TheMaxiMousse · Vianpyro · Jun 22, 2025 · Jun 9, 2025 · Jun 9, 2025 · Jun 9, 2025
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -26,5 +26,6 @@
     },
     "postCreateCommand": "initdb -D $PGDATA && pg_ctl -D $PGDATA -o '-k /run/postgresql' -l /tmp/pg.log start && createdb chocomax && pg_ctl -D $PGDATA stop",
     "postStartCommand": "pg_ctl -D $PGDATA -o '-k /run/postgresql' -l /tmp/pg.log start",
+    "postAttachCommand": "sqlfluff fix database/ -v",
     "remoteUser": "vscode"
 }
diff --git a/.github/workflows/suggest-version-bump.yml b/.github/workflows/suggest-version-bump.yml
@@ -42,7 +42,7 @@ jobs:
           BUMP="patch"
           echo "$LABELS" | grep -q 'type: feature' && BUMP="minor"
           echo "$LABELS" | grep -q 'type: security' && BUMP="minor"
-          echo "$LABELS" | grep -q 'type: breaking' && BUMP="major"
+          echo "$LABELS" | grep -q 'special: breaking change' && BUMP="major"
           echo "bump=$BUMP" >> "$GITHUB_OUTPUT"
 
       - name: Get latest tag

diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
@@ -27,8 +27,7 @@ jobs:
         uses: super-linter/super-linter/slim@v7
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          VALIDATE_ALL_CODEBASE: false
-          FILTER_REGEX_EXCLUDE: '(.github/pull_request_template.md|.github/ISSUE_TEMPLATE/*.md)'
+          DISABLE_ERRORS: true
 
   fix-lint:
     name: Fix Lint
@@ -46,6 +45,7 @@ jobs:
           VALIDATE_ALL_CODEBASE: false
           FILTER_REGEX_EXCLUDE: '(.github/pull_request_template.md|.github/ISSUE_TEMPLATE/*.md)'
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          FIX_JSON: true
           FIX_JSON_PRETTIER: true
           FIX_MARKDOWN: true
           FIX_MARKDOWN_PRETTIER: true
@@ -61,6 +61,6 @@ jobs:
         uses: stefanzweifel/git-auto-commit-action@v5
         with:
           branch: ${{ github.event.pull_request.head.ref }}
-          commit_message: 'chore: fix linting issues'
+          commit_message: 'Super-Linter: Fix linting issues'
           commit_user_name: super-linter
           commit_user_email: [email protected]
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -80,17 +80,14 @@ jobs:
         run: |
           sudo -u "$PG_USER" psql -p "$PGPORT" -d "$PG_DATABASE" -c "CREATE EXTENSION IF NOT EXISTS pgtap;"
 
-      - name: Flatten and load schema SQL files
+      - name: Flatten SQL files
         run: |
-          mkdir flattened-sql
-          find database -type f -name "*.sql" ! -name "*.session.sql" ! -name "*.test.sql" | while read -r file; do
-            clean_path="${file#./}"
-            new_name="${clean_path//\//_}"
-            cp "$file" "flattened-sql/$new_name"
-            echo "✅ Copied: $file → flattened-sql/$new_name"
-          done
+          chmod +x scripts/flatten-sql.sh
+          ./scripts/flatten-sql.sh database flattened-sql
 
-          find flattened-sql -maxdepth 1 -name "*.sql" | while read -r file; do
+      - name: Load schema and seed data
+        run: |
+          find flattened-sql -maxdepth 1 -name "*.sql" | sort | while read -r file; do
             echo "➡️ Running $file..."
             sudo -u postgres psql -p "$PGPORT" -d "$PG_DATABASE" -f "$file"
           done

diff --git a/.vscode/tasks.json b/.vscode/tasks.json
@@ -108,9 +108,6 @@
             },
             "presentation": {
                 "close": true
-            },
-            "runOptions": {
-                "runOn": "default"
             }
         },
         {
@@ -125,7 +122,7 @@
                 "panel": "shared",
                 "close": true
             },
-            "problemMatcher": [],
+            "problemMatcher": []
         },
         {
             "label": "Run Docker Container",
@@ -135,7 +132,7 @@
                 "panel": "shared",
                 "close": true
             },
-            "problemMatcher": [],
+            "problemMatcher": []
         },
         {
             "label": "Remove Docker Container",
@@ -145,7 +142,7 @@
                 "panel": "shared",
                 "close": true
             },
-            "problemMatcher": [],
+            "problemMatcher": []
         },
         {
             "label": "Reset Docker Container",

