forked from Wroclaw/WorkshopTasker
Wroclaw
ebf5690519
previously tokens were only like IDs, time based and incrementing counter. An attacker could easily bruteforce them. This patch changes tokens to be completely random. fixes #2
118 lines
4.4 KiB
Text
118 lines
4.4 KiB
Text
datasource db {
|
|
provider = "mysql"
|
|
url = env("DB_URL")
|
|
}
|
|
|
|
generator client {
|
|
provider = "prisma-client-js"
|
|
}
|
|
|
|
model User {
|
|
id BigInt @id @unique @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
username String @unique @db.VarChar(30)
|
|
email String @unique @db.VarChar(128)
|
|
password Bytes @db.Binary(64)
|
|
display_name String? @db.VarChar(30)
|
|
managedOrders Order[]
|
|
sessions Session[]
|
|
|
|
@@map("users")
|
|
}
|
|
|
|
model Session {
|
|
id BigInt @id @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
userId BigInt @map("user") @db.UnsignedBigInt
|
|
sessionToken Bytes @db.Binary(64)
|
|
expiry_date DateTime? @default(dbgenerated("(now() + interval 30 day)")) @db.Timestamp(0)
|
|
user User @relation(fields: [userId], references: [id])
|
|
|
|
@@index([userId], map: "user_idx")
|
|
@@index([sessionToken])
|
|
@@map("sessions")
|
|
}
|
|
|
|
model Client {
|
|
id BigInt @id @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
name String? @db.VarChar(128)
|
|
address String? @db.VarChar(128)
|
|
phone String? @db.VarChar(16)
|
|
email String? @db.VarChar(128)
|
|
orders Order[]
|
|
|
|
@@map("clients")
|
|
}
|
|
|
|
model Order {
|
|
id BigInt @id @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
clientId BigInt @db.UnsignedBigInt @map("client")
|
|
userId BigInt @db.UnsignedBigInt @map("user")
|
|
draft Boolean @default(true) @map("is_draft") @db.TinyInt
|
|
imported_products ImportedProduct[]
|
|
client Client @relation(fields: [clientId], references: [id])
|
|
user User @relation(fields: [userId], references: [id])
|
|
work Work[]
|
|
|
|
@@index([clientId])
|
|
@@index([userId])
|
|
@@map("orders")
|
|
}
|
|
|
|
model ImportedProduct {
|
|
id BigInt @id @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
orderId BigInt @db.UnsignedBigInt @map("order")
|
|
name String? @db.VarChar(128)
|
|
link String @db.VarChar(1024)
|
|
price_imported Decimal @default(0.00) @db.Decimal(10, 2)
|
|
price Decimal @default(0.00) @db.Decimal(10, 2)
|
|
order Order @relation(fields: [orderId], references: [id])
|
|
|
|
@@index([orderId])
|
|
@@map("imported_products")
|
|
}
|
|
|
|
model Offer {
|
|
id BigInt @id @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
name String @db.VarChar(45)
|
|
description String? @db.Text
|
|
recommended_price Decimal? @db.Decimal(10, 2)
|
|
work Work[]
|
|
|
|
@@map("offer")
|
|
}
|
|
|
|
model OrderTemplate {
|
|
id BigInt @id @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
name String @db.VarChar(45)
|
|
description String? @db.Text
|
|
work_templates WorkTemplate[]
|
|
|
|
@@map("order_templates")
|
|
}
|
|
|
|
model Work {
|
|
id BigInt @id @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
orderId BigInt @map("order") @db.UnsignedBigInt
|
|
offerId BigInt @map("offer") @db.UnsignedBigInt
|
|
price Decimal @db.Decimal(10, 2)
|
|
notes String? @db.Text
|
|
fulfilled Boolean @default(false) @map("is_fulfilled") @db.TinyInt
|
|
order Order @relation(fields: [orderId], references: [id])
|
|
offer Offer @relation(fields: [offerId], references: [id])
|
|
|
|
@@index([offerId], map: "offer_idx")
|
|
@@index([orderId], map: "order_idx")
|
|
@@map("work")
|
|
}
|
|
|
|
model WorkTemplate {
|
|
id BigInt @id @default(dbgenerated("(((unix_timestamp() * 1000) * pow(2,22)) + floor((rand() * pow(2,12))))")) @db.UnsignedBigInt
|
|
orderTemplateId BigInt @map("order_template") @db.UnsignedBigInt
|
|
offerId BigInt @map("offer") @db.UnsignedBigInt
|
|
price Decimal @default(0.00) @db.Decimal(10, 2)
|
|
notes String? @db.Text
|
|
orderTemplate OrderTemplate @relation(fields: [orderTemplateId], references: [id])
|
|
|
|
@@index([offerId])
|
|
@@index([orderTemplateId])
|
|
@@map("work_templates")
|
|
}
|