PttCodingMan
diff --git a/‎backend/app/database.py‎
Lines changed: 11 additions & 0 deletions b/‎backend/app/database.py‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎backend/app/migrations.py‎
Lines changed: 37 additions & 0 deletions b/‎backend/app/migrations.py‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎backend/app/routers/pages.py‎
Lines changed: 9 additions & 7 deletions b/‎backend/app/routers/pages.py‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎backend/app/routers/public.py‎
Lines changed: 1 addition & 1 deletion b/‎backend/app/routers/public.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/app/routers/search.py‎
Lines changed: 5 additions & 4 deletions b/‎backend/app/routers/search.py‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎backend/app/schemas.py‎
Lines changed: 11 additions & 1 deletion b/‎backend/app/schemas.py‎
Lines changed: 11 additions & 1 deletion
diff --git a/‎backend/tests/test_migrations_page_type.py‎
Lines changed: 95 additions & 0 deletions b/‎backend/tests/test_migrations_page_type.py‎
Lines changed: 95 additions & 0 deletions
@@ -27,15 +27,25 @@
     created_at        TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );
 
+-- Personal API tokens for programmatic access. Plaintext is shown once on
+-- creation and never stored. Only sha256(token) is persisted for lookup.
+-- `prefix` stores the first 8 chars of the plaintext so the UI can
+-- identify a specific token without revealing it. `expires_at` and
+-- `revoked_at` let a token be invalidated without losing the audit trail.
 CREATE TABLE IF NOT EXISTS api_tokens (
     id          INTEGER PRIMARY KEY AUTOINCREMENT,
     user_id     INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
     name        TEXT NOT NULL,
     token_hash  TEXT UNIQUE NOT NULL,
+    prefix      TEXT,
+    expires_at  TIMESTAMP,
+    revoked_at  TIMESTAMP,
     last_used   TIMESTAMP,
     created_at  TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );
 
+CREATE INDEX IF NOT EXISTS idx_api_tokens_user ON api_tokens(user_id);
+
 -- SSO binding per user. A user may have zero or more identities alongside
 -- a local password (or instead of one, in which case users.password_hash
 -- is set to the sentinel '!' to disable local login while keeping the
@@ -63,6 +73,7 @@
     view_count  INTEGER DEFAULT 0,
     version     INTEGER NOT NULL DEFAULT 1,
     is_public   INTEGER NOT NULL DEFAULT 0,
+    page_type   TEXT NOT NULL DEFAULT 'document',
     deleted_at  TIMESTAMP,
     created_by  INTEGER REFERENCES users(id),
     created_at  TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
 
@@ -98,6 +98,36 @@ async def _m006_auth_identities(db: aiosqlite.Connection) -> None:
     )
 
 
+async def _m008_api_tokens_extend(db: aiosqlite.Connection) -> None:
+    """Extend api_tokens with prefix / expires_at / revoked_at.
+
+    The earlier shape only tracked the hash and a `last_used` timestamp. The
+    three new columns let the UI show a non-revealing identifier, let tokens
+    expire automatically (30-day default), and let users revoke without
+    losing the audit trail. All three are nullable so existing rows (if any)
+    keep working — they'll read as "never expires, never revoked, no prefix".
+    """
+    if not await _column_exists(db, "api_tokens", "prefix"):
+        await db.execute("ALTER TABLE api_tokens ADD COLUMN prefix TEXT")
+    if not await _column_exists(db, "api_tokens", "expires_at"):
+        await db.execute("ALTER TABLE api_tokens ADD COLUMN expires_at TIMESTAMP")
+    if not await _column_exists(db, "api_tokens", "revoked_at"):
+        await db.execute("ALTER TABLE api_tokens ADD COLUMN revoked_at TIMESTAMP")
+
+
+async def _m009_page_type(db: aiosqlite.Connection) -> None:
+    """Add `page_type` to pages so viewer can branch by rendering strategy.
+
+    Value is a free-form TEXT (not CHECK-constrained) so we can introduce new
+    types purely in Python (Pydantic Literal does the validation). Default
+    'document' matches the pre-existing behavior for every row on upgrade.
+    """
+    if not await _column_exists(db, "pages", "page_type"):
+        await db.execute(
+            "ALTER TABLE pages ADD COLUMN page_type TEXT NOT NULL DEFAULT 'document'"
+        )
+
+
 async def _m007_groups_ldap_dn(db: aiosqlite.Connection) -> None:
     """Add `ldap_dn` to `groups` so LDAP-mirrored groups can be reconciled.
 
