-- ============================================================
-- Migration: 002_add_password_hash
-- Date: 2025-12-19
-- Author: Claude
-- Description: Add password_hash column for secure password storage
-- ============================================================

-- UP: Apply migration
-- ============================================================

-- Add password_hash column for bcrypt hashes
ALTER TABLE person_details
ADD COLUMN IF NOT EXISTS password_hash TEXT;

-- Add comment explaining the column
COMMENT ON COLUMN person_details.password_hash IS 'Bcrypt hashed password. The old "key" column contains plain text passwords and should be deprecated.';

-- Create index for faster lookups (optional, email is usually used for login)
CREATE INDEX IF NOT EXISTS idx_person_details_email ON person_details(email);
CREATE INDEX IF NOT EXISTS idx_person_details_user_name ON person_details(user_name);

-- ============================================================
-- IMPORTANT: After applying this migration, run the password
-- migration script in Node.js to hash existing passwords:
--
-- node scripts/migrate-passwords.js
--
-- This will:
-- 1. Read all users with key != NULL
-- 2. Hash each password with bcrypt
-- 3. Store in password_hash column
-- 4. Optionally clear the key column
-- ============================================================

-- DOWN: Rollback migration (for reference only)
-- ============================================================
-- ALTER TABLE person_details DROP COLUMN IF EXISTS password_hash;
-- DROP INDEX IF EXISTS idx_person_details_email;
-- DROP INDEX IF EXISTS idx_person_details_user_name;