feat: secu migrate to user uuid

scripts/migrate-to-uuid.sql

@@ -0,0 +1,40 @@
+-- Migration script: Replace sequential user IDs with UUIDs for security
+-- This prevents enumeration attacks and improves security
+
+-- Step 1: Enable UUID extension if not already enabled
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+-- Step 2: Add new UUID column to users table
+ALTER TABLE users ADD COLUMN uuid_id UUID DEFAULT uuid_generate_v4();
+
+-- Step 3: Update all existing users to have UUIDs (they will be auto-generated)
+UPDATE users SET uuid_id = uuid_generate_v4() WHERE uuid_id IS NULL;
+
+-- Step 4: Make UUID column NOT NULL
+ALTER TABLE users ALTER COLUMN uuid_id SET NOT NULL;
+
+-- Step 5: Add new UUID column to user_evaluations table
+ALTER TABLE user_evaluations ADD COLUMN user_uuid UUID;
+
+-- Step 6: Update user_evaluations to use the new UUIDs
+UPDATE user_evaluations 
+SET user_uuid = users.uuid_id 
+FROM users 
+WHERE user_evaluations.user_id = users.id;
+
+-- Step 7: Make user_uuid NOT NULL
+ALTER TABLE user_evaluations ALTER COLUMN user_uuid SET NOT NULL;
+
+-- Step 8: Add new UUID column to skill_evaluations (via user_evaluations)
+-- No direct change needed as skill_evaluations references user_evaluations.id
+
+-- Step 9: Create unique constraint on UUID
+ALTER TABLE users ADD CONSTRAINT users_uuid_unique UNIQUE (uuid_id);
+
+-- Step 10: Add unique constraint and foreign key for user_evaluations
+ALTER TABLE user_evaluations ADD CONSTRAINT user_evaluations_user_uuid_unique UNIQUE (user_uuid);
+ALTER TABLE user_evaluations ADD CONSTRAINT fk_user_evaluations_user_uuid 
+    FOREIGN KEY (user_uuid) REFERENCES users(uuid_id);
+
+-- Note: The actual switchover will be done in the application code
+-- The old id columns will be kept temporarily for backward compatibility