Documentation Index
Fetch the complete documentation index at: https://docs.nullpass.xyz/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Null Pass uses PostgreSQL with Prisma ORM for database management. This document describes the database schema and relationships.
Prisma Schema
The complete schema is defined in prisma/schema.prisma:
generator client {
provider = "prisma-client-js"
}
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}
enum ServiceIdentifier {
DROP
MAILS
VAULT
DB
}
enum AuditAction {
USER_LOGIN
USER_LOGOUT
USER_REGISTER
PASSWORD_CHANGE
TWO_FACTOR_ENABLE
TWO_FACTOR_DISABLE
USER_UPDATE
USER_DELETE
SESSION_CREATE
SESSION_DELETE
SERVICE_ACCESS_GRANT
SERVICE_ACCESS_REVOKE
SERVICE_TIER_CHANGE
SUBSCRIPTION_CREATE
SUBSCRIPTION_UPDATE
SUBSCRIPTION_CANCEL
SUBSCRIPTION_REVOKE
USER_BAN
USER_DISABLE
SERVICE_ENTITLEMENT_DISCONNECT
SERVICE_ENTITLEMENT_CONNECT
UNKNOWN
}
model User {
id String @id @default(cuid())
email String @unique
passwordHash String?
avatar String? @db.Text
displayName String?
twoFactorEnabled Boolean @default(false)
banned Boolean @default(false)
disabled Boolean @default(false)
twoFactorSecret String?
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
migraited Boolean @default(false)
sessions Session[]
serviceAccess UserServiceEntitlement[]
auditLogs AuditLog[]
@@map("users")
}
model Session {
id String @id @default(cuid())
userId String
ip String
token String @unique
expiresAt DateTime
createdAt DateTime @default(now())
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
@@map("sessions")
@@index([userId])
@@index([expiresAt])
}
model AuditLog {
id String @id @default(cuid())
action AuditAction @default(UNKNOWN)
data Json @default("{}")
userId String
createdAt DateTime @default(now())
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
@@map("audit_logs")
@@index([userId])
@@index([action])
@@index([createdAt])
}
model UserServiceEntitlement {
id String @id @default(cuid())
userId String
service ServiceIdentifier
tier String @default("free")
isPremium Boolean @default(false)
accessFlags Json?
metadata Json?
connected Boolean @default(true)
customStorageLimit Int?
customApiKeyLimit Int?
polarCustomerId String?
polarSubscriptionId String?
polarSubscriptionStatus String?
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
@@map("user_service_entitlements")
@@unique([userId, service])
@@index([service])
}
Models
User
Core user account model.
Fields:
id: CUID primary keyemail: Unique email addresspasswordHash: bcrypt hash (nullable for OAuth users)avatar: Avatar URL (text field)displayName: User display nametwoFactorEnabled: 2FA statustwoFactorSecret: TOTP secret (base32)banned: Account ban flagdisabled: Account disable flagmigraited: Migration flag (LEGACY)createdAt: Creation timestampupdatedAt: Last update timestamp
Relations:
sessions: One-to-many with SessionserviceAccess: One-to-many with UserServiceEntitlementauditLogs: One-to-many with AuditLog
Session
User session management.
Fields:
id: CUID primary keyuserId: Foreign key to Userip: Encrypted IP addresstoken: JWT token (unique)expiresAt: Expiration timestampcreatedAt: Creation timestamp
Indexes:
userId: For user session queriesexpiresAt: For expiration cleanup
Cascade: Deleted when user is deleted
AuditLog
Audit trail for all actions.
Fields:
id: CUID primary keyaction: AuditAction enumdata: JSON metadatauserId: Foreign key to UsercreatedAt: Timestamp
Indexes:
userId: For user audit queriesaction: For action type queriescreatedAt: For time-based queries
Cascade: Deleted when user is deleted
UserServiceEntitlement
Service access entitlements.
Fields:
id: CUID primary keyuserId: Foreign key to Userservice: ServiceIdentifier enumtier: Access tier stringisPremium: Premium flagaccessFlags: JSON objectmetadata: JSON objectconnected: Connection statuscustomStorageLimit: Custom storage limit (bytes)customApiKeyLimit: Custom API key limitpolarCustomerId: Polar customer IDpolarSubscriptionId: Polar subscription IDpolarSubscriptionStatus: Polar subscription statuscreatedAt: Creation timestampupdatedAt: Last update timestamp
Unique Constraint: userId + service
Indexes:
service: For service-based queries
Cascade: Deleted when user is deleted
Migrations
Migrations are managed with Prisma:
# Create migration
npm run prisma:migrate
# Generate Prisma Client
npm run prisma:generate
# Open Prisma Studio
npm run prisma:studio
Database Operations
Prisma Client Usage
import { prisma } from '@/lib/prisma'
// Find user
const user = await prisma.user.findUnique({
where: { email: 'user@example.com' }
})
// Create session
const session = await prisma.session.create({
data: {
userId: user.id,
token: jwtToken,
expiresAt: expiresAt,
ip: encryptedIp
}
})
// Create audit log
await prisma.auditLog.create({
data: {
userId: user.id,
action: 'USER_LOGIN',
data: { ip: encryptedIp }
}
})
Indexes
Indexes are defined for performance:
sessions.userId: Fast user session lookupsessions.expiresAt: Expiration cleanup queriesaudit_logs.userId: User audit queriesaudit_logs.action: Action type filteringaudit_logs.createdAt: Time-based queriesuser_service_entitlements.service: Service filtering
Constraints
users.email: Unique constraintsessions.token: Unique constraintuser_service_entitlements.userId_service: Unique constraint
Cascade Deletes
When a user is deleted:
- All sessions are deleted
- All audit logs are deleted
- All service entitlements are deleted
This ensures data consistency and prevents orphaned records.