max / makenotwork
| 1 | -- Personal access tokens for git over HTTPS (Basic auth). The plaintext token |
| 2 | -- is shown once at creation and never persisted — only its SHA-256 hex hash is |
| 3 | -- stored. `can_push` gates write (receive-pack) access; `expires_at` NULL means |
| 4 | -- no expiry. Lookups are by token_hash (UNIQUE → indexed); listing is by user. |
| 5 | NOT EXISTS git_access_tokens ( |
| 6 | id UUID PRIMARY KEY DEFAULT gen_random_uuid, |
| 7 | user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE, |
| 8 | name TEXT NOT NULL, |
| 9 | token_hash TEXT NOT NULL UNIQUE, |
| 10 | can_push BOOLEAN NOT NULL DEFAULT FALSE, |
| 11 | created_at TIMESTAMPTZ NOT NULL DEFAULT NOW, |
| 12 | last_used_at TIMESTAMPTZ, |
| 13 | expires_at TIMESTAMPTZ |
| 14 | ); |
| 15 | |
| 16 | NOT EXISTS idx_git_access_tokens_user ON git_access_tokens(user_id); |
| 17 |