diff --git a/README.md b/README.md
@@ -44,18 +44,18 @@ The database schema consists of the following tables:
 5. **category_translations**: Contains translated names and descriptions for product categories.
 6. **contact_messages**: Stores messages sent through the contact form by users or visitors.
 7. **discount_codes**: Defines promotional discount codes with rules and usage limits.
-8. **email_verifications**: Manages email verification tokens and statuses for user accounts.
-9. **feedback**: Allows users to rate and comment on products they've purchased.
-10. **login_attempts**: Records login attempts with metadata like IP, user agent, and success flag.
-11. **loyalty_program**: Defines promotions such as "buy X get Y" for specific products.
-12. **metrics_events**: Stores anonymous event logs for analytics purposes.
-13. **moderation_actions**: Logs actions taken to moderate users, products, or comments.
-14. **order_delivery_info**: Stores delivery-related information such as address and delivery agent.
-15. **order_items**: Contains product variant items included in each order.
-16. **order_status_history**: Tracks the status changes of orders over time.
-17. **order_timestamps**: Keeps timestamps for different stages in the order lifecycle.
-18. **orders**: Main order records with price, status, and delivery type.
-19. **password_resets**: Stores reset tokens for users to change their passwords securely.
+8. **feedback**: Allows users to rate and comment on products they've purchased.
+9. **login_attempts**: Records login attempts with metadata like IP, user agent, and success flag.
+10. **loyalty_program**: Defines promotions such as "buy X get Y" for specific products.
+11. **metrics_events**: Stores anonymous event logs for analytics purposes.
+12. **moderation_actions**: Logs actions taken to moderate users, products, or comments.
+13. **order_delivery_info**: Stores delivery-related information such as address and delivery agent.
+14. **order_items**: Contains product variant items included in each order.
+15. **order_status_history**: Tracks the status changes of orders over time.
+16. **order_timestamps**: Keeps timestamps for different stages in the order lifecycle.
+17. **orders**: Main order records with price, status, and delivery type.
+18. **password_resets**: Stores reset tokens for users to change their passwords securely.
+19. **pending_users**: Manages email verification tokens and for new user.
 20. **product_categories**: Defines categories to group products (e.g., Chocolate, Gifts).
 21. **product_comments**: Stores user comments on products, optionally moderated.
 22. **product_images**: Manages images associated with products and their variants.

diff --git a/database/functions/authenticate_user.sql b/database/functions/authenticate_user.sql
diff --git a/database/functions/disable_2fa.sql b/database/functions/disable_2fa.sql
diff --git a/database/functions/get_password_hash_by_email_hash.sql b/database/functions/get_password_hash_by_email_hash.sql
@@ -0,0 +1,10 @@
+-- Returns the password hash for a given email hash (for API-side verification)
+CREATE OR REPLACE FUNCTION get_password_hash_by_email_hash(
+    p_email_hash TEXT
+)
+RETURNS TEXT AS $$
+    SELECT password_hash
+    FROM users
+    WHERE email_hash = p_email_hash
+    LIMIT 1;
+$$ LANGUAGE sql;
diff --git a/database/functions/get_used_discriminators.sql b/database/functions/get_used_discriminators.sql
@@ -0,0 +1,11 @@
+CREATE OR REPLACE FUNCTION get_used_discriminators(
+    p_username TEXT
+)
+RETURNS SETOF SMALLINT AS $$
+BEGIN
+    RETURN QUERY
+    SELECT discriminator
+    FROM users
+    WHERE username = p_username;
+END;
+$$ LANGUAGE plpgsql;
diff --git a/database/functions/get_user_2fa_methods_by_email_hash.sql b/database/functions/get_user_2fa_methods_by_email_hash.sql
@@ -0,0 +1,13 @@
+-- Returns the 2FA secret and authentication method for a given email hash and authentication method (e.g., TOTP)
+CREATE OR REPLACE FUNCTION get_user_2fa_methods_by_email_hash(
+    p_email_hash TEXT
+)
+RETURNS TABLE (
+    authentication_method AUTHENTICATION_METHOD,
+    is_preferred BOOLEAN
+) AS $$
+    SELECT authentication_method, is_preferred
+    FROM user_authentication_methods
+    WHERE user_id = (SELECT user_id FROM users WHERE email_hash = p_email_hash)
+        AND is_enabled = TRUE;
+$$ LANGUAGE sql STABLE;
diff --git a/database/functions/get_user_2fa_secret.sql b/database/functions/get_user_2fa_secret.sql
@@ -1,5 +1,11 @@
 -- Get the user's authentication methods secret
-CREATE OR REPLACE FUNCTION get_user_authentication_method_secret(p_user_id UUID) RETURNS TABLE (method TEXT, secret TEXT) AS $$
+CREATE OR REPLACE FUNCTION get_user_authentication_method_secret(
+    p_user_id UUID
+)
+RETURNS TABLE (
+    method TEXT,
+    secret TEXT
+) AS $$
 BEGIN
     RETURN QUERY
     SELECT authentication_method, user_authentication_method_secret

