refactor: add table primitive and migrations by date; feat: add mcp connectors

2026-06-18 21:15:13 +02:00 · 2026-06-15 17:34:58 +08:00 · 2026-06-15 17:34:58 +08:00 · 9a1277ba99
commit 9a1277ba99
parent 01dfcfe0d4
99 changed files with 9344 additions and 2320 deletions
--- a/backend/migrations/20260502_secure_user_api_keys.sql
+++ b/backend/migrations/20260502_secure_user_api_keys.sql
@ -0,0 +1,25 @@
+-- Migration date: 2026-05-02
+
+-- Migration: move BYO provider API keys into encrypted, server-only storage.
+-- The backend encrypts values before writing them. RLS is enabled with no
+-- client policies so browser Supabase clients cannot read key material.
+
+CREATE TABLE IF NOT EXISTS public.user_api_keys (
+  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id uuid NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE,
+  provider text NOT NULL CHECK (provider IN ('claude', 'gemini', 'openai', 'openrouter', 'courtlistener')),
+  encrypted_key text NOT NULL,
+  iv text NOT NULL,
+  auth_tag text NOT NULL,
+  created_at timestamptz NOT NULL DEFAULT now(),
+  updated_at timestamptz NOT NULL DEFAULT now(),
+  UNIQUE(user_id, provider)
+);
+
+CREATE INDEX IF NOT EXISTS idx_user_api_keys_user
+  ON public.user_api_keys(user_id);
+
+ALTER TABLE public.user_api_keys ENABLE ROW LEVEL SECURITY;
+
+-- Legacy plaintext columns remain temporarily so the backend can migrate
+-- existing users on first use, then clear each migrated value.