rwadurian/backend/services/backup-service/prisma/schema.prisma

// prisma/schema.prisma

generator client {
  provider = "prisma-client-js"
}

datasource db {
  provider = "postgresql"
}

// 备份分片存储
model BackupShare {
  shareId           BigInt   @id @default(autoincrement()) @map("share_id")

  // 用户标识 (来自 identity-service)
  userId            BigInt   @unique @map("user_id")
  accountSequence   String   @unique @map("account_sequence") // 格式: D + YYMMDD + 5位序号

  // MPC 密钥信息
  publicKey         String   @unique @map("public_key") @db.VarChar(130)
  partyIndex        Int      @default(2) @map("party_index")  // Backup = Party 2
  threshold         Int      @default(2)
  totalParties      Int      @default(3) @map("total_parties")

  // 加密的分片数据 (AES-256-GCM 加密)
  encryptedShareData String  @map("encrypted_share_data") @db.Text
  encryptionKeyId    String  @map("encryption_key_id") @db.VarChar(64)  // 密钥轮换支持

  // 状态管理
  status            String   @default("ACTIVE") @db.VarChar(20)  // ACTIVE, REVOKED, ROTATED

  // 访问控制
  accessCount       Int      @default(0) @map("access_count")  // 访问次数限制
  lastAccessedAt    DateTime? @map("last_accessed_at")

  // 时间戳
  createdAt         DateTime @default(now()) @map("created_at")
  updatedAt         DateTime @updatedAt @map("updated_at")
  revokedAt         DateTime? @map("revoked_at")

  // 索引
  @@index([publicKey], name: "idx_backup_public_key")
  @@index([status], name: "idx_backup_status")
  @@index([createdAt], name: "idx_backup_created")
  @@map("backup_shares")
}

// 访问审计日志
model ShareAccessLog {
  logId             BigInt   @id @default(autoincrement()) @map("log_id")

  shareId           BigInt   @map("share_id")
  userId            BigInt   @map("user_id")

  action            String   @db.VarChar(20)  // STORE, RETRIEVE, REVOKE, ROTATE
  sourceService     String   @map("source_service") @db.VarChar(50)  // identity-service, recovery-service
  sourceIp          String   @map("source_ip") @db.VarChar(45)

  success           Boolean  @default(true)
  errorMessage      String?  @map("error_message") @db.Text

  createdAt         DateTime @default(now()) @map("created_at")

  @@index([shareId], name: "idx_log_share")
  @@index([userId], name: "idx_log_user")
  @@index([action], name: "idx_log_action")
  @@index([createdAt], name: "idx_log_created")
  @@map("share_access_logs")
}