@@ -124,6 +154,8 @@ async def _m007_groups_ldap_dn(db: aiosqlite.Connection) -> None:
     (5, "page_is_public", _m005_page_is_public),
     (6, "auth_identities", _m006_auth_identities),
     (7, "groups_ldap_dn", _m007_groups_ldap_dn),
+    (8, "api_tokens_extend", _m008_api_tokens_extend),
+    (9, "page_type", _m009_page_type),
 ]
 
 
@@ -147,6 +179,7 @@ async def _m007_groups_ldap_dn(db: aiosqlite.Connection) -> None:
     # without this. Declared in SCHEMA_SQL but that's skipped on upgrades
     # where the backfill marks m006 as already applied.
     "CREATE INDEX IF NOT EXISTS idx_auth_identities_user ON auth_identities(user_id)",
+    "CREATE INDEX IF NOT EXISTS idx_pages_type ON pages(page_type)",
 )
 
 
@@ -210,6 +243,10 @@ async def _detect_preexisting(db: aiosqlite.Connection) -> set[int]:
         applied.add(6)
     if await _column_exists(db, "groups", "ldap_dn"):
         applied.add(7)
+    if await _column_exists(db, "api_tokens", "prefix"):
+        applied.add(8)
+    if await _column_exists(db, "pages", "page_type"):
+        applied.add(9)
     return applied
 
 
 
@@ -266,9 +266,9 @@ async def create_page(body: PageCreate, user=Depends(get_current_user)):
         candidate = await unique_slug(db, slugify(body.title, body.slug))
         try:
             cursor = await db.execute(
-                """INSERT INTO pages (slug, title, content_md, parent_id, sort_order, version, created_by)
-                   VALUES (?, ?, ?, ?, ?, 1, ?)""",
-                (candidate, body.title, content, body.parent_id, body.sort_order, user["id"]),
+                """INSERT INTO pages (slug, title, content_md, parent_id, sort_order, version, page_type, created_by)
+                   VALUES (?, ?, ?, ?, ?, 1, ?, ?)""",
+                (candidate, body.title, content, body.parent_id, body.sort_order, body.page_type, user["id"]),
             )
             slug = candidate
             page_id = cursor.lastrowid
@@ -395,23 +395,25 @@ async def update_page(slug: str, body: PageUpdate, user=Depends(get_current_user
             )
     current_is_public = bool(current.get("is_public", 0))
     is_public = body.is_public if body.is_public is not None else current_is_public
+    current_page_type = current.get("page_type") or "document"
+    page_type = body.page_type if body.page_type is not None else current_page_type
 
     content_changed = body.content_md is not None and body.content_md != current["content_md"]
     title_changed = body.title is not None and body.title != current["title"]
     public_changed = body.is_public is not None and bool(body.is_public) != current_is_public
 
     # Save current state as a version before updating (only if content/title actually changed).
-    # Publicity toggles are metadata, not content, so they don't create a version.
+    # Publicity/page_type toggles are metadata, not content, so they don't create a version.
     if content_changed or title_changed:
         await save_version(db, current["id"], current["title"], current["content_md"], user["id"])
 
-    # is_public changes do NOT bump version (metadata, not content)
+    # is_public / page_type changes do NOT bump version (metadata, not content)
     new_version = current["version"] + 1 if (content_changed or title_changed) else current["version"]
 
     await db.execute(
         """UPDATE pages SET title = ?, content_md = ?, parent_id = ?, sort_order = ?,
-           is_public = ?, version = ?, updated_at = CURRENT_TIMESTAMP WHERE slug = ?""",
-        (title, content, parent_id, sort_order, 1 if is_public else 0, new_version, slug),
+           is_public = ?, page_type = ?, version = ?, updated_at = CURRENT_TIMESTAMP WHERE slug = ?""",
+        (title, content, parent_id, sort_order, 1 if is_public else 0, page_type, new_version, slug),
     )
 
