-- +goose Up
-- Phase 2: hand-rolled auth replaced by Ory Kratos. Kratos owns identities,
-- credentials, sessions, email verification, recovery and social sign-in.
-- honeyDue keeps a slim auth_user row linked to the Kratos identity by
-- kratos_id; all domain tables keep their existing integer auth_user FKs.
--
-- Pre-production: a clean slate is taken. auth_user is truncated (cascading
-- to all user-scoped domain data) so no auth_user row exists without a
-- Kratos identity behind it. There is no data migration.

-- honeyDue's hand-rolled auth tables are no longer used — Kratos owns this.
DROP TABLE IF EXISTS user_authtoken;
DROP TABLE IF EXISTS user_confirmationcode;
DROP TABLE IF EXISTS user_passwordresetcode;
DROP TABLE IF EXISTS user_applesocialauth;
DROP TABLE IF EXISTS user_googlesocialauth;

-- Link each auth_user row to its Kratos identity (UUID).
ALTER TABLE auth_user ADD COLUMN IF NOT EXISTS kratos_id uuid;
CREATE UNIQUE INDEX IF NOT EXISTS uq_auth_user_kratos_id
    ON auth_user (kratos_id) WHERE kratos_id IS NOT NULL;

-- password is NOT NULL in the Django-era schema but is no longer used —
-- Kratos holds credentials. Make it nullable so provisioning need not
-- invent a placeholder hash.
ALTER TABLE auth_user ALTER COLUMN password DROP NOT NULL;

-- Clean slate (pre-production): drop every existing account and all
-- user-scoped domain data so nothing is left orphaned without a Kratos id.
TRUNCATE TABLE auth_user CASCADE;

-- +goose Down
-- The dropped tables' data cannot be restored. Down only removes the
-- kratos_id column and restores the password NOT NULL constraint; reverting
-- to hand-rolled auth means reverting the Phase 2 application code.
DROP INDEX IF EXISTS uq_auth_user_kratos_id;
ALTER TABLE auth_user DROP COLUMN IF EXISTS kratos_id;