defmodule DaProductApp.Repo.Migrations.CreateOauthTables do
  use Ecto.Migration

  def change do
    # OAuth Applications (Clients)
    create table(:oauth_applications) do
      add :name, :string, null: false
      add :uid, :string, null: false
      add :secret, :string, null: false, default: ""
      add :redirect_uri, :text, null: false
      add :scopes, :string, null: false, default: ""
      add :owner_id, :integer

      timestamps()
    end

    create unique_index(:oauth_applications, [:uid])

    # OAuth Access Tokens
    create table(:oauth_access_tokens) do
      add :resource_owner_id, :integer
      add :application_id, references(:oauth_applications, on_delete: :delete_all)
      add :token, :string, null: false
      add :refresh_token, :string
      add :expires_in, :integer
      add :revoked_at, :utc_datetime
      add :scopes, :string
      add :previous_refresh_token, :string, null: false, default: ""

      timestamps(updated_at: false)
    end

    create unique_index(:oauth_access_tokens, [:token])
    create index(:oauth_access_tokens, [:application_id])
    create index(:oauth_access_tokens, [:resource_owner_id])
    create index(:oauth_access_tokens, [:refresh_token])

    # OAuth Access Grants (for authorization code flow - optional but library expects it)
    create table(:oauth_access_grants) do
      add :resource_owner_id, :integer, null: false
      add :application_id, references(:oauth_applications, on_delete: :delete_all), null: false
      add :token, :string, null: false
      add :expires_in, :integer, null: false
      add :redirect_uri, :text, null: false
      add :scopes, :string
      add :revoked_at, :utc_datetime

      timestamps(updated_at: false)
    end

    create unique_index(:oauth_access_grants, [:token])
    create index(:oauth_access_grants, [:application_id])
    create index(:oauth_access_grants, [:resource_owner_id])
  end
end