TheMaxiMousse · Vianpyro · Jun 8, 2025 · Jun 7, 2025 · Jun 8, 2025 · Jun 8, 2025
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -25,5 +25,6 @@
         "onAutoForward": "ignore"
     },
     "postCreateCommand": "initdb -D $PGDATA && pg_ctl -D $PGDATA -o '-k /run/postgresql' -l /tmp/pg.log start && createdb chocomax && pg_ctl -D $PGDATA stop",
+    "postStartCommand": "pg_ctl -D $PGDATA -o '-k /run/postgresql' -l /tmp/pg.log start",
     "remoteUser": "vscode"
 }
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -3,6 +3,8 @@ name: Create Release
 
 permissions:
   contents: write
+  pull-requests: read
+  statuses: read
 
 on:
   push:

diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -9,7 +9,7 @@ on:
     branches:
       - main
     paths:
-      - database/**
+      - database/**/*.sql
       - .github/workflows/unit-tests.yml
   pull_request: null
   workflow_dispatch:

diff --git a/Dockerfile b/Dockerfile
@@ -29,6 +29,9 @@ RUN chmod +x /usr/local/bin/*.sh && \
 # Drop root privileges
 USER postgres
 
+# Copy configuration files
+COPY config/. /etc/postgresql/
+
 # Use tini for proper signal handling
 ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]
 

diff --git a/conf/postgresql.conf b/conf/postgresql.conf
diff --git a/config/pg_hba.conf b/config/pg_hba.conf
@@ -0,0 +1,17 @@
+# PostgreSQL Client Authentication Configuration File
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+
+# Allow local connections for all users with scram-sha-256
+local   all             all                                     scram-sha-256
+
+# Allow connections from any IP address with scram-sha-256
+# host    all             all             0.0.0.0/0               scram-sha-256
+# host    all             all             ::/0                    scram-sha-256
+
+# "replication" privilege for streaming replication, by default only from localhost
+# local   replication     all                                     scram-sha-256
+# host    replication     all             127.0.0.1/32            scram-sha-256
+# host    replication     all             ::1/128                 scram-sha-256
+
+# Allow only Docker bridge network
+host    all             all             172.17.0.0/16           scram-sha-256
diff --git a/config/postgresql.conf b/config/postgresql.conf
@@ -0,0 +1 @@
+listen_addresses = '*'
diff --git a/database/functions/authenticate_user.sql b/database/functions/authenticate_user.sql
@@ -6,7 +6,7 @@ CREATE OR REPLACE FUNCTION authenticate_user(
     p_user_agent TEXT
 ) RETURNS BOOLEAN AS $$
 DECLARE
-    v_user_id INTEGER;
+    v_user_id UUID;
 BEGIN
     -- Attempt to find the user by username and hashed password
     SELECT user_id INTO v_user_id

diff --git a/database/functions/disable_2fa.sql b/database/functions/disable_2fa.sql
@@ -1,5 +1,5 @@
 -- Disable 2FA for a user
-CREATE OR REPLACE FUNCTION disable_2fa(p_user_id INTEGER) RETURNS VOID AS $$
+CREATE OR REPLACE FUNCTION disable_2fa(p_user_id UUID) RETURNS VOID AS $$
 BEGIN
     UPDATE user_authentication_methods
     SET is_enabled = FALSE, updated_at = NOW()

diff --git a/database/functions/get_user_2fa_secret.sql b/database/functions/get_user_2fa_secret.sql
@@ -1,5 +1,5 @@
 -- Get the user's authentication methods secret
-CREATE OR REPLACE FUNCTION get_user_authentication_method_secret(p_user_id INTEGER) RETURNS TABLE (method TEXT, secret TEXT) AS $$
+CREATE OR REPLACE FUNCTION get_user_authentication_method_secret(p_user_id UUID) RETURNS TABLE (method TEXT, secret TEXT) AS $$
 BEGIN
     RETURN QUERY
     SELECT authentication_method, user_authentication_method_secret

diff --git a/database/functions/is_2fa_enabled.sql b/database/functions/is_2fa_enabled.sql
@@ -1,5 +1,5 @@
 -- Check if the user has 2FA enabled
-CREATE OR REPLACE FUNCTION is_2fa_enabled(p_user_id INTEGER) RETURNS BOOLEAN AS $$
+CREATE OR REPLACE FUNCTION is_2fa_enabled(p_user_id UUID) RETURNS BOOLEAN AS $$
 DECLARE
     v_enabled BOOLEAN;
 BEGIN

diff --git a/database/procedures/handle_successful_login.sql b/database/procedures/handle_successful_login.sql
@@ -1,6 +1,6 @@
 -- Update last_login and log successful attempt
 CREATE OR REPLACE PROCEDURE handle_successful_login(
-    p_user_id INTEGER,
+    p_user_id UUID,
     p_ip_address INET,
     p_user_agent TEXT
 )

diff --git a/database/procedures/log_login_attempt.sql b/database/procedures/log_login_attempt.sql
@@ -1,6 +1,6 @@
 -- Log a login attempt (used in both success and failure cases)
 CREATE OR REPLACE PROCEDURE log_login_attempt(
-    p_user_id INTEGER,
+    p_user_id UUID,
     p_ip_address INET,
     p_user_agent TEXT,
     p_success BOOLEAN

diff --git a/database/procedures/register_user.sql b/database/procedures/register_user.sql
@@ -6,7 +6,7 @@ CREATE OR REPLACE PROCEDURE register_user(
     p_password_hash VARCHAR,
     p_phone_encrypted TEXT,
     p_phone_hash TEXT,
-    p_preferred_language VARCHAR
+    p_preferred_language_iso_code CHAR(2)
 )
 LANGUAGE plpgsql AS $$
 BEGIN
@@ -18,7 +18,7 @@ BEGIN
             password_hash,
             phone_encrypted,
             phone_hash,
-            preferred_language
+            language_id
         )
         VALUES (
             p_email_encrypted,
@@ -27,7 +27,7 @@ BEGIN
             p_password_hash,
             p_phone_encrypted,
             p_phone_hash,
-            p_preferred_language
+            (SELECT language_id FROM languages WHERE iso_code = p_preferred_language_iso_code)
         );
     EXCEPTION
         WHEN unique_violation THEN