working full end-to-end with encryption

prisma/migrations/20251222191415_add_sessions/migration.sql

@@ -0,0 +1,22 @@
+-- CreateTable
+CREATE TABLE "Session" (
+    "id" TEXT NOT NULL,
+    "token" TEXT NOT NULL,
+    "userId" TEXT NOT NULL,
+    "expiresAt" TIMESTAMP(3) NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "Session_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Session_token_key" ON "Session"("token");
+
+-- CreateIndex
+CREATE INDEX "Session_userId_idx" ON "Session"("userId");
+
+-- CreateIndex
+CREATE INDEX "Session_token_idx" ON "Session"("token");
+
+-- AddForeignKey
+ALTER TABLE "Session" ADD CONSTRAINT "Session_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

prisma/migrations/20251222192915_add_skyward_password/migration.sql

@@ -0,0 +1,8 @@
+/*
+  Warnings:
+
+  - Added the required column `skywardPassword` to the `User` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "skywardPassword" TEXT NOT NULL;

prisma/schema.prisma

@@ -6,15 +6,30 @@ datasource db {
   provider = "postgresql"
 }
 
-model User {
+model Session {
   id        String   @id @default(uuid())
-  username  String   @unique
-  password  String
+  token     String   @unique
+  userId    String
+  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+  
+  expiresAt DateTime
   createdAt DateTime @default(now())
   
+  @@index([userId])
+  @@index([token])
+}
+
+model User {
+  id              String   @id @default(uuid())
+  username        String   @unique
+  password        String   // Bcrypt hash for login auth
+  skywardPassword String   // Encrypted password for Skyward API calls
+  createdAt       DateTime @default(now())
+  
   classes     Class[]
   fetches     Fetch[]
   finalGrades FinalGrade[]
+  sessions    Session[]
 }
 
 model Class {