Harden redemption flow and improve operational safety

office365_self_service/__init__.py

@@ -9,6 +9,7 @@ from flask import Flask
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import event
 from sqlalchemy.engine import Engine
+from sqlalchemy.engine.url import make_url
 
 from .services import Office365Service
 from .settings import Settings, load_settings
@@ -17,6 +18,13 @@ from .settings import Settings, load_settings
 db = SQLAlchemy()
 
 
+def _ensure_sqlite_directory(database_url: str) -> None:
+    url = make_url(database_url)
+    if url.drivername != "sqlite" or not url.database or url.database == ":memory:":
+        return
+    Path(url.database).parent.mkdir(parents=True, exist_ok=True)
+
+
 def _configure_logging(app: Flask) -> None:
     log_dir = Path(app.root_path).parent / "logs"
     log_dir.mkdir(parents=True, exist_ok=True)
@@ -62,11 +70,12 @@ def create_app(
     app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
 
     _configure_logging(app)
+    _ensure_sqlite_directory(settings.database_url)
 
     db.init_app(app)
 
     with app.app_context():
-        from .models import RedemptionCode
+        from .models import AuditEvent, RedemptionCode
         db.create_all()
 
     if service_factory is None:
@@ -83,4 +92,4 @@ def create_app(
     app.register_blueprint(bp_admin)
     app.register_blueprint(bp_user)
 
-    return app
+    return app