model SysUser {
  id                 String     @id @map("_id") @default(auto()) @db.ObjectId
  // id                 Int     @id @map("_id") @db.Int
  username           String  @unique
  password           String
  status             Int     @default(1) @db.Int
  nick               String?
  photo              String?
  remark             String?
  twoFA              String?
  twoFALastUsedStep  Int?    @db.Int
  twoFARecoveryCodes Json?   /// array of hashed backup codes.

  createTime DateTime @default(now()) @map("create_time")
  updateTime DateTime @default(now()) @updatedAt @map("update_time")
  allowIps   Json?    /// allowed IP list

  // track session tokens
  jwtToken      String?
  oAuthJwtToken String?

  userRoles    SysUserRole[]
  lastLoginTime DateTime @default(now()) @map("lastLoginTime")

  @@map("sys_user")
}