     # Update search index
 
@@ -40,7 +40,7 @@ async def get_public_page(slug: str, request: Request):
 
     db = await get_db()
     rows = await db.execute_fetchall(
-        """SELECT p.slug, p.title, p.content_md, p.updated_at,
+        """SELECT p.slug, p.title, p.content_md, p.page_type, p.updated_at,
                   CASE WHEN u.display_name IS NOT NULL AND u.display_name != ''
                        THEN u.display_name ELSE u.username END AS author_name
            FROM pages p
 
@@ -79,7 +79,7 @@ async def _search_fts(db, fts_query, tag, readable_json, per_page, offset):
         total = count_rows[0]["cnt"]
 
         search_sql = """
-            SELECT DISTINCT p.id, p.slug, p.title, p.content_md, p.updated_at, p.view_count
+            SELECT DISTINCT p.id, p.slug, p.title, p.content_md, p.updated_at, p.view_count, p.page_type
             FROM search_index
             JOIN pages p ON CAST(search_index.page_id AS INTEGER) = p.id
             JOIN page_tags pt ON pt.page_id = p.id
@@ -104,7 +104,7 @@ async def _search_fts(db, fts_query, tag, readable_json, per_page, offset):
         total = count_rows[0]["cnt"]
 
         search_sql = """
-            SELECT p.id, p.slug, p.title, p.content_md, p.updated_at, p.view_count
+            SELECT p.id, p.slug, p.title, p.content_md, p.updated_at, p.view_count, p.page_type
             FROM search_index
             JOIN pages p ON CAST(search_index.page_id AS INTEGER) = p.id
             WHERE search_index MATCH ? AND p.deleted_at IS NULL
@@ -150,7 +150,7 @@ async def _search_like(db, words, tag, readable_json, per_page, offset):
         total = count_rows[0]["cnt"]
 
         search_sql = f"""
-            SELECT DISTINCT p.id, p.slug, p.title, p.content_md, p.updated_at, p.view_count
+            SELECT DISTINCT p.id, p.slug, p.title, p.content_md, p.updated_at, p.view_count, p.page_type
             FROM pages p
             JOIN page_tags pt ON pt.page_id = p.id
             JOIN tags t ON t.id = pt.tag_id
@@ -175,7 +175,7 @@ async def _search_like(db, words, tag, readable_json, per_page, offset):
         total = count_rows[0]["cnt"]
 
         search_sql = f"""
-            SELECT p.id, p.slug, p.title, p.content_md, p.updated_at, p.view_count
+            SELECT p.id, p.slug, p.title, p.content_md, p.updated_at, p.view_count, p.page_type
             FROM pages p
             WHERE {like_clauses} AND p.deleted_at IS NULL
               AND p.id IN (SELECT value FROM json_each(?))
@@ -234,6 +234,7 @@ async def search_pages(
             "snippet": make_snippet(row["content_md"], q),
             "updated_at": row["updated_at"],
             "view_count": row["view_count"],
+            "page_type": row["page_type"],
         })
 
     return {"results": results, "total": total, "page": page, "per_page": per_page}
@@ -1,8 +1,14 @@
 from pydantic import BaseModel
-from typing import Optional
+from typing import Literal, Optional
 from datetime import datetime
 
 
+# ── Page types ──
+# Free-form TEXT in SQLite; Pydantic Literal is the source of truth for validation.
+# Add new types here (plus a frontend renderer) — no migration required.
+PageType = Literal["document", "mindmap"]
+
+
 # ── Auth ──
 class LoginRequest(BaseModel):
     username: str
@@ -26,6 +32,7 @@ class PageCreate(BaseModel):
     sort_order: int = 0
     template_id: Optional[int] = None
     slug: Optional[str] = None
+    page_type: PageType = "document"
 
 
 class PageUpdate(BaseModel):
@@ -34,6 +41,7 @@ class PageUpdate(BaseModel):
     parent_id: Optional[int] = None
     sort_order: Optional[int] = None
     is_public: Optional[bool] = None
+    page_type: Optional[PageType] = None
     base_version: Optional[int] = None  # for optimistic locking
 
