REFERENCES auth.users(id) ON DELETE CASCADE, display_name TEXT, recovery_email TEXT, recovery_phone TEXT, master_pin_hash TEXT, encryption_salt TEXT, webauthn_credentials JSONB DEFAULT '[]'::jsonb, created_at TIMESTAMPTZ NOT NULL DEFAULT now(), updated_at TIMESTAMPTZ NOT NULL DEFAULT now() ); ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY; CREATE POLICY "profiles_select_own" ON public.profiles FOR SELECT USING (auth.uid() = id); CREATE POLICY "profiles_insert_own" ON public.profiles FOR INSERT WITH CHECK (auth.uid() = id); CREATE POLICY "profiles_update_own" ON public.profiles FOR UPDATE USING (auth.uid() = id); CREATE POLICY "profiles_delete_own" ON public.profiles FOR DELETE USING (auth.uid() = id); -- Categories CREATE TABLE public.categories ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, name TEXT NOT NULL, color TEXT NOT NULL DEFAULT '#0d7a5f', icon TEXT DEFAULT 'folder', created_at TIMESTAMPTZ NOT NULL DEFAULT now() ); ALTER TABLE public.categories ENABLE ROW LEVEL SECURITY; CREATE POLICY "categories_select_own" ON public.categories FOR SELECT USING (auth.uid() = user_id); CREATE POLICY "categories_insert_own" ON public.categories FOR INSERT WITH CHECK (auth.uid() = user_id); CREATE POLICY "categories_update_own" ON public.categories FOR UPDATE USING (auth.uid() = user_id); CREATE POLICY "categories_delete_own" ON public.categories FOR DELETE USING (auth.uid() = user_id); -- Vault items CREATE TABLE public.vault_items ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, category_id UUID REFERENCES public.categories(id) ON DELETE SET NULL, item_type TEXT NOT NULL DEFAULT 'password', title TEXT NOT NULL, login_url TEXT, username_enc TEXT, password_enc TEXT, notes_enc TEXT, card_number_enc TEXT, card_holder_enc TEXT, card_expiry_enc TEXT, card_cvv_enc TEXT, created_at TIMESTAMPTZ NOT NULL DEFAULT now(), updated_at TIMESTAMPTZ NOT NULL DEFAULT now() ); ALTER TABLE public.vault_items ENABLE ROW LEVEL SECURITY; CREATE POLICY "vault_select_own" ON public.vault_items FOR SELECT USING (auth.uid() = user_id); CREATE POLICY "vault_insert_own" ON public.vault_items FOR INSERT WITH CHECK (auth.uid() = user_id); CREATE POLICY "vault_update_own" ON public.vault_items FOR UPDATE USING (auth.uid() = user_id); CREATE POLICY "vault_delete_own" ON public.vault_items FOR DELETE USING (auth.uid() = user_id); CREATE INDEX idx_vault_user ON public.vault_items(user_id); CREATE INDEX idx_vault_category ON public.vault_items(category_id); CREATE INDEX idx_categories_user ON public.categories(user_id); -- updated_at trigger CREATE OR REPLACE FUNCTION public.set_updated_at() RETURNS TRIGGER LANGUAGE plpgsql AS $$ BEGIN NEW.updated_at = now(); RETURN NEW; END; $$; CREATE TRIGGER profiles_updated BEFORE UPDATE ON public.profiles FOR EACH ROW EXECUTE FUNCTION public.set_updated_at(); CREATE TRIGGER vault_updated BEFORE UPDATE ON public.vault_items FOR EACH ROW EXECUTE FUNCTION public.set_updated_at(); -- Auto-create profile on signup CREATE OR REPLACE FUNCTION public.handle_new_user() RETURNS TRIGGER LANGUAGE plpgsql SECURITY DEFINER SET search_path = public AS $$ BEGIN INSERT INTO public.profiles (id, display_name, recovery_email) VALUES (NEW.id, COALESCE(NEW.raw_user_meta_data->>'display_name', NEW.email), NEW.email); RETURN NEW; END; $$; CREATE TRIGGER on_auth_user_created AFTER INSERT ON auth.users FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();