model User {
  id                  Int      @id @default(autoincrement())
  username            String   @unique
  password            String
  status              Int      @default(1)
  nick                String?  @db.VarChar(100)
  photo               String?  @db.VarChar(1024)
  remark              String?  @db.VarChar(256)
  twoFA               String?  @db.VarChar(256)
  twoFALastUsedStep   Int?     /// prevent same 30-sec TOTP from being reused.
  twoFARecoveryCodes  Json?    /// array of hashed backup codes.

  createTime          DateTime @default(now()) @map("create_time")
  updateTime          DateTime @default(now()) @updatedAt @map("update_time")
  allowIps            Json? /// 允许访问的IP列表

  // add user latest jwt token, update when user login, jwt guard to check if use current session jwt token matched then allow operations
  jwtToken            String? @db.VarChar(1024)
  oAuthJwtToken       String? @db.VarChar(1024)

  userRoles           UserRole[]

  // add user last login date time
  lastLoginTime       DateTime @default(now()) @map("lastLoginTime")

  @@map("sys_user")
}