6933e1d3fb
- POST /api/services/provision: onboarding automatico tenant da lg231 - X-Provision-Secret auth (master secret, non org-specific) - Crea org (con tutti i dati lg231: P.IVA, ATECO, sede, PEC, fatturato) - Crea admin user con password temporanea (must_change_password=1) - Genera API Key scope [read:all, write:all, admin:org, sso:login] - Emette JWT 2h per apertura immediata UI - Callback webhook a lg231 con api_key - Idempotent: stessa P.IVA → restituisce org esistente - Audit: org.provisioned severity=critical - config.php: PROVISION_SECRET (env var) - BaseController: base64UrlEncode/Decode da private → protected - Migration 011: colonne provisioning + must_change_password + indexes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
69 lines
3.1 KiB
SQL
69 lines
3.1 KiB
SQL
-- ============================================================
|
|
-- NIS2 Agile — Migration 011: Provisioning B2B
|
|
-- Aggiunge colonne per onboarding automatico da lg231 e altri
|
|
-- sistemi Agile partner via POST /api/services/provision
|
|
-- ============================================================
|
|
|
|
USE nis2_agile_db;
|
|
|
|
-- ── organizations: campi provisioning ─────────────────────────────────────
|
|
|
|
-- Chi ha provisioned questa org (es: 'lg231')
|
|
ALTER TABLE organizations
|
|
ADD COLUMN IF NOT EXISTS provisioned_by VARCHAR(64) NULL AFTER status;
|
|
|
|
-- Timestamp del provisioning
|
|
ALTER TABLE organizations
|
|
ADD COLUMN IF NOT EXISTS provisioned_at DATETIME NULL AFTER provisioned_by;
|
|
|
|
-- Piano licenza (essentials/professional/enterprise)
|
|
ALTER TABLE organizations
|
|
ADD COLUMN IF NOT EXISTS license_plan VARCHAR(32) NULL DEFAULT 'professional' AFTER provisioned_at;
|
|
|
|
-- Scadenza licenza
|
|
ALTER TABLE organizations
|
|
ADD COLUMN IF NOT EXISTS license_expires_at DATE NULL AFTER license_plan;
|
|
|
|
-- ID azienda nel sistema chiamante (es: company_id di lg231)
|
|
ALTER TABLE organizations
|
|
ADD COLUMN IF NOT EXISTS lg231_company_id INT NULL AFTER license_expires_at;
|
|
|
|
-- Riferimento ordine nel sistema chiamante
|
|
ALTER TABLE organizations
|
|
ADD COLUMN IF NOT EXISTS lg231_order_id VARCHAR(64) NULL AFTER lg231_company_id;
|
|
|
|
-- ── users: campo must_change_password ─────────────────────────────────────
|
|
ALTER TABLE users
|
|
ADD COLUMN IF NOT EXISTS must_change_password TINYINT(1) NOT NULL DEFAULT 0 AFTER status;
|
|
|
|
-- Campo phone
|
|
ALTER TABLE users
|
|
ADD COLUMN IF NOT EXISTS phone VARCHAR(32) NULL AFTER must_change_password;
|
|
|
|
-- Campo job_title
|
|
ALTER TABLE users
|
|
ADD COLUMN IF NOT EXISTS job_title VARCHAR(128) NULL AFTER phone;
|
|
|
|
-- ── api_keys: campo created_by ─────────────────────────────────────────────
|
|
ALTER TABLE api_keys
|
|
ADD COLUMN IF NOT EXISTS created_by VARCHAR(128) NULL AFTER last_used_at;
|
|
|
|
-- ── Indici ────────────────────────────────────────────────────────────────
|
|
|
|
-- Ricerca per VAT number (idempotency provisioning)
|
|
CREATE INDEX IF NOT EXISTS idx_organizations_vat ON organizations(vat_number);
|
|
|
|
-- Ricerca org per lg231_company_id
|
|
CREATE INDEX IF NOT EXISTS idx_organizations_lg231 ON organizations(lg231_company_id);
|
|
|
|
-- ── Verifica ──────────────────────────────────────────────────────────────
|
|
SELECT
|
|
COLUMN_NAME, COLUMN_TYPE, IS_NULLABLE
|
|
FROM INFORMATION_SCHEMA.COLUMNS
|
|
WHERE TABLE_SCHEMA = 'nis2_agile_db'
|
|
AND TABLE_NAME = 'organizations'
|
|
AND COLUMN_NAME IN ('provisioned_by','provisioned_at','license_plan','license_expires_at','lg231_company_id','lg231_order_id')
|
|
ORDER BY ORDINAL_POSITION;
|
|
|
|
SELECT 'Migration 011 provisioning completata.' AS stato;
|