refactor(identity): rename authentik_sub to user_sub and authentik_user_id to idp_user_id

2026-03-31 22:32:48 +08:00
parent ed5679948b
commit 4060ebff70
22 changed files with 208 additions and 165 deletions
--- a/scripts/init_schema.sql
+++ b/scripts/init_schema.sql
@@ -19,8 +19,8 @@ DROP TABLE IF EXISTS permissions CASCADE;

 CREATE TABLE users (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-  authentik_sub TEXT NOT NULL UNIQUE,
-  authentik_user_id INTEGER,
+  user_sub TEXT NOT NULL UNIQUE,
+  idp_user_id INTEGER,
  username TEXT UNIQUE,
  email TEXT UNIQUE,
  display_name TEXT,
@@ -105,9 +105,9 @@ CREATE TABLE permission_groups (
 CREATE TABLE permission_group_members (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  group_id UUID NOT NULL REFERENCES permission_groups(id) ON DELETE CASCADE,
-  authentik_sub TEXT NOT NULL,
+  user_sub TEXT NOT NULL,
  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-  CONSTRAINT uq_permission_group_members_group_sub UNIQUE (group_id, authentik_sub)
+  CONSTRAINT uq_permission_group_members_group_sub UNIQUE (group_id, user_sub)
 );

 CREATE TABLE permission_group_permissions (
@@ -144,7 +144,7 @@ INSERT INTO systems (system_key, name, status)
 VALUES ('member', 'Member Center', 'active')
 ON CONFLICT (system_key) DO NOTHING;

-CREATE INDEX idx_users_authentik_sub ON users(authentik_sub);
+CREATE INDEX idx_users_user_sub ON users(user_sub);
 CREATE INDEX idx_users_username ON users(username);
 CREATE INDEX idx_sites_company_id ON sites(company_id);
 CREATE INDEX idx_usp_user_id ON user_scope_permissions(user_id);
@@ -153,7 +153,7 @@ CREATE INDEX idx_usp_site_id ON user_scope_permissions(site_id);
 CREATE UNIQUE INDEX uq_usp_site
  ON user_scope_permissions(user_id, module_id, action, scope_type, site_id);
 CREATE INDEX idx_pgm_group_id ON permission_group_members(group_id);
-CREATE INDEX idx_pgm_authentik_sub ON permission_group_members(authentik_sub);
+CREATE INDEX idx_pgm_user_sub ON permission_group_members(user_sub);
 CREATE INDEX idx_pgp_group_id ON permission_group_permissions(group_id);
 CREATE INDEX idx_pgp_scope_site ON permission_group_permissions(scope_id);
 CREATE INDEX idx_api_clients_status ON api_clients(status);
--- a/scripts/migrate_add_authentik_user_id.sql
+++ b/scripts/migrate_add_authentik_user_id.sql
@@ -1,2 +1,2 @@
 ALTER TABLE users
-  ADD COLUMN IF NOT EXISTS authentik_user_id INTEGER;
+  ADD COLUMN IF NOT EXISTS idp_user_id INTEGER;
--- a/scripts/migrate_align_company_site_member_system.sql
+++ b/scripts/migrate_align_company_site_member_system.sql
@@ -46,9 +46,9 @@ CREATE TABLE IF NOT EXISTS permission_groups (
 CREATE TABLE IF NOT EXISTS permission_group_members (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  group_id UUID NOT NULL REFERENCES permission_groups(id) ON DELETE CASCADE,
-  authentik_sub TEXT NOT NULL,
+  user_sub TEXT NOT NULL,
  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-  CONSTRAINT uq_permission_group_members_group_sub UNIQUE (group_id, authentik_sub)
+  CONSTRAINT uq_permission_group_members_group_sub UNIQUE (group_id, user_sub)
 );

 CREATE TABLE IF NOT EXISTS permission_group_permissions (
@@ -64,7 +64,7 @@ CREATE TABLE IF NOT EXISTS permission_group_permissions (

 CREATE INDEX IF NOT EXISTS idx_systems_system_key ON systems(system_key);
 CREATE INDEX IF NOT EXISTS idx_pgm_group_id ON permission_group_members(group_id);
-CREATE INDEX IF NOT EXISTS idx_pgm_authentik_sub ON permission_group_members(authentik_sub);
+CREATE INDEX IF NOT EXISTS idx_pgm_user_sub ON permission_group_members(user_sub);
 CREATE INDEX IF NOT EXISTS idx_pgp_group_id ON permission_group_permissions(group_id);

 CREATE UNIQUE INDEX IF NOT EXISTS uq_pgp_group_rule
--- a/scripts/migrate_rename_identity_columns.sql
+++ b/scripts/migrate_rename_identity_columns.sql
@@ -0,0 +1,43 @@
+BEGIN;
+
+DO $$
+BEGIN
+  IF EXISTS (
+    SELECT 1 FROM information_schema.columns
+    WHERE table_name = 'users' AND column_name = 'authentik_sub'
+  ) AND NOT EXISTS (
+    SELECT 1 FROM information_schema.columns
+    WHERE table_name = 'users' AND column_name = 'user_sub'
+  ) THEN
+    ALTER TABLE users RENAME COLUMN authentik_sub TO user_sub;
+  END IF;
+
+  IF EXISTS (
+    SELECT 1 FROM information_schema.columns
+    WHERE table_name = 'users' AND column_name = 'authentik_user_id'
+  ) AND NOT EXISTS (
+    SELECT 1 FROM information_schema.columns
+    WHERE table_name = 'users' AND column_name = 'idp_user_id'
+  ) THEN
+    ALTER TABLE users RENAME COLUMN authentik_user_id TO idp_user_id;
+  END IF;
+
+  IF EXISTS (
+    SELECT 1 FROM information_schema.columns
+    WHERE table_name = 'permission_group_members' AND column_name = 'authentik_sub'
+  ) AND NOT EXISTS (
+    SELECT 1 FROM information_schema.columns
+    WHERE table_name = 'permission_group_members' AND column_name = 'user_sub'
+  ) THEN
+    ALTER TABLE permission_group_members RENAME COLUMN authentik_sub TO user_sub;
+  END IF;
+END
+$$;
+
+ALTER INDEX IF EXISTS idx_users_authentik_sub RENAME TO idx_users_user_sub;
+ALTER INDEX IF EXISTS idx_pgm_authentik_sub RENAME TO idx_pgm_user_sub;
+
+CREATE INDEX IF NOT EXISTS idx_users_user_sub ON users(user_sub);
+CREATE INDEX IF NOT EXISTS idx_pgm_user_sub ON permission_group_members(user_sub);
+
+COMMIT;