-- LASUCA API: Refresh Tokens Table
-- Run this migration to add JWT refresh token storage

CREATE TABLE IF NOT EXISTS refresh_tokens (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(100) NOT NULL,
    token_id VARCHAR(64) NOT NULL UNIQUE,
    expires_at DATETIME NOT NULL,
    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
    revoked_at DATETIME NULL DEFAULT NULL,
    
    INDEX idx_username (username),
    INDEX idx_token_id (token_id),
    INDEX idx_expires_at (expires_at),
    
    FOREIGN KEY (username) REFERENCES members(username) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

-- Optional: Add password reset columns to members table for Phase 2
-- ALTER TABLE members
--     ADD COLUMN password_reset_token VARCHAR(64) NULL DEFAULT NULL,
--     ADD COLUMN password_reset_expires DATETIME NULL DEFAULT NULL;