feat(sql): RBAC model with api_keys and application tenants

db/Models/sql_generated/db_init.sql

@@ -2,9 +2,9 @@
 INSERT INTO user_types (name, description) VALUES ('root','An easy way to identify the root user of the system');
 INSERT INTO user_types (name, description) VALUES ('company_owner','Company Owner');
 INSERT INTO user_types (name, description) VALUES ('company_manager','Company Level manager');
-INSERT INTO user_types (name, description) VALUES ('company_staff','Company Level Staff Memeber');
-INSERT INTO user_types (name, description) VALUES ('company_driver','Company Level Driver Member');
-INSERT INTO user_types (name, description) VALUES ('company_observer','Company Level Driver Member');
+INSERT INTO user_types (name, description) VALUES ('staff','Company Level Staff Memeber');
+INSERT INTO user_types (name, description) VALUES ('driver','Company Level Driver Member');
+INSERT INTO user_types (name, description) VALUES ('observer','Read Only member');
 
 -- Creation of first user
 INSERT INTO users (user_type,name,last_name,created_at,updated_at) VALUES (1,'Pablo','Cruz',NOW(),NOW()); -- root -> root
@@ -17,9 +17,9 @@ INSERT INTO roles (name, description, created_at, updated_at) VALUES ("system_re
 INSERT INTO roles (name, description, created_at, updated_at) VALUES ("system_staff","System Level staff member",NOW(),NOW());
 INSERT INTO roles (name, description, created_at, updated_at) VALUES ("company_owner","Unrestricted access to company resources",NOW(),NOW());
 INSERT INTO roles (name, description, created_at, updated_at) VALUES ("company_manager","Access as manager to company resources",NOW(),NOW());
-INSERT INTO roles (name, description, created_at, updated_at) VALUES ("company_staff","Access as staff to company resources",NOW(),NOW());
-INSERT INTO roles (name, description, created_at, updated_at) VALUES ("company_driver","Simple access to company resources",NOW(),NOW());
-INSERT INTO roles (name, description, created_at, updated_at) VALUES ("company_observer","Limited access to company resources",NOW(),NOW());
+INSERT INTO roles (name, description, created_at, updated_at) VALUES ("staff","Access as staff to company resources",NOW(),NOW());
+INSERT INTO roles (name, description, created_at, updated_at) VALUES ("driver","Simple access to company resources",NOW(),NOW());
+INSERT INTO roles (name, description, created_at, updated_at) VALUES ("observer","Limited access to only read company resources",NOW(),NOW());
 
 -- Creation of basic permissions
 INSERT INTO permissions (name, description) VALUES ("root","Root role with no restricted access");

db/Models/sql_generated/root.sql

@@ -0,0 +1,18 @@
+-- Creation of root and backoffice
+INSERT INTO applications (name, slug, description) VALUES ('root/backoffice','root_backoffice',"This is the application with no restrictions to all resources");
+
+INSERT INTO permissions (application_id, name, description) VALUES (1, 'root', "No restrictions");
+
+INSERT INTO roles (application_id, name, description) VALUES (1, 'root', "No restrictions");
+
+INSERT INTO role_permissions (role_id, permission_id) VALUES (1,1);
+
+INSERT INTO users (name, last_name) VALUES ('root','root');
+
+INSERT INTO auth_identities (user_id, provider, identifier, password_hash, is_primary, is_verified) VALUES (1,'email','root@root.com','invalid_password_hash',1,1);
+
+INSERT INTO user_roles (user_id, role_id) VALUES (1,1);
+
+INSERT INTO user_permissions (user_id, permission_id) VALUES (1,1);
+
+INSERT INTO user_applications (user_id, application_id) VALUES (1,1);

db/Models/sql_generated/schema.sql

@@ -1,5 +1,5 @@
 -- MySQL Script generated by MySQL Workbench
--- Sun Dec  7 08:38:42 2025
+-- Tue 31 Mar 2026 11:38:07 PM CST
 -- Model: New Model    Version: 1.0
 -- MySQL Workbench Forward Engineering
 
@@ -17,36 +17,16 @@ SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,N
 CREATE SCHEMA IF NOT EXISTS `u947463964_etaviaporte` DEFAULT CHARACTER SET utf8 ;
 USE `u947463964_etaviaporte` ;
 
