-- =============================================================
-- V020: Player identity linking for unified multi-platform accounts
-- =============================================================
-- Scope: Allow linking multiple platform identities (Telegram, Discord)
-- to a single "primary" player account. All group/session permissions
-- resolve through the effective (primary) player id.
-- =============================================================

-- player_links: secondary player → primary player (1:1 on secondary)
CREATE TABLE player_links (
    id                    UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    primary_player_id     UUID NOT NULL REFERENCES players(id) ON DELETE CASCADE,
    secondary_player_id   UUID NOT NULL UNIQUE REFERENCES players(id) ON DELETE CASCADE,
    linked_at             TIMESTAMPTZ NOT NULL DEFAULT now(),
    linked_by_player_id   UUID REFERENCES players(id) ON DELETE SET NULL,
    -- Prevent self-linking at the DB level
    CONSTRAINT no_self_link CHECK (primary_player_id <> secondary_player_id)
);

CREATE INDEX ix_player_links_primary_player_id
    ON player_links(primary_player_id);

-- identity_audit_log: security-sensitive link/unlink actions
CREATE TABLE identity_audit_log (
    id                      UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    player_id               UUID NOT NULL REFERENCES players(id) ON DELETE CASCADE,
    action                  VARCHAR(50) NOT NULL,   -- 'link', 'unlink', 'link_attempt_conflict'
    target_platform         VARCHAR(50),
    target_external_user_id VARCHAR(255),
    performed_at            TIMESTAMPTZ NOT NULL DEFAULT now(),
    performed_by_player_id  UUID REFERENCES players(id) ON DELETE SET NULL
);

CREATE INDEX ix_identity_audit_log_player_id
    ON identity_audit_log(player_id);
CREATE INDEX ix_identity_audit_log_performed_at
    ON identity_audit_log(performed_at DESC);