-- AlterTable: Add brute-force attempt tracking to security verification codes
ALTER TABLE "security_verification_codes" ADD COLUMN     "attempts" INTEGER NOT NULL DEFAULT 0;

-- AlterTable: Add hash-based API key lookup to server connections
ALTER TABLE "server_connections" ADD COLUMN     "hub_api_key_hash" TEXT;

-- CreateTable: DB-backed 2FA sessions (replacing in-memory Map)
CREATE TABLE "pending_2fa_sessions" (
    "id" TEXT NOT NULL,
    "token" TEXT NOT NULL,
    "user_id" TEXT NOT NULL,
    "user_type" TEXT NOT NULL,
    "email" TEXT NOT NULL,
    "name" TEXT,
    "role" TEXT,
    "company" TEXT,
    "subscription" JSONB,
    "expires_at" TIMESTAMP(3) NOT NULL,
    "created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,

    CONSTRAINT "pending_2fa_sessions_pkey" PRIMARY KEY ("id")
);

-- CreateIndex
CREATE UNIQUE INDEX "pending_2fa_sessions_token_key" ON "pending_2fa_sessions"("token");

-- CreateIndex
CREATE INDEX "pending_2fa_sessions_token_idx" ON "pending_2fa_sessions"("token");

-- CreateIndex
CREATE INDEX "pending_2fa_sessions_expires_at_idx" ON "pending_2fa_sessions"("expires_at");

-- CreateIndex
CREATE UNIQUE INDEX "server_connections_hub_api_key_hash_key" ON "server_connections"("hub_api_key_hash");