--- -----------------------------------------------------
--- Table `u947463964_etaviaporte`.`user_types`
--- -----------------------------------------------------
-CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`user_types` (
-  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `name` TEXT NOT NULL,
-  `description` TEXT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE INDEX `id_UNIQUE` (`id` ASC) VISIBLE)
-ENGINE = InnoDB;
-
-
 -- -----------------------------------------------------
 -- Table `u947463964_etaviaporte`.`users`
 -- -----------------------------------------------------
 CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`users` (
   `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `user_type` INT UNSIGNED NOT NULL,
-  `name` TEXT NOT NULL,
-  `last_name` TEXT NOT NULL,
-  `created_at` DATETIME NOT NULL,
-  `updated_at` DATETIME NOT NULL,
-  UNIQUE INDEX `id_UNIQUE` (`id` ASC) VISIBLE,
-  PRIMARY KEY (`id`),
-  INDEX `fk_users_user_types1_idx` (`user_type` ASC) VISIBLE,
-  CONSTRAINT `fk_users_user_types1`
-    FOREIGN KEY (`user_type`)
-    REFERENCES `u947463964_etaviaporte`.`user_types` (`id`)
-    ON DELETE NO ACTION
-    ON UPDATE NO ACTION)
+  `name` VARCHAR(512) NOT NULL,
+  `last_name` VARCHAR(512) NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `updated_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`))
 ENGINE = InnoDB;
 
 
@@ -56,15 +36,16 @@ ENGINE = InnoDB;
 CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`auth_identities` (
   `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
   `user_id` INT UNSIGNED NOT NULL,
-  `provider` TEXT NOT NULL,
-  `identifier` TEXT NOT NULL COMMENT 'email, phone google, facebook, etc.',
+  `provider` VARCHAR(512) NOT NULL COMMENT 'type of identifier: email, phone, etc',
+  `identifier` VARCHAR(512) COLLATE 'Default Collation' NOT NULL COMMENT 'email, phone google, facebook, etc.',
+  `password_hash` VARCHAR(512) COLLATE 'Default Collation' NULL COMMENT 'password for phone or email',
   `is_primary` TINYINT NOT NULL DEFAULT 0,
   `is_verified` TINYINT NOT NULL DEFAULT 0,
-  `created_at` DATETIME NOT NULL,
-  `updated_at` DATETIME NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `updated_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'when phone or email, password goes here.',
   PRIMARY KEY (`id`),
-  UNIQUE INDEX `id_UNIQUE` (`id` ASC) VISIBLE,
   INDEX `fk_auth_identities_users_idx` (`user_id` ASC) VISIBLE,
+  UNIQUE INDEX `provider_UNIQUE` (`provider` ASC, `identifier` ASC) VISIBLE,
   CONSTRAINT `fk_auth_identities_users`
     FOREIGN KEY (`user_id`)
     REFERENCES `u947463964_etaviaporte`.`users` (`id`)
@@ -74,22 +55,18 @@ ENGINE = InnoDB;
 
 
 -- -----------------------------------------------------
--- Table `u947463964_etaviaporte`.`auth_credentials`
+-- Table `u947463964_etaviaporte`.`applications`
 -- -----------------------------------------------------
-CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`auth_credentials` (
+CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`applications` (
   `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `identity_id` INT UNSIGNED NOT NULL,
-  `password` TEXT NOT NULL,
-  `created_at` DATETIME NOT NULL,
-  `updated_at` DATETIME NOT NULL,
+  `name` VARCHAR(512) NOT NULL,
+  `slug` VARCHAR(512) NOT NULL,
+  `description` TEXT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `updated_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
   PRIMARY KEY (`id`),
-  UNIQUE INDEX `id_UNIQUE` (`id` ASC) VISIBLE,
-  INDEX `fk_auth_credentials_auth_identities1_idx` (`identity_id` ASC) VISIBLE,
-  CONSTRAINT `fk_auth_credentials_auth_identities1`
-    FOREIGN KEY (`identity_id`)
-    REFERENCES `u947463964_etaviaporte`.`auth_identities` (`id`)
-    ON DELETE CASCADE
-    ON UPDATE NO ACTION)
+  UNIQUE INDEX `slug_UNIQUE` (`slug` ASC) VISIBLE,
+  UNIQUE INDEX `name_UNIQUE` (`name` ASC) VISIBLE)
 ENGINE = InnoDB;
 
