pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2026-02-05 17:15:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Implement account deletion system

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-12 14:17:54 +00:00
parent 21ba87a664
commit 3a38b47108
10 changed files with 1429 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
supabase/functions/cancel-account-deletion/index.ts Normal file
View File

@@ -0,0 +1,129 @@
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
};
serve(async (req) => {
if (req.method === 'OPTIONS') {
return new Response(null, { headers: corsHeaders });
}
try {
const { cancellation_reason } = await req.json();
const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{
global: {
headers: { Authorization: req.headers.get('Authorization')! },
},
}
);
// Get authenticated user
const {
data: { user },
error: userError,
} = await supabaseClient.auth.getUser();
if (userError || !user) {
throw new Error('Unauthorized');
}
console.log(`Cancelling deletion request for user: ${user.id}`);
// Find pending deletion request
const { data: deletionRequest, error: requestError } = await supabaseClient
.from('account_deletion_requests')
.select('*')
.eq('user_id', user.id)
.eq('status', 'pending')
.maybeSingle();
if (requestError || !deletionRequest) {
throw new Error('No pending deletion request found');
}
// Cancel deletion request
const { error: updateError } = await supabaseClient
.from('account_deletion_requests')
.update({
status: 'cancelled',
cancelled_at: new Date().toISOString(),
cancellation_reason: cancellation_reason || 'User cancelled',
})
.eq('id', deletionRequest.id);
if (updateError) {
throw updateError;
}
// Reactivate profile
const { error: profileError } = await supabaseClient
.from('profiles')
.update({
deactivated: false,
deactivated_at: null,
deactivation_reason: null,
})
.eq('user_id', user.id);
if (profileError) {
throw profileError;
}
// Send cancellation email
const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
if (forwardEmailKey) {
try {
await fetch('https://api.forwardemail.net/v1/emails', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
},
body: JSON.stringify({
from: fromEmail,
to: user.email,
subject: 'Account Deletion Cancelled',
html: `
<h2>Account Deletion Cancelled</h2>
<p>Your account deletion request has been cancelled on ${new Date().toLocaleDateString()}.</p>
<p>Your account has been reactivated and you can continue using all features.</p>
<p>Welcome back!</p>
`,
}),
});
console.log('Cancellation confirmation email sent');
} catch (emailError) {
console.error('Failed to send email:', emailError);
}
}
return new Response(
JSON.stringify({
success: true,
message: 'Account deletion cancelled successfully',
}),
{
status: 200,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
} catch (error) {
console.error('Error cancelling deletion:', error);
return new Response(
JSON.stringify({ error: error.message }),
{
status: 400,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
}
});

