-
Notifications
You must be signed in to change notification settings - Fork 4
/
schema.sql
179 lines (152 loc) · 5.74 KB
/
schema.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
drop table if exists shells cascade;
drop table if exists users cascade;
drop table if exists email_addresses cascade;
drop table if exists email_verification_tokens cascade;
drop table if exists password_change_tokens cascade;
drop table if exists student_numbers cascade;
drop table if exists reserved_usernames cascade;
drop table if exists groups cascade;
drop table if exists group_relations cascade;
drop table if exists group_reachable_cache cascade;
drop table if exists user_memberships cascade;
drop table if exists permissions cascade;
drop table if exists permission_requirements cascade;
drop table if exists pending_user_memberships cascade;
drop table if exists hosts cascade;
drop table if exists host_groups cascade;
drop type if exists language cascade;
-- Allowed shells to use
create table shells (
shell text primary key check (shell <> '')
);
insert into shells (shell) values ('/bin/bash');
-- Language
create type language as enum ('ko', 'en');
-- Users (accounts)
create table users (
idx serial primary key,
-- Account credentials
-- An username being null means the username is being changed
username text unique check (username <> ''),
password_digest text,
-- Real name
name text not null check (name <> ''),
-- posixAccount
uid integer unique not null,
shell text not null references shells(shell),
-- Language preference
preferred_language language not null,
-- Timestamps
created_at timestamp with time zone default NOW(),
last_login_at timestamp with time zone,
-- Activated
activated boolean not null default true
);
-- Email addresses
create table email_addresses (
idx serial primary key,
-- An user_id being null means unverified email address
owner_idx integer references users(idx) on delete cascade,
address_local text not null check (address_local <> ''),
address_domain text not null check (address_domain <> '')
);
create unique index email_addresses_lower_idx on email_addresses (LOWER(address_local), LOWER(address_domain));
-- Verification token
create table email_verification_tokens (
idx serial primary key,
email_idx integer unique not null references email_addresses(idx) on delete cascade,
token text unique not null check (token <> ''),
expires timestamp with time zone not null,
resend_count integer not null default 0
);
-- Password change token.
create table password_change_tokens (
idx serial primary key,
user_idx integer unique not null references users(idx) on delete cascade,
token text unique not null check (token <> ''),
expires timestamp with time zone not null,
resend_count integer not null default 0
);
-- SNU IDs
create table student_numbers (
idx serial primary key,
student_number text unique not null check (student_number <> ''),
owner_idx integer not null references users(idx) on delete cascade
);
-- Reserved usernames
create table reserved_usernames (
idx serial primary key,
reserved_username text unique not null check (reserved_username <> ''),
owner_idx integer references users(idx) on delete set null
);
create table groups (
idx serial primary key,
owner_group_idx integer references groups(idx) on delete set null,
name_ko text not null check (name_ko <> ''),
name_en text not null check (name_en <> ''),
description_ko text not null check (description_ko <> ''),
description_en text not null check (description_en <> ''),
identifier text not null unique check (identifier <> '')
);
-- OR relationship for groups.
create table group_relations (
idx serial primary key,
supergroup_idx integer not null references groups(idx) on delete cascade,
subgroup_idx integer not null references groups(idx) on delete cascade,
unique (supergroup_idx, subgroup_idx)
);
-- Cache for reachable group relation for a group
create table group_reachable_cache (
supergroup_idx integer not null references groups(idx) on delete cascade,
subgroup_idx integer not null references groups(idx) on delete cascade,
unique (supergroup_idx, subgroup_idx)
);
create table user_memberships (
idx serial primary key,
user_idx integer not null references users(idx) on delete cascade,
group_idx integer not null references groups(idx) on delete cascade,
unique (user_idx, group_idx)
);
create table permissions (
idx serial primary key,
name_ko text not null check (name_ko <> ''),
name_en text not null check (name_en <> ''),
description_ko text not null check (description_ko <> ''),
description_en text not null check (description_en <> '')
);
create table permission_requirements (
idx serial primary key,
group_idx integer not null references groups(idx) on delete cascade,
permission_idx integer not null references permissions(idx) on delete cascade,
unique (group_idx, permission_idx)
);
create table pending_user_memberships (
idx serial primary key,
user_idx integer not null references users(idx) on delete cascade,
group_idx integer not null references groups(idx) on delete cascade,
unique (user_idx, group_idx)
);
create table host_groups (
idx serial primary key,
name text not null check (name <> ''),
required_permission integer references permissions(idx) on delete cascade
);
create table hosts (
idx serial primary key,
name text not null check (name <> ''),
host inet unique not null check (text(host) <> ''),
host_group integer references host_groups(idx) on delete set null,
host_pubkey bytea unique check (octet_length(host_pubkey) = 32)
);
create table oauth_clients (
client_id text not null primary key,
client_secret text not null,
client_name text not null,
first_party boolean not null
);
create table oauth_client_redirect_uris (
idx serial primary key,
client_id text not null references oauth_clients(client_id) on delete cascade,
redirect_uri text not null,
unique (client_id, redirect_uri)
);