DROP SCHEMA IF EXISTS auth CASCADE;
CREATE SCHEMA IF NOT EXISTS auth;

DROP TABLE IF EXISTS auth.tb_auth_refresh_token CASCADE;
CREATE TABLE IF NOT EXISTS auth.tb_auth_refresh_token (
    token_id        VARCHAR(64) PRIMARY KEY,
    session_id      VARCHAR(64) NOT NULL,
    client_type     VARCHAR(32) NOT NULL DEFAULT 'WEB',
    user_id         VARCHAR(64) NOT NULL,
    username        VARCHAR(64) NOT NULL,
    adcode          VARCHAR(12),
    tenant_id       VARCHAR(64),
    tenant_path     VARCHAR(255),
    dept_id         VARCHAR(64),
    dept_path       VARCHAR(255),
    refresh_token   TEXT NOT NULL,
    expire_at       TIMESTAMP NOT NULL,
    revoked         BOOLEAN NOT NULL DEFAULT FALSE,
    revoked_at      TIMESTAMP,
    last_active_at  TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    created_at      TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
);
COMMENT ON TABLE auth.tb_auth_refresh_token IS '认证刷新令牌表';
COMMENT ON COLUMN auth.tb_auth_refresh_token.token_id IS '令牌ID';
COMMENT ON COLUMN auth.tb_auth_refresh_token.session_id IS '会话ID';
COMMENT ON COLUMN auth.tb_auth_refresh_token.client_type IS '客户端类型（WEB/MINI）';
COMMENT ON COLUMN auth.tb_auth_refresh_token.user_id IS '用户ID';
COMMENT ON COLUMN auth.tb_auth_refresh_token.username IS '用户名';
COMMENT ON COLUMN auth.tb_auth_refresh_token.adcode IS '行政区划编码';
COMMENT ON COLUMN auth.tb_auth_refresh_token.tenant_id IS '租户ID';
COMMENT ON COLUMN auth.tb_auth_refresh_token.tenant_path IS '租户路径';
COMMENT ON COLUMN auth.tb_auth_refresh_token.dept_id IS '部门ID';
COMMENT ON COLUMN auth.tb_auth_refresh_token.dept_path IS '部门路径';
COMMENT ON COLUMN auth.tb_auth_refresh_token.refresh_token IS '刷新令牌';
COMMENT ON COLUMN auth.tb_auth_refresh_token.expire_at IS '过期时间';
COMMENT ON COLUMN auth.tb_auth_refresh_token.revoked IS '是否撤销';
COMMENT ON COLUMN auth.tb_auth_refresh_token.revoked_at IS '撤销时间';
COMMENT ON COLUMN auth.tb_auth_refresh_token.last_active_at IS '最后活跃时间';
COMMENT ON COLUMN auth.tb_auth_refresh_token.created_at IS '创建时间';

DROP TABLE IF EXISTS auth.tb_auth_login_audit CASCADE;
CREATE TABLE IF NOT EXISTS auth.tb_auth_login_audit (
    audit_id        VARCHAR(64) PRIMARY KEY,
    user_id         VARCHAR(64),
    username        VARCHAR(64) NOT NULL,
    client_type     VARCHAR(32) NOT NULL DEFAULT 'WEB',
    adcode          VARCHAR(12),
    tenant_id       VARCHAR(64),
    tenant_path     VARCHAR(255),
    dept_id         VARCHAR(64),
    dept_path       VARCHAR(255),
    login_ip        VARCHAR(64),
    login_status    VARCHAR(32) NOT NULL,
    failure_reason  VARCHAR(255),
    created_at      TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
);
COMMENT ON TABLE auth.tb_auth_login_audit IS '登录审计日志表';
COMMENT ON COLUMN auth.tb_auth_login_audit.audit_id IS '审计ID';
COMMENT ON COLUMN auth.tb_auth_login_audit.user_id IS '用户ID';
COMMENT ON COLUMN auth.tb_auth_login_audit.username IS '用户名';
COMMENT ON COLUMN auth.tb_auth_login_audit.client_type IS '客户端类型';
COMMENT ON COLUMN auth.tb_auth_login_audit.adcode IS '行政区划编码';
COMMENT ON COLUMN auth.tb_auth_login_audit.tenant_id IS '租户ID';
COMMENT ON COLUMN auth.tb_auth_login_audit.tenant_path IS '租户路径';
COMMENT ON COLUMN auth.tb_auth_login_audit.dept_id IS '部门ID';
COMMENT ON COLUMN auth.tb_auth_login_audit.dept_path IS '部门路径';
COMMENT ON COLUMN auth.tb_auth_login_audit.login_ip IS '登录IP';
COMMENT ON COLUMN auth.tb_auth_login_audit.login_status IS '登录状态';
COMMENT ON COLUMN auth.tb_auth_login_audit.failure_reason IS '失败原因';
COMMENT ON COLUMN auth.tb_auth_login_audit.created_at IS '创建时间';

CREATE INDEX IF NOT EXISTS idx_auth_refresh_token_user ON auth.tb_auth_refresh_token(user_id);
CREATE INDEX IF NOT EXISTS idx_auth_refresh_token_user_client ON auth.tb_auth_refresh_token(user_id, client_type, session_id);
CREATE UNIQUE INDEX IF NOT EXISTS idx_auth_refresh_token_value ON auth.tb_auth_refresh_token(refresh_token);
CREATE INDEX IF NOT EXISTS idx_auth_login_audit_tenant ON auth.tb_auth_login_audit(tenant_id, created_at DESC);