189
supabase/functions/confirm-account-deletion/index.ts Normal file
View File

@@ -0,0 +1,189 @@
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
};
serve(async (req) => {
if (req.method === 'OPTIONS') {
return new Response(null, { headers: corsHeaders });
}
try {
const { confirmation_code } = await req.json();
if (!confirmation_code) {
throw new Error('Confirmation code is required');
}
const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{
global: {
headers: { Authorization: req.headers.get('Authorization')! },
},
}
);
// Get authenticated user
const {
data: { user },
error: userError,
} = await supabaseClient.auth.getUser();
if (userError || !user) {
throw new Error('Unauthorized');
}
console.log(`Confirming deletion for user: ${user.id}`);
// Find deletion request
const { data: deletionRequest, error: requestError } = await supabaseClient
.from('account_deletion_requests')
.select('*')
.eq('user_id', user.id)
.eq('status', 'pending')
.maybeSingle();
if (requestError || !deletionRequest) {
throw new Error('No pending deletion request found');
}
// Verify confirmation code
if (deletionRequest.confirmation_code !== confirmation_code) {
throw new Error('Invalid confirmation code');
}
// Check if 14 days have passed
const scheduledDate = new Date(deletionRequest.scheduled_deletion_at);
const now = new Date();
if (now < scheduledDate) {
const daysRemaining = Math.ceil((scheduledDate.getTime() - now.getTime()) / (1000 * 60 * 60 * 24));
throw new Error(`You must wait ${daysRemaining} more day(s) before confirming deletion`);
}
// Use service role client for admin operations
const supabaseAdmin = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? ''
);
console.log('Starting deletion process...');
// Delete reviews (CASCADE will handle review_photos)
const { error: reviewsError } = await supabaseAdmin
.from('reviews')
.delete()
.eq('user_id', user.id);
if (reviewsError) {
console.error('Error deleting reviews:', reviewsError);
}
// Anonymize submissions and photos
const { error: anonymizeError } = await supabaseAdmin
.rpc('anonymize_user_submissions', { target_user_id: user.id });
if (anonymizeError) {
console.error('Error anonymizing submissions:', anonymizeError);
}
// Delete user roles
const { error: rolesError } = await supabaseAdmin
.from('user_roles')
.delete()
.eq('user_id', user.id);
if (rolesError) {
console.error('Error deleting user roles:', rolesError);
}
// Delete profile
const { error: profileError } = await supabaseAdmin
.from('profiles')
.delete()
.eq('user_id', user.id);
if (profileError) {
console.error('Error deleting profile:', profileError);
throw profileError;
}
// Update deletion request status
const { error: updateError } = await supabaseAdmin
.from('account_deletion_requests')
.update({
status: 'completed',
completed_at: new Date().toISOString(),
})
.eq('id', deletionRequest.id);
if (updateError) {
console.error('Error updating deletion request:', updateError);
}
// Delete auth user (this should cascade delete the deletion request)
const { error: authError } = await supabaseAdmin.auth.admin.deleteUser(user.id);
if (authError) {
console.error('Error deleting auth user:', authError);
throw authError;
}
// Send confirmation email
const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
if (forwardEmailKey) {
try {
await fetch('https://api.forwardemail.net/v1/emails', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
},
body: JSON.stringify({
from: fromEmail,
to: user.email,
subject: 'Account Deletion Confirmed',
html: `
<h2>Account Deletion Confirmed</h2>
<p>Your account has been permanently deleted on ${new Date().toLocaleDateString()}.</p>
<p>Your profile and reviews have been removed, but your contributions to the database remain preserved.</p>
<p>Thank you for being part of our community.</p>
`,
}),
});
console.log('Deletion confirmation email sent');
} catch (emailError) {
console.error('Failed to send email:', emailError);
}
}
console.log('Account deletion completed successfully');
return new Response(
JSON.stringify({
success: true,
message: 'Account deleted successfully',
}),
{
status: 200,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
} catch (error) {
console.error('Error confirming deletion:', error);
return new Response(
JSON.stringify({ error: error.message }),
{
status: 400,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
}
});

159
supabase/functions/process-scheduled-deletions/index.ts Normal file
View File

@@ -0,0 +1,159 @@
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
};
serve(async (req) => {
if (req.method === 'OPTIONS') {
return new Response(null, { headers: corsHeaders });
}
try {
// Use service role for admin operations
const supabaseAdmin = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? ''
);
console.log('Processing scheduled account deletions...');
// Find pending deletion requests that are past their scheduled date
const { data: pendingDeletions, error: fetchError } = await supabaseAdmin
.from('account_deletion_requests')
.select('*')
.eq('status', 'pending')
.lt('scheduled_deletion_at', new Date().toISOString());
if (fetchError) {
throw fetchError;
}
if (!pendingDeletions || pendingDeletions.length === 0) {
console.log('No deletions to process');
return new Response(
JSON.stringify({
success: true,
message: 'No deletions to process',
processed: 0,
}),
{
status: 200,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
}
console.log(`Found ${pendingDeletions.length} deletion(s) to process`);
let successCount = 0;
let errorCount = 0;
for (const deletion of pendingDeletions) {
try {
console.log(`Processing deletion for user: ${deletion.user_id}`);
// Get user email for confirmation email
const { data: userData } = await supabaseAdmin.auth.admin.getUserById(deletion.user_id);
const userEmail = userData?.user?.email;
// Delete reviews (CASCADE will handle review_photos)
await supabaseAdmin
.from('reviews')
.delete()
.eq('user_id', deletion.user_id);
// Anonymize submissions and photos
await supabaseAdmin
.rpc('anonymize_user_submissions', { target_user_id: deletion.user_id });
// Delete user roles
await supabaseAdmin
.from('user_roles')
.delete()
.eq('user_id', deletion.user_id);
// Delete profile
await supabaseAdmin
.from('profiles')
.delete()
.eq('user_id', deletion.user_id);
// Update deletion request status
await supabaseAdmin
.from('account_deletion_requests')
.update({
status: 'completed',
completed_at: new Date().toISOString(),
})
.eq('id', deletion.id);
// Delete auth user
await supabaseAdmin.auth.admin.deleteUser(deletion.user_id);
// Send final confirmation email if we have the email
if (userEmail) {
const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
if (forwardEmailKey) {
try {
await fetch('https://api.forwardemail.net/v1/emails', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
},
body: JSON.stringify({
from: fromEmail,
to: userEmail,
subject: 'Account Deletion Completed',
html: `
<h2>Account Deletion Completed</h2>
<p>Your account has been automatically deleted as scheduled on ${new Date().toLocaleDateString()}.</p>
<p>Your profile and reviews have been removed, but your contributions to the database remain preserved.</p>
<p>Thank you for being part of our community.</p>
`,
}),
});
} catch (emailError) {
console.error('Failed to send confirmation email:', emailError);
}
}
}
successCount++;
console.log(`Successfully deleted account for user: ${deletion.user_id}`);
} catch (error) {
errorCount++;
console.error(`Failed to delete account for user ${deletion.user_id}:`, error);
}
}
console.log(`Processed ${successCount} deletion(s) successfully, ${errorCount} error(s)`);
return new Response(
JSON.stringify({
success: true,
message: `Processed ${successCount} deletion(s)`,
processed: successCount,
errors: errorCount,
}),
{
status: 200,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
} catch (error) {
console.error('Error processing scheduled deletions:', error);
return new Response(
JSON.stringify({ error: error.message }),
{
status: 500,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
}
});

