defmodule GitGud.Repo.Migrations.CreateUserWebauthnCredentials do
use Ecto.Migration
def change do
create table(:user_webauthn_credentials) do
add :user_id, references(:users, on_delete: :delete_all), null: false
# The credential id minted by the authenticator; raw bytes per
# WebAuthn spec (variable length, typically 16–256 bytes). We
# store unique on this within a user so a re-registration of the
# same physical key replaces the existing row rather than
# creating a duplicate.
add :credential_id, :binary, null: false
# COSE-encoded public key from the attestation, used to verify
# subsequent assertions.
add :public_key, :binary, null: false
# Counter the authenticator increments on every signature.
# Required for cloning detection.
add :sign_count, :bigint, null: false, default: 0
# AAGUID identifies the authenticator model (YubiKey 5C NFC,
# platform authenticator, etc). Useful for friendly labeling
# and for policy decisions ("require hardware-backed").
add :aaguid, :uuid
# Human label the user can edit.
add :name, :string, size: 100
add :last_used_at, :utc_datetime
timestamps(type: :utc_datetime)
end
create index(:user_webauthn_credentials, [:user_id])
create unique_index(:user_webauthn_credentials, [:user_id, :credential_id],
name: :user_webauthn_credentials_user_credential_index
)
end
end
1.5 KiB · text
5af55d9