datasource db { provider = "sqlite" } generator client { provider = "prisma-client" output = "./generated/prisma" } model Secrets { id String @id @default(uuid()) secret Bytes title Bytes views Int? @default(1) password String? salt String isBurnable Boolean? @default(false) @map("is_burnable") createdAt DateTime @default(now()) @map("created_at") expiresAt DateTime @map("expires_at") ipRange String? @default("") @map("ip_range") userId String? user User? @relation(fields: [userId], references: [id]) files File[] @relation secretRequest SecretRequest? @@index([expiresAt]) @@index([userId]) @@map("secrets") } model File { id String @id @default(uuid()) filename String path String createdAt DateTime @default(now()) secrets Secrets[] @relation @@map("files") } model User { id String @id name String username String @unique email String emailVerified Boolean image String? createdAt DateTime updatedAt DateTime sessions Session[] accounts Account[] displayUsername String? role String? @default("user") banned Boolean? @default(false) banReason String? banExpires DateTime? inviteCodeUsed String? twoFactorEnabled Boolean? @default(false) Secrets Secrets[] apiKeys ApiKey[] twoFactor TwoFactor[] secretRequests SecretRequest[] @@unique([email]) @@map("user") } model TwoFactor { id String @id @default(uuid()) secret String backupCodes String userId String user User @relation(fields: [userId], references: [id], onDelete: Cascade) @@map("twoFactor") } model Session { id String @id expiresAt DateTime token String createdAt DateTime updatedAt DateTime ipAddress String? userAgent String? userId String user User @relation(fields: [userId], references: [id], onDelete: Cascade) @@unique([token]) @@map("session") } model Account { id String @id accountId String providerId String userId String user User @relation(fields: [userId], references: [id], onDelete: Cascade) accessToken String? refreshToken String? idToken String? accessTokenExpiresAt DateTime? refreshTokenExpiresAt DateTime? scope String? password String? createdAt DateTime updatedAt DateTime @@map("account") } model Verification { id String @id identifier String value String expiresAt DateTime createdAt DateTime? updatedAt DateTime? @@map("verification") } model InstanceSettings { id String @id @default(uuid()) instanceName String? @default("") instanceDescription String? @default("") instanceLogo String? @default("") // Base64 encoded logo image allowRegistration Boolean? @default(true) requireEmailVerification Boolean? @default(false) defaultSecretExpiration Int? @default(72) // hours maxSecretSize Int? @default(1024) // KB allowPasswordProtection Boolean? @default(true) allowIpRestriction Boolean? @default(true) enableRateLimiting Boolean? @default(true) rateLimitRequests Int? @default(100) rateLimitWindow Int? @default(60) // minutes // Organization features requireInviteCode Boolean? @default(false) allowedEmailDomains String? @default("") // comma-separated list of allowed email domains requireRegisteredUser Boolean? @default(false) // only registered users can create secrets disableEmailPasswordSignup Boolean? @default(false) // disable email/password registration (social login only) // Webhook notifications webhookEnabled Boolean? @default(false) webhookUrl String? @default("") webhookSecret String? @default("") // HMAC secret for signing webhook payloads webhookOnView Boolean? @default(true) // send webhook when secret is viewed webhookOnBurn Boolean? @default(true) // send webhook when secret is burned/deleted // Important message alert importantMessage String? @default("") // Message to display to all users // Prometheus metrics metricsEnabled Boolean? @default(false) metricsSecret String? @default("") // Bearer token for /metrics endpoint // File uploads allowFileUploads Boolean? @default(true) createdAt DateTime @default(now()) updatedAt DateTime @updatedAt @@map("instance_settings") } model InviteCode { id String @id @default(uuid()) code String @unique uses Int @default(0) maxUses Int? @default(1) expiresAt DateTime? createdBy String createdAt DateTime @default(now()) isActive Boolean @default(true) @@map("invite_codes") } model VisitorAnalytics { id String @id @default(uuid()) path String uniqueId String timestamp DateTime @default(now()) @@index([timestamp]) @@index([uniqueId]) @@map("visitor_analytics") } model ApiKey { id String @id @default(uuid()) name String keyHash String @unique @map("key_hash") keyPrefix String @map("key_prefix") userId String user User @relation(fields: [userId], references: [id], onDelete: Cascade) lastUsedAt DateTime? @map("last_used_at") expiresAt DateTime? @map("expires_at") createdAt DateTime @default(now()) @map("created_at") @@map("api_keys") } model SecretRequest { id String @id @default(uuid()) title String // Displayed to Creator description String? // Optional additional context // Pre-configured secret settings maxViews Int @default(1) @map("max_views") expiresIn Int @map("expires_in") // Seconds until secret expires after creation password String? // Optional password protection (hashed) allowedIp String? @map("allowed_ip") // Optional IP restriction preventBurn Boolean @default(false) @map("prevent_burn") // Request security token String @unique // Secure token for Creator Link // Webhook configuration webhookUrl String? @map("webhook_url") // Optional webhook URL webhookSecret String? @map("webhook_secret") // HMAC secret for webhook signature // Status tracking status String @default("pending") // pending | fulfilled | expired | cancelled // Relationships userId String @map("user_id") // Requester's user ID user User @relation(fields: [userId], references: [id], onDelete: Cascade) secretId String? @unique @map("secret_id") // Created secret (once fulfilled) secret Secrets? @relation(fields: [secretId], references: [id], onDelete: SetNull) // Timestamps createdAt DateTime @default(now()) @map("created_at") expiresAt DateTime @map("expires_at") // When the Creator Link expires fulfilledAt DateTime? @map("fulfilled_at") // When secret was created @@index([userId]) @@index([token]) @@index([status]) @@map("secret_requests") }