docs: migrer schémas BDD de Mermaid vers DBML

Remplace les diagrammes Mermaid par DBML (via kroki-dbml) pour une meilleure expressivité des schémas de base de données : - Ajout support notes, contraintes et indexes détaillés - Migration de tous les schémas d'entités partagées - Ajout fichier exemple dbml-example.md - Configuration plugin mkdocs-kroki pour rendu DBML
2026-02-12 20:49:02 +01:00
parent ae2fc3ee6f
commit 23fe67470b
16 changed files with 566 additions and 224 deletions
--- a/docs/domains/_shared/entities/sessions.md
+++ b/docs/domains/_shared/entities/sessions.md
@@ -4,27 +4,43 @@

 ## Diagramme

-```mermaid
-erDiagram
-    USERS ||--o{ SESSIONS : "possède"
-    DEVICES ||--o{ SESSIONS : "associé"
+```kroki-dbml
+Table users {
+  id uuid [primary key]
+  email varchar(255) [not null, unique]
+  username varchar(50) [not null, unique]
+}

-    SESSIONS {
-        uuid id PK
-        uuid user_id FK
-        uuid device_id FK
-        string access_token_hash
-        string refresh_token_hash
-        timestamp access_token_expires_at
-        timestamp refresh_token_expires_at
-        inet ip_address
-        string user_agent
-        string city
-        string country_code
-        timestamp created_at
-        timestamp last_activity_at
-        timestamp revoked_at
-    }
+Table devices {
+  id uuid [primary key]
+  user_id uuid [not null, ref: > users.id]
+  device_name varchar(255)
+  device_type varchar(50)
+}
+
+Table sessions {
+  id uuid [primary key]
+  user_id uuid [not null, ref: > users.id]
+  device_id uuid [ref: > devices.id]
+  access_token_hash varchar(64) [not null, note: 'SHA256 hash, never stored in clear']
+  refresh_token_hash varchar(64) [not null, note: 'SHA256 hash, auto-rotated']
+  access_token_expires_at timestamp [not null, note: 'Lifetime: 15 minutes']
+  refresh_token_expires_at timestamp [not null, note: 'Lifetime: 30 days (rolling)']
+  ip_address inet [not null]
+  user_agent text [not null]
+  city varchar(100)
+  country_code char(2)
+  created_at timestamp [not null, default: `now()`]
+  last_activity_at timestamp [not null, default: `now()`]
+  revoked_at timestamp [note: 'NULL if active, timestamp if manually revoked']
+
+  indexes {
+    (user_id, revoked_at) [note: 'Find active sessions for user']
+    (device_id)
+    (refresh_token_hash) [unique, note: 'Detect replay attacks']
+    (last_activity_at) [note: 'Auto-cleanup inactive sessions']
+  }
+}
 ```

 ## Légende