/**
 * Migration: Add IP restriction fields to tenants
 * Adds ip_whitelist, ip_restriction_enabled, and ip_restriction_message fields
 */

'use strict';

module.exports = {
  up: async (queryInterface, Sequelize) => {
    // Add IP restriction fields
    await queryInterface.addColumn('tenants', 'ip_whitelist', {
      type: Sequelize.JSONB,
      allowNull: true,
      defaultValue: null,
      comment: 'Array of allowed IP addresses/CIDR blocks for this tenant'
    });

    await queryInterface.addColumn('tenants', 'ip_restriction_enabled', {
      type: Sequelize.BOOLEAN,
      defaultValue: false,
      allowNull: false,
      comment: 'Whether IP restrictions are enabled for this tenant'
    });

    await queryInterface.addColumn('tenants', 'ip_restriction_message', {
      type: Sequelize.TEXT,
      allowNull: true,
      defaultValue: 'Access denied. Your IP address is not authorized to access this tenant.',
      comment: 'Custom message shown when IP access is denied'
    });
  },

  down: async (queryInterface, Sequelize) => {
    // Remove the added columns
    await queryInterface.removeColumn('tenants', 'ip_whitelist');
    await queryInterface.removeColumn('tenants', 'ip_restriction_enabled');
    await queryInterface.removeColumn('tenants', 'ip_restriction_message');
  }
};