# Devices

📖 Appareils de confiance et gestion multi-device

## Diagramme

```kroki-dbml
Table users {
  id uuid [primary key]
}

Table devices {
  id uuid [primary key]
  user_id uuid [not null, ref: > users.id]
  device_name varchar(255) [note: 'User-defined device name']
  os varchar(50) [note: 'iOS, Android, Windows, macOS, Linux']
  browser varchar(50) [note: 'Safari, Chrome, Firefox, etc.']
  device_type device_type_enum [not null, note: 'mobile, tablet, desktop, car']
  is_trusted boolean [not null, default: false, note: 'Bypass 2FA for 30 days if true']
  trusted_until timestamp [note: 'NULL if not trusted, expires after 30 days']
  first_seen_at timestamp [not null, default: `now()`]
  last_seen_at timestamp [not null, default: `now()`]
  last_ip inet [not null]
  last_city varchar(100)
  last_country_code char(2)

  indexes {
    (user_id, last_seen_at) [note: 'List user devices by recent activity']
    (user_id, is_trusted) [note: 'Find trusted devices for user']
  }
}

Table sessions {
  id uuid [primary key]
  device_id uuid [ref: > devices.id]
}

Enum device_type_enum {
  mobile [note: 'Smartphone Android/iOS']
  tablet [note: 'Tablette']
  desktop [note: 'Ordinateur']
  car [note: 'Système embarqué (CarPlay/Android Auto)']
}
```

## Légende

**Types d'appareil** :

- `mobile` : Smartphone Android/iOS
- `tablet` : Tablette
- `desktop` : Ordinateur
- `car` : Système embarqué (CarPlay/Android Auto)

**Appareil de confiance** :

- Option "Ne plus demander sur cet appareil" → bypass 2FA pendant **30 jours**
- Révocable depuis paramètres compte
- Liste des appareils de confiance visible

**Sécurité** :

- Détection automatique nouveau device → notification push + email
- Localisation suspecte (pays différent) → alerte
- Révocation individuelle ou globale possible