 
@@ -98,12 +75,19 @@ ENGINE = InnoDB;
 -- -----------------------------------------------------
 CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`roles` (
   `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `name` TEXT NOT NULL,
+  `application_id` INT UNSIGNED NOT NULL,
+  `name` VARCHAR(512) NOT NULL,
   `description` TEXT NULL,
-  `created_at` DATETIME NOT NULL,
-  `updated_at` DATETIME NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `updated_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
   PRIMARY KEY (`id`),
-  UNIQUE INDEX `id_UNIQUE` (`id` ASC) VISIBLE)
+  UNIQUE INDEX `name_UNIQUE` (`application_id` ASC, `name` ASC) VISIBLE,
+  INDEX `fk_roles_applications1_idx` (`application_id` ASC) VISIBLE,
+  CONSTRAINT `fk_roles_applications1`
+    FOREIGN KEY (`application_id`)
+    REFERENCES `u947463964_etaviaporte`.`applications` (`id`)
+    ON DELETE NO ACTION
+    ON UPDATE NO ACTION)
 ENGINE = InnoDB;
 
 
@@ -112,10 +96,17 @@ ENGINE = InnoDB;
 -- -----------------------------------------------------
 CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`permissions` (
   `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
-  `name` TEXT NOT NULL,
+  `application_id` INT UNSIGNED NOT NULL,
+  `name` VARCHAR(512) NOT NULL,
   `description` TEXT NULL,
   PRIMARY KEY (`id`),
-  UNIQUE INDEX `id_UNIQUE` (`id` ASC) VISIBLE)
+  UNIQUE INDEX `name_UNIQUE` (`application_id` ASC, `name` ASC) VISIBLE,
+  INDEX `fk_permissions_applications1_idx` (`application_id` ASC) VISIBLE,
+  CONSTRAINT `fk_permissions_applications1`
+    FOREIGN KEY (`application_id`)
+    REFERENCES `u947463964_etaviaporte`.`applications` (`id`)
+    ON DELETE NO ACTION
+    ON UPDATE NO ACTION)
 ENGINE = InnoDB;
 
 
@@ -127,9 +118,9 @@ CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`role_permissions` (
   `role_id` INT UNSIGNED NOT NULL,
   `permission_id` INT UNSIGNED NOT NULL,
   PRIMARY KEY (`id`),
-  UNIQUE INDEX `id_UNIQUE` (`id` ASC) VISIBLE,
   INDEX `fk_role_permissions_roles1_idx` (`role_id` ASC) VISIBLE,
   INDEX `fk_role_permissions_permissions1_idx` (`permission_id` ASC) VISIBLE,
+  UNIQUE INDEX `role_id_UNIQUE` (`role_id` ASC, `permission_id` ASC) VISIBLE,
   CONSTRAINT `fk_role_permissions_roles1`
     FOREIGN KEY (`role_id`)
     REFERENCES `u947463964_etaviaporte`.`roles` (`id`)
@@ -150,12 +141,12 @@ CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`user_roles` (
   `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
   `user_id` INT UNSIGNED NOT NULL,
   `role_id` INT UNSIGNED NOT NULL,
-  `created_at` DATETIME NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
   `expires_at` DATETIME NULL,
   PRIMARY KEY (`id`),
-  UNIQUE INDEX `id_UNIQUE` (`id` ASC) VISIBLE,
   INDEX `fk_user_roles_users1_idx` (`user_id` ASC) VISIBLE,
   INDEX `fk_user_roles_roles1_idx` (`role_id` ASC) VISIBLE,
+  UNIQUE INDEX `user_id_UNIQUE` (`user_id` ASC, `role_id` ASC) VISIBLE,
   CONSTRAINT `fk_user_roles_users1`
     FOREIGN KEY (`user_id`)
     REFERENCES `u947463964_etaviaporte`.`users` (`id`)
@@ -169,6 +160,130 @@ CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`user_roles` (
 ENGINE = InnoDB;
 