diff --git a/database/functions/get_user_2fa_secret_by_email_hash.sql b/database/functions/get_user_2fa_secret_by_email_hash.sql
@@ -0,0 +1,16 @@
+-- Returns the 2FA secret and authentication method for a given email hash and authentication method (e.g., TOTP)
+CREATE OR REPLACE FUNCTION get_user_2fa_secret_by_email_hash(
+    p_email_hash TEXT,
+    p_authentication_method AUTHENTICATION_METHOD
+)
+RETURNS TABLE (
+    authentication_secret TEXT,
+    authentication_method AUTHENTICATION_METHOD
+) AS $$
+    SELECT user_authentication_method_secret AS authentication_secret, authentication_method
+    FROM user_authentication_methods
+    WHERE user_id = (SELECT user_id FROM users WHERE email_hash = p_email_hash)
+        AND authentication_method = p_authentication_method
+        AND is_enabled = TRUE
+    LIMIT 1;
+$$ LANGUAGE sql STABLE;
diff --git a/database/functions/get_user_info_by_email_hash.sql b/database/functions/get_user_info_by_email_hash.sql
@@ -0,0 +1,31 @@
+-- Returns all non-sensitive user data for a given email hash
+
+CREATE OR REPLACE FUNCTION get_user_info_by_email_hash(p_email_hash TEXT)
+RETURNS TABLE (
+    user_id UUID,
+    username TEXT,
+    discriminator SMALLINT,
+    email_encrypted TEXT,
+    phone_encrypted TEXT,
+    language_id INTEGER,
+    display_role TEXT,
+    created_at TIMESTAMPTZ,
+    updated_at TIMESTAMPTZ,
+    last_login_at TIMESTAMPTZ,
+    deleted_at TIMESTAMPTZ
+) AS $$
+    SELECT
+        user_id,
+        username,
+        discriminator,
+        email_encrypted,
+        phone_encrypted,
+        language_id,
+        display_role,
+        created_at,
+        updated_at,
+        last_login_at,
+        deleted_at
+    FROM users
+    WHERE email_hash = p_email_hash;
+$$ LANGUAGE sql STABLE;
diff --git a/database/functions/is_email_available.sql b/database/functions/is_email_available.sql
@@ -1,8 +1,23 @@
 CREATE OR REPLACE FUNCTION is_email_available(
-    p_email_hash TEXT
+    p_verification_token TEXT
 )
 RETURNS BOOLEAN AS $$
-    SELECT NOT EXISTS (
-        SELECT 1 FROM users WHERE email_hash = p_email_hash
+DECLARE
+    v_email_hash TEXT;
+BEGIN
+    -- Retrieve the email_hash from pending_users using the verification_token
+    SELECT email_hash INTO v_email_hash
+    FROM pending_users
+    WHERE verification_token = p_verification_token;
+
+    -- If not found, return false
+    IF v_email_hash IS NULL THEN
+        RETURN FALSE;
+    END IF;
+
+    -- Check if email_hash exists in users
+    RETURN NOT EXISTS (
+        SELECT 1 FROM users WHERE email_hash = v_email_hash
     );
-$$ LANGUAGE sql;
+END;
+$$ LANGUAGE plpgsql;
diff --git a/database/functions/is_verification_token_valid.sql b/database/functions/is_verification_token_valid.sql
@@ -0,0 +1,29 @@
+CREATE OR REPLACE FUNCTION is_verification_token_valid(p_verification_token TEXT)
+RETURNS BOOLEAN AS $$
+DECLARE
+    v_email_hash TEXT;
+BEGIN
+    -- Get email_hash of the token
+    SELECT email_hash INTO v_email_hash
+    FROM pending_users
+    WHERE verification_token = p_verification_token;
+
+    IF v_email_hash IS NULL THEN
+        RETURN FALSE;
+    END IF;
+
+    -- Check that this token is the most recent and not expired
+    RETURN EXISTS (
+        SELECT 1
+        FROM pending_users
+        WHERE email_hash = v_email_hash
+          AND verification_token = p_verification_token
+          AND created_at = (
+              SELECT MAX(created_at)
+              FROM pending_users
+              WHERE email_hash = v_email_hash
+          )
+          AND created_at >= NOW() - INTERVAL '24 hours'
+    );
+END;
+$$ LANGUAGE plpgsql STABLE;
diff --git a/database/functions/update_last_login_at.sql b/database/functions/update_last_login_at.sql
@@ -0,0 +1,11 @@
+CREATE OR REPLACE FUNCTION update_last_login_at()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF NEW.token_type = 'access' THEN
+        UPDATE users
+        SET last_login_at = current_timestamp
+        WHERE user_id = NEW.user_id;
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
diff --git a/database/functions/update_updated_at.sql b/database/functions/update_updated_at.sql
@@ -0,0 +1,7 @@
+CREATE OR REPLACE FUNCTION update_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+  NEW.updated_at := current_timestamp;
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
diff --git a/database/procedures/create_pending_user.sql b/database/procedures/create_pending_user.sql
@@ -0,0 +1,18 @@
+CREATE OR REPLACE PROCEDURE create_pending_user(
+    p_email_encrypted TEXT,
+    p_email_hash TEXT,
+    p_verification_token TEXT
+)
+AS $$
+BEGIN
+    INSERT INTO pending_users (
+        email_encrypted,
+        email_hash,
+        verification_token
+    ) VALUES (
+        p_email_encrypted,
+        p_email_hash,
+        p_verification_token
+    );
+END;
+$$ LANGUAGE plpgsql;