redesign fully scaffolded and web login works

gateway/schema.sql

@@ -1,7 +1,70 @@
--- User license and authorization schema
+-- Better Auth Core Schema
+-- See: https://better-auth.com/docs/concepts/database
+-- Note: Using quoted "user" to avoid SQL keyword issues while keeping Better Auth's expected table name
+
+-- User table (better-auth core)
+CREATE TABLE IF NOT EXISTS "user" (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  email TEXT UNIQUE NOT NULL,
+  "emailVerified" BOOLEAN NOT NULL DEFAULT FALSE,
+  image TEXT,
+  "createdAt" TIMESTAMP NOT NULL DEFAULT NOW(),
+  "updatedAt" TIMESTAMP NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_user_email ON "user"(email);
+
+-- Session table (better-auth core)
+CREATE TABLE IF NOT EXISTS session (
+  id TEXT PRIMARY KEY,
+  "expiresAt" TIMESTAMP NOT NULL,
+  token TEXT UNIQUE NOT NULL,
+  "createdAt" TIMESTAMP NOT NULL DEFAULT NOW(),
+  "updatedAt" TIMESTAMP NOT NULL DEFAULT NOW(),
+  "ipAddress" TEXT,
+  "userAgent" TEXT,
+  "userId" TEXT NOT NULL REFERENCES "user"(id) ON DELETE CASCADE
+);
+
+CREATE INDEX idx_session_userId ON session("userId");
+CREATE INDEX idx_session_token ON session(token);
+
+-- Account table (better-auth core, for OAuth providers)
+CREATE TABLE IF NOT EXISTS account (
+  id TEXT PRIMARY KEY,
+  "accountId" TEXT NOT NULL,
+  "providerId" TEXT NOT NULL,
+  "userId" TEXT NOT NULL REFERENCES "user"(id) ON DELETE CASCADE,
+  "accessToken" TEXT,
+  "refreshToken" TEXT,
+  "idToken" TEXT,
+  "accessTokenExpiresAt" TIMESTAMP,
+  "refreshTokenExpiresAt" TIMESTAMP,
+  scope TEXT,
+  password TEXT,
+  "createdAt" TIMESTAMP NOT NULL DEFAULT NOW(),
+  "updatedAt" TIMESTAMP NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX idx_account_userId ON account("userId");
+
+-- Verification table (better-auth core)
+CREATE TABLE IF NOT EXISTS verification (
+  id TEXT PRIMARY KEY,
+  identifier TEXT NOT NULL,
+  value TEXT NOT NULL,
+  "expiresAt" TIMESTAMP NOT NULL,
+  "createdAt" TIMESTAMP,
+  "updatedAt" TIMESTAMP
+);
+
+CREATE INDEX idx_verification_identifier ON verification(identifier);
+
+-- User license and authorization schema (custom tables)
 
 CREATE TABLE IF NOT EXISTS user_licenses (
-  user_id TEXT PRIMARY KEY,
+  user_id TEXT PRIMARY KEY REFERENCES "user"(id) ON DELETE CASCADE,
   email TEXT,
   license_type TEXT NOT NULL CHECK (license_type IN ('free', 'pro', 'enterprise')),
   features JSONB NOT NULL DEFAULT '{
@@ -43,37 +106,3 @@ CREATE TABLE IF NOT EXISTS user_channel_links (
 
 CREATE INDEX idx_user_channel_links_user_id ON user_channel_links(user_id);
 CREATE INDEX idx_user_channel_links_channel ON user_channel_links(channel_type, channel_user_id);
-
--- Example data for development
-INSERT INTO user_licenses (user_id, email, license_type, mcp_server_url, features, resource_limits, preferred_model)
-VALUES (
-  'dev-user-001',
-  'dev@example.com',
-  'pro',
-  'http://localhost:8080/mcp',
-  '{
-    "maxIndicators": 50,
-    "maxStrategies": 20,
-    "maxBacktestDays": 365,
-    "realtimeData": true,
-    "customExecutors": true,
-    "apiAccess": true
-  }',
-  '{
-    "maxConcurrentSessions": 5,
-    "maxMessagesPerDay": 1000,
-    "maxTokensPerMessage": 8192,
-    "rateLimitPerMinute": 60
-  }',
-  '{
-    "provider": "anthropic",
-    "model": "claude-3-5-sonnet-20241022",
-    "temperature": 0.7
-  }'
-)
-ON CONFLICT (user_id) DO NOTHING;
-
--- Example Telegram link
-INSERT INTO user_channel_links (user_id, channel_type, channel_user_id)
-VALUES ('dev-user-001', 'telegram', '123456789')
-ON CONFLICT (channel_type, channel_user_id) DO NOTHING;