CREATE TABLE public.user (
	id serial NOT NULL,
	"name"     varchar NOT NULL,
	"username" varchar NOT NULL,
	"password" char(96) NOT NULL,
	totp varchar NOT NULL,
	last_login timestamp with time zone NOT NULL DEFAULT '1970-01-01 00:00:00',
	CONSTRAINT user_pk PRIMARY KEY (id),
	CONSTRAINT user_un UNIQUE (username)
);

CREATE TABLE public.session (
	id         serial NOT NULL,
	user_id    int4 NULL,
	"uuid"     char(36) NOT NULL,
	created    timestamp with time zone NOT NULL DEFAULT NOW(),
	last_used  timestamp with time zone NOT NULL DEFAULT NOW(),
	CONSTRAINT session_pk PRIMARY KEY (id),
	CONSTRAINT session_un UNIQUE ("uuid"),
	CONSTRAINT session_user_fk FOREIGN KEY (user_id) REFERENCES "user"(id) ON DELETE CASCADE ON UPDATE CASCADE
);

CREATE EXTENSION IF NOT EXISTS pgcrypto SCHEMA public;

CREATE FUNCTION password_hash(salt_hex char(32), pass bytea)
RETURNS char(96)
LANGUAGE plpgsql
AS
$$
BEGIN
	RETURN (
		SELECT
			salt_hex ||
			encode(
				sha256(
					decode(salt_hex, 'hex') || /* salt in binary */
					pass                       /* password */
				),
				'hex'
			)
	);
END;
$$;