181
supabase/functions/request-account-deletion/index.ts Normal file
View File

@@ -0,0 +1,181 @@
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
};
serve(async (req) => {
if (req.method === 'OPTIONS') {
return new Response(null, { headers: corsHeaders });
}
try {
const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{
global: {
headers: { Authorization: req.headers.get('Authorization')! },
},
}
);
// Get authenticated user
const {
data: { user },
error: userError,
} = await supabaseClient.auth.getUser();
if (userError || !user) {
throw new Error('Unauthorized');
}
console.log(`Processing deletion request for user: ${user.id}`);
// Check for existing pending deletion request
const { data: existingRequest } = await supabaseClient
.from('account_deletion_requests')
.select('*')
.eq('user_id', user.id)
.eq('status', 'pending')
.maybeSingle();
if (existingRequest) {
return new Response(
JSON.stringify({
error: 'You already have a pending deletion request',
request: existingRequest,
}),
{
status: 400,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
}
// Generate confirmation code
const { data: codeData, error: codeError } = await supabaseClient
.rpc('generate_deletion_confirmation_code');
if (codeError) {
throw codeError;
}
const confirmationCode = codeData as string;
const scheduledDeletionAt = new Date();
scheduledDeletionAt.setDate(scheduledDeletionAt.getDate() + 14);
// Create deletion request
const { data: deletionRequest, error: requestError } = await supabaseClient
.from('account_deletion_requests')
.insert({
user_id: user.id,
confirmation_code: confirmationCode,
confirmation_code_sent_at: new Date().toISOString(),
scheduled_deletion_at: scheduledDeletionAt.toISOString(),
status: 'pending',
})
.select()
.single();
if (requestError) {
throw requestError;
}
// Deactivate profile
const { error: profileError } = await supabaseClient
.from('profiles')
.update({
deactivated: true,
deactivated_at: new Date().toISOString(),
deactivation_reason: 'User requested account deletion',
})
.eq('user_id', user.id);
if (profileError) {
throw profileError;
}
// Send confirmation email
const emailPayload = {
to: user.email,
subject: 'Account Deletion Requested - Confirmation Code Inside',
html: `
<h2>Account Deletion Requested</h2>
<p>Hello,</p>
<p>We received a request to delete your account on ${new Date().toLocaleDateString()}.</p>
<h3>IMPORTANT INFORMATION:</h3>
<p>Your account has been deactivated and will be permanently deleted on <strong>${scheduledDeletionAt.toLocaleDateString()}</strong> (14 days from now).</p>
<h4>What will be DELETED:</h4>
<ul>
<li>✗ Your profile information (username, bio, avatar, etc.)</li>
<li>✗ Your reviews and ratings</li>
<li>✗ Your personal preferences and settings</li>
</ul>
<h4>What will be PRESERVED:</h4>
<ul>
<li>✓ Your database submissions (park creations, ride additions, edits)</li>
<li>✓ Photos you've uploaded (will be shown as "Submitted by [deleted user]")</li>
<li>✓ Edit history and contributions</li>
</ul>
<h3>CONFIRMATION CODE: <strong>${confirmationCode}</strong></h3>
<p>To confirm deletion after the 14-day period, you'll need to enter this 6-digit code.</p>
<p><strong>Need to cancel?</strong> Log in and visit your account settings to reactivate your account at any time during the next 14 days.</p>
`,
};
// Send via ForwardEmail API
const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
if (forwardEmailKey) {
try {
await fetch('https://api.forwardemail.net/v1/emails', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
},
body: JSON.stringify({
from: fromEmail,
to: emailPayload.to,
subject: emailPayload.subject,
html: emailPayload.html,
}),
});
console.log('Deletion confirmation email sent');
} catch (emailError) {
console.error('Failed to send email:', emailError);
}
}
return new Response(
JSON.stringify({
success: true,
message: 'Account deletion request created successfully',
scheduled_deletion_at: scheduledDeletionAt.toISOString(),
request_id: deletionRequest.id,
}),
{
status: 200,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
} catch (error) {
console.error('Error processing deletion request:', error);
return new Response(
JSON.stringify({ error: error.message }),
{
status: 400,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
}
});