 
+-- -----------------------------------------------------
+-- Table `u947463964_etaviaporte`.`user_permissions`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`user_permissions` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `user_id` INT UNSIGNED NOT NULL,
+  `permission_id` INT UNSIGNED NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `expires_at` DATETIME NULL,
+  PRIMARY KEY (`id`),
+  INDEX `fk_user_permissions_permissions1_idx` (`permission_id` ASC) VISIBLE,
+  INDEX `fk_user_permissions_users1_idx` (`user_id` ASC) VISIBLE,
+  UNIQUE INDEX `user_id_UNIQUE` (`user_id` ASC, `permission_id` ASC) VISIBLE,
+  CONSTRAINT `fk_user_permissions_permissions1`
+    FOREIGN KEY (`permission_id`)
+    REFERENCES `u947463964_etaviaporte`.`permissions` (`id`)
+    ON DELETE CASCADE
+    ON UPDATE NO ACTION,
+  CONSTRAINT `fk_user_permissions_users1`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `u947463964_etaviaporte`.`users` (`id`)
+    ON DELETE CASCADE
+    ON UPDATE NO ACTION)
+ENGINE = InnoDB;
+
+
+-- -----------------------------------------------------
+-- Table `u947463964_etaviaporte`.`verification_tokens`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`verification_tokens` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `auth_identity_id` INT UNSIGNED NOT NULL,
+  `token_hash` VARCHAR(255) NOT NULL COMMENT 'Verification token for email/phone/notification mechanisms to either validate or reset passwords',
+  `purpose` ENUM('email_verification', 'phone_verification', 'password_reset') NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `expires_at` DATETIME NOT NULL,
+  `used_at` DATETIME NULL,
+  PRIMARY KEY (`id`),
+  INDEX `fk_verification_tokens_auth_identities1_idx` (`auth_identity_id` ASC) VISIBLE,
+  UNIQUE INDEX `token_hash_UNIQUE` (`token_hash` ASC) VISIBLE,
+  CONSTRAINT `fk_verification_tokens_auth_identities1`
+    FOREIGN KEY (`auth_identity_id`)
+    REFERENCES `u947463964_etaviaporte`.`auth_identities` (`id`)
+    ON DELETE CASCADE
+    ON UPDATE NO ACTION)
+ENGINE = InnoDB;
+
+
+-- -----------------------------------------------------
+-- Table `u947463964_etaviaporte`.`sessions`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`sessions` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `user_id` INT UNSIGNED NOT NULL,
+  `application_id` INT UNSIGNED NOT NULL,
+  `session_token_hash` VARCHAR(255) NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `updated_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  `expires_at` DATETIME NOT NULL,
+  `revoked_at` DATETIME NULL,
+  PRIMARY KEY (`id`),
+  INDEX `fk_sessions_users1_idx` (`user_id` ASC) VISIBLE,
+  UNIQUE INDEX `session_token_hash_UNIQUE` (`application_id` ASC, `session_token_hash` ASC) VISIBLE,
+  INDEX `fk_sessions_applications1_idx` (`application_id` ASC) VISIBLE,
+  CONSTRAINT `fk_sessions_users1`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `u947463964_etaviaporte`.`users` (`id`)
+    ON DELETE CASCADE
+    ON UPDATE NO ACTION,
+  CONSTRAINT `fk_sessions_applications1`
+    FOREIGN KEY (`application_id`)
+    REFERENCES `u947463964_etaviaporte`.`applications` (`id`)
+    ON DELETE NO ACTION
+    ON UPDATE NO ACTION)
+ENGINE = InnoDB;
+
+
+-- -----------------------------------------------------
+-- Table `u947463964_etaviaporte`.`user_applications`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`user_applications` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `user_id` INT UNSIGNED NOT NULL,
+  `application_id` INT UNSIGNED NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`),
+  INDEX `fk_user_application_users1_idx` (`user_id` ASC) VISIBLE,
+  INDEX `fk_user_application_applications1_idx` (`application_id` ASC) VISIBLE,
+  UNIQUE INDEX `user_id_UNIQUE` (`user_id` ASC, `application_id` ASC) VISIBLE,
+  CONSTRAINT `fk_user_application_users1`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `u947463964_etaviaporte`.`users` (`id`)
+    ON DELETE CASCADE
+    ON UPDATE NO ACTION,
+  CONSTRAINT `fk_user_application_applications1`
+    FOREIGN KEY (`application_id`)
+    REFERENCES `u947463964_etaviaporte`.`applications` (`id`)
+    ON DELETE CASCADE
+    ON UPDATE NO ACTION)
+ENGINE = InnoDB;
+
+
+-- -----------------------------------------------------
+-- Table `u947463964_etaviaporte`.`api_keys`
+-- -----------------------------------------------------
+CREATE TABLE IF NOT EXISTS `u947463964_etaviaporte`.`api_keys` (
+  `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
+  `application_id` INT UNSIGNED NOT NULL,
+  `name` VARCHAR(512) NOT NULL,
+  `description` TEXT NULL,
+  `key_hash` VARCHAR(255) NOT NULL,
+  `created_at` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `expires_at` DATETIME NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE INDEX `key_hash_UNIQUE` (`key_hash` ASC) VISIBLE,
+  INDEX `fk_api_keys_applications1_idx` (`application_id` ASC) VISIBLE,
+  CONSTRAINT `fk_api_keys_applications1`
+    FOREIGN KEY (`application_id`)
+    REFERENCES `u947463964_etaviaporte`.`applications` (`id`)
+    ON DELETE CASCADE
+    ON UPDATE NO ACTION)
+ENGINE = InnoDB;
+
+
 SET SQL_MODE=@OLD_SQL_MODE;
 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS;
 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS;