# PocketBase Collection Schema

Set this up in the PocketBase admin UI at http://localhost:8090/_/

## 1. users (extends built-in auth collection)

Add these fields to the default auth collection:

| Field | Type | Default |
|---|---|---|
| credits_balance | Number | 0 |
| free_used | Bool | false |
| fingerprint_id | Text | — |

## 2. conversions

| Field | Type | Required | Notes |
|---|---|---|---|
| user | Relation → users | yes | cascade delete |
| file_hash | Text | yes | SHA-256 of export JSON |
| status | Text | yes | pending \| complete \| failed |
| download_url | Text | no | MinIO presigned URL |

## 3. transactions

| Field | Type | Required | Notes |
|---|---|---|---|
| user | Relation → users | yes | cascade delete |
| type | Text | yes | purchase \| conversion \| free \| refund |
| credits | Number | yes | positive = added, negative = spent |
| balance_after | Number | yes | snapshot after this tx |
| stripe_id | Text | no | Stripe PaymentIntent ID |
| file_hash | Text | no | SHA-256 of export JSON |

## 4. purchases

| Field | Type | Required | Notes |
|---|---|---|---|
| user | Relation → users | yes | cascade delete |
| credits | Number | yes | credits added |
| stripe_id | Text | yes | Stripe PaymentIntent ID |

## API Rules

For all collections except auth, set:
- List / View / Create / Update / Delete: restrict to authenticated users
  or use admin-only rules for server-side writes via the admin token.

The backend uses an admin token (set in PocketBase admin settings → API keys)
to create conversion and purchase records server-side.
Store this token as POCKETBASE_ADMIN_TOKEN in .env.