 
@@ -52,6 +60,7 @@ class PageResponse(BaseModel):
     view_count: int = 0
     version: int = 1
     is_public: bool = False
+    page_type: PageType = "document"
     created_by: Optional[int] = None
     author_name: Optional[str] = None
     created_at: Optional[str] = None
@@ -63,6 +72,7 @@ class PublicPageResponse(BaseModel):
     slug: str
     title: str
     content_md: str
+    page_type: PageType = "document"
     updated_at: Optional[str] = None
     author_name: Optional[str] = None
     diagrams: dict[str, str] = {}
 
@@ -0,0 +1,95 @@
+"""Regression test for m009 (page_type column + index).
+
+Simulates the upgrade path: start from a pages table that lacks page_type,
+run migrations, check the column, index, and default value all land.
+"""
+import os
+import tempfile
+
+import aiosqlite
+import pytest
+
+from app.migrations import run_migrations
+
+
+@pytest.mark.asyncio
+async def test_m009_adds_page_type_to_legacy_db():
+    fd, path = tempfile.mkstemp(suffix=".db")
+    os.close(fd)
+    try:
+        db = await aiosqlite.connect(path)
+        db.row_factory = aiosqlite.Row
+        try:
+            # Shape: a database where migrations 1-8 are already recorded in
+            # the ledger (normal upgrade case). _ensure_indexes runs after
+            # every migration pass and references users / groups /
+            # auth_identities, so we stub just enough schema for those
+            # CREATE INDEX IF NOT EXISTS statements to succeed.
+            await db.execute(
+                """
+                CREATE TABLE schema_migrations (
+                    version    INTEGER PRIMARY KEY,
+                    name       TEXT NOT NULL,
+                    applied_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
+                )
+                """
+            )
+            for v in range(1, 9):
+                await db.execute(
+                    "INSERT INTO schema_migrations (version, name) VALUES (?, ?)",
+                    (v, f"legacy_{v}"),
+                )
+            await db.execute(
+                """
+                CREATE TABLE pages (
+                    id          INTEGER PRIMARY KEY AUTOINCREMENT,
+                    slug        TEXT UNIQUE NOT NULL,
+                    title       TEXT NOT NULL,
+                    content_md  TEXT NOT NULL DEFAULT '',
+                    version     INTEGER NOT NULL DEFAULT 1,
+                    is_public   INTEGER NOT NULL DEFAULT 0,
+                    deleted_at  TIMESTAMP
+                )
+                """
+            )
+            await db.execute(
+                "CREATE TABLE users (id INTEGER PRIMARY KEY, deleted_at TIMESTAMP)"
+            )
+            await db.execute(
+                "CREATE TABLE groups (id INTEGER PRIMARY KEY, ldap_dn TEXT)"
+            )
+            await db.execute(
+                "CREATE TABLE auth_identities (id INTEGER PRIMARY KEY, user_id INTEGER)"
+            )
+            await db.execute(
+                "INSERT INTO pages (slug, title, content_md) VALUES (?, ?, ?)",
+                ("legacy", "Legacy page", "body"),
+            )
+            await db.commit()
+
+            applied = await run_migrations(db)
+
+            # m009 should have run exactly once.
+            assert 9 in applied
+
+            # Column exists and backfills to 'document'.
+            cols = {r["name"] for r in await db.execute_fetchall("PRAGMA table_info(pages)")}
+            assert "page_type" in cols
+            rows = await db.execute_fetchall("SELECT page_type FROM pages WHERE slug = 'legacy'")
+            assert rows[0]["page_type"] == "document"
+
+            # Index was created by _ensure_indexes regardless of fresh/upgrade.
+            idx_rows = await db.execute_fetchall(
+                "SELECT name FROM sqlite_master WHERE type='index' AND tbl_name='pages'"
+            )
+            idx_names = {r["name"] for r in idx_rows}
+            assert "idx_pages_type" in idx_names
+
+            # Re-running is a no-op (idempotent ledger).
+            applied_again = await run_migrations(db)
+            assert 9 not in applied_again
+        finally:
+            await db.close()
+    finally:
+        if os.path.exists(path):
+            os.remove(path)