Create schema and migration for organization access tokens

myftija · myftija · commit db2d4b8286df · 2025-08-14T11:08:58.000+02:00
diff --git a/internal-packages/database/prisma/migrations/20250813103207_add_organization_access_token/migration.sql b/internal-packages/database/prisma/migrations/20250813103207_add_organization_access_token/migration.sql
@@ -0,0 +1,19 @@
+CREATE TABLE "OrganizationAccessToken" (
+    "id" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "encryptedToken" JSONB NOT NULL,
+    "obfuscatedToken" TEXT NOT NULL,
+    "hashedToken" TEXT NOT NULL,
+    "organizationId" TEXT NOT NULL,
+    "expiresAt" TIMESTAMP(3),
+    "revokedAt" TIMESTAMP(3),
+    "lastAccessedAt" TIMESTAMP(3),
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "OrganizationAccessToken_pkey" PRIMARY KEY ("id")
+);
+
+CREATE UNIQUE INDEX "OrganizationAccessToken_hashedToken_key" ON "OrganizationAccessToken"("hashedToken");
+
+ALTER TABLE "OrganizationAccessToken" ADD CONSTRAINT "OrganizationAccessToken_organizationId_fkey" FOREIGN KEY ("organizationId") REFERENCES "Organization"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
diff --git a/internal-packages/database/prisma/schema.prisma b/internal-packages/database/prisma/schema.prisma
@@ -133,6 +133,33 @@ model PersonalAccessToken {
   authorizationCodes AuthorizationCode[]
 }
 
+model OrganizationAccessToken {
+  id String @id @default(cuid())
+
+  /// User-provided name for the token
+  name String
+
+  /// This is the token encrypted using the ENCRYPTION_KEY
+  encryptedToken Json
+
+  /// This is shown in the UI, with ********
+  obfuscatedToken String
+
+  /// This is used to find the token in the database
+  hashedToken String @unique
+
+  organization   Organization   @relation(fields: [organizationId], references: [id])
+  organizationId String
+
+  /// Optional expiration date for the token
+  expiresAt      DateTime?
+  revokedAt      DateTime?
+  lastAccessedAt DateTime?
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+}
+
 model Organization {
   id    String @id @default(cuid())
   slug  String @unique
@@ -174,6 +201,7 @@ model Organization {
   members                  OrgMember[]
   invites                  OrgMemberInvite[]
   organizationIntegrations OrganizationIntegration[]
+  organizationAccessTokens OrganizationAccessToken[]
   workerGroups             WorkerInstanceGroup[]
   workerInstances          WorkerInstance[]
   executionSnapshots       TaskRunExecutionSnapshot[]
