Add foreign key constraint to enforce proper parent field in users table

database.py

@@ -13,8 +13,9 @@ class userstatus(enum.Enum):
 
 csprng = random.SystemRandom()
 
-def add_user(userdb, *, username, password, email, parent, status):
-	"""Add a user to the database"""
+def add_user(db, *, username, password, email, parent, status):
+	"""Add a user to the database
+	Will not commit the changes itself, so run .commit() on the database object yourself"""
 	global csprgn
 
 	assert type(username) == str
@@ -26,6 +27,9 @@ def add_user(userdb, *, username, password, email, parent, status):
 	# Generate a user ID. SQLite uses 64 bit signed ints, so generate at max 2⁶³-1
 	userid = csprng.randrange(2**63)
 
+	# Unicode normalize the username
+	username = unicodedata.normalize('NFKC', username)
+
 	# First unicode normalize the password, then hash it with argon2
 	password = unicodedata.normalize('NFKC', password)
 	password = argon2.hash(password)
@@ -34,15 +38,15 @@ def add_user(userdb, *, username, password, email, parent, status):
 	status = status.value
 
 	# Add the user into the database
-	cursor = userdb.cursor()
+	cursor = db.cursor()
+	cursor.execute('PRAGMA foreign_keys = ON;') # Fail if we insert a user with bogus parent field
 	cursor.execute('INSERT INTO users VALUES (?, ?, ?, ?, ?, ?, ?);', (userid, parent, status, password, username, email, ''))
-	userdb.commit()
 
-def initialize_userdb(userdb, admin_user, admin_password):
-	"""Creates a bare-bones user database with only admin
+def initialize_users(db, admin_user, admin_password):
+	"""Creates a bare-bones user table with only admin user
 	This should never be run outside of the initialization script"""
 
-	cursor = userdb.cursor()
+	cursor = db.cursor()
 
 	cursor.execute('''CREATE TABLE users (
 		id integer NOT NULL PRIMARY KEY,
@@ -55,9 +59,30 @@ def initialize_userdb(userdb, admin_user, admin_password):
 		username text NOT NULL,
 		email text NOT NULL,
 
-		comment text NOT NULL
+		comment text NOT NULL,
+
+		FOREIGN KEY(parent) REFERENCES users(id)
 	);''')
 
-	userdb.commit()
+	add_user(db, username = admin_user, password = admin_password, email = '', parent = None, status = userstatus.admin)
 
-	add_user(userdb, username = admin_user, password = admin_password, email = '', parent = None, status = userstatus.admin)
+	db.commit()
+
+def initialize_boards(db, boards):
+	"""Creates a table of boards
+	This should never be run outside of the initialization script"""
+
+	cursor = db.cursor()
+
+	cursor.execute('''CREATE TABLE boards (
+		id integer NOT NULL PRIMARY KEY,
+		name text NOT NULL
+	);''')
+
+	# .executemany() wants them in the format [("board1",), ("board2",), …]
+	boards = [(board_name,) for board_name in boards]
+
+	# Use NULL to have SQLite generate the IDs automatically
+	cursor.executemany('INSERT INTO boards VALUES (NULL, ?);', boards)
+
+	db.commit()

generate_html.py

@@ -9,6 +9,7 @@ def generate_nav(*, soup):
 	# TODO: Don't generate link to a board if we're at the index
 	nav_tag = soup.new_tag('nav')
 
+	# TODO: Read these from the database
 	for board in ['a', 'b', 'his', 'g']:
 		url = config.url_prefix + '/' + urllib.parse.quote(board, safe = '') + '/'
 		a_tag = soup.new_tag('a', href = url)

initialize.py

@@ -3,7 +3,10 @@ import sqlite3
 import database
 
 if __name__ == '__main__':
-	with sqlite3.connect('user.db') as userdb:
+	with sqlite3.connect('buranun.db') as db:
 		username = input('admin username: ')
 		password = input('admin password: ')
-		database.initialize_userdb(userdb, username, password)
+		database.initialize_users(db, username, password)
+
+		boards = input('boards: ').split()
+		database.initialize_boards(db, boards)