create extension if not exists pgcrypto;
create extension if not exists citext;
create schema if not exists secd;

create table if not exists secd.identity (
       identity_id          bigserial          primary key
       , identity_public_id uuid
       , data text
       , created_at         timestamptz not null
       , unique(identity_public_id)
);

create table if not exists secd.email (
       email_id bigserial primary key
       , address text not null
       , unique(address)
);

create table if not exists secd.identity_email (
       identity_email_id bigserial primary key
       , identity_id bigint not null references secd.identity(identity_id)
       , email_id bigint not null references secd.email(email_id)
       , created_at timestamptz not null
       , deleted_at timestamptz
);

create table if not exists secd.email_validation (
       email_validation_id bigserial primary key
       , email_validation_public_id uuid not null
       , identity_email_id integer not null references secd.identity_email(identity_email_id)
       , attempts integer not null
       , code text
       , is_validated boolean not null default false
       , created_at timestamptz not null
       , expires_at timestamptz
       , revoked_at timestamptz
       , unique(email_validation_public_id)
);

create table if not exists secd.session (
       session_id bigserial primary key
       , identity_id bigint not null references secd.identity(identity_id)
       , secret_hash bytea not null
       , created_at timestamptz not null
       , touched_at timestamptz not null
       , expires_at timestamptz
       , revoked_at timestamptz
       , unique(secret_hash)
);