Your commit message here

src/lib/init-db.js

@@ -162,4 +162,52 @@ export default function initializeDatabase() {
 	} catch (e) {
 		// Column already exists, ignore error
 	}
+
+	// Authorization tables
+	db.exec(`
+		-- Users table
+		CREATE TABLE IF NOT EXISTS users (
+			id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
+			name TEXT NOT NULL,
+			email TEXT UNIQUE NOT NULL,
+			password_hash TEXT NOT NULL,
+			role TEXT CHECK(role IN ('admin', 'project_manager', 'user', 'read_only')) DEFAULT 'user',
+			created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+			updated_at TEXT DEFAULT CURRENT_TIMESTAMP,
+			is_active INTEGER DEFAULT 1,
+			last_login TEXT,
+			failed_login_attempts INTEGER DEFAULT 0,
+			locked_until TEXT
+		);
+
+		-- NextAuth.js sessions table (simplified for custom implementation)
+		CREATE TABLE IF NOT EXISTS sessions (
+			id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
+			session_token TEXT UNIQUE NOT NULL,
+			user_id TEXT NOT NULL,
+			expires TEXT NOT NULL,
+			created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+			FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+		);
+
+		-- Audit log table for security tracking
+		CREATE TABLE IF NOT EXISTS audit_logs (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			user_id TEXT,
+			action TEXT NOT NULL,
+			resource_type TEXT,
+			resource_id TEXT,
+			ip_address TEXT,
+			user_agent TEXT,
+			timestamp TEXT DEFAULT CURRENT_TIMESTAMP,
+			details TEXT,
+			FOREIGN KEY (user_id) REFERENCES users(id)
+		);
+
+		-- Create indexes for performance
+		CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
+		CREATE INDEX IF NOT EXISTS idx_sessions_token ON sessions(session_token);
+		CREATE INDEX IF NOT EXISTS idx_sessions_user ON sessions(user_id);
+		CREATE INDEX IF NOT EXISTS idx_audit_user_timestamp ON audit_logs(user_id, timestamp);
+	`);
 }