-- +goose Up
-- Audit C1: auth tokens are stored as SHA-256 hashes (hex, 64 chars), never
-- as plaintext, so a database compromise no longer yields usable session
-- tokens. Widen the key column from 40 to 64 chars. Existing plaintext rows
-- cannot be rehashed in place, so they are dropped — every user logs in
-- once after this deploy. This is expected and one-time.
ALTER TABLE user_authtoken ALTER COLUMN key TYPE varchar(64);
DELETE FROM user_authtoken;

-- +goose Down
-- Tokens cannot be un-hashed; clearing the table is the only safe rollback.
DELETE FROM user_authtoken;
ALTER TABLE user_authtoken ALTER COLUMN key TYPE varchar(40);