137
supabase/functions/resend-deletion-code/index.ts Normal file
View File

@@ -0,0 +1,137 @@
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
};
serve(async (req) => {
if (req.method === 'OPTIONS') {
return new Response(null, { headers: corsHeaders });
}
try {
const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{
global: {
headers: { Authorization: req.headers.get('Authorization')! },
},
}
);
// Get authenticated user
const {
data: { user },
error: userError,
} = await supabaseClient.auth.getUser();
if (userError || !user) {
throw new Error('Unauthorized');
}
console.log(`Resending deletion code for user: ${user.id}`);
// Find pending deletion request
const { data: deletionRequest, error: requestError } = await supabaseClient
.from('account_deletion_requests')
.select('*')
.eq('user_id', user.id)
.eq('status', 'pending')
.maybeSingle();
if (requestError || !deletionRequest) {
throw new Error('No pending deletion request found');
}
// Check rate limiting (max 3 resends per hour)
const lastSent = new Date(deletionRequest.confirmation_code_sent_at);
const now = new Date();
const hoursSinceLastSend = (now.getTime() - lastSent.getTime()) / (1000 * 60 * 60);
if (hoursSinceLastSend < 0.33) { // ~20 minutes between resends
throw new Error('Please wait at least 20 minutes between resend requests');
}
// Generate new confirmation code
const { data: codeData, error: codeError } = await supabaseClient
.rpc('generate_deletion_confirmation_code');
if (codeError) {
throw codeError;
}
const confirmationCode = codeData as string;
// Update deletion request with new code
const { error: updateError } = await supabaseClient
.from('account_deletion_requests')
.update({
confirmation_code: confirmationCode,
confirmation_code_sent_at: now.toISOString(),
})
.eq('id', deletionRequest.id);
if (updateError) {
throw updateError;
}
const scheduledDate = new Date(deletionRequest.scheduled_deletion_at);
// Send email with new code
const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
if (forwardEmailKey) {
try {
await fetch('https://api.forwardemail.net/v1/emails', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
},
body: JSON.stringify({
from: fromEmail,
to: user.email,
subject: 'Account Deletion - New Confirmation Code',
html: `
<h2>New Confirmation Code</h2>
<p>You requested a new confirmation code for your account deletion.</p>
<p>Your account will be permanently deleted on <strong>${scheduledDate.toLocaleDateString()}</strong>.</p>
<h3>CONFIRMATION CODE: <strong>${confirmationCode}</strong></h3>
<p>To confirm deletion after the waiting period, you'll need to enter this 6-digit code.</p>
<p><strong>Need to cancel?</strong> Log in and visit your account settings to reactivate your account.</p>
`,
}),
});
console.log('New confirmation code email sent');
} catch (emailError) {
console.error('Failed to send email:', emailError);
}
}
return new Response(
JSON.stringify({
success: true,
message: 'New confirmation code sent successfully',
}),
{
status: 200,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
} catch (error) {
console.error('Error resending code:', error);
return new Response(
JSON.stringify({ error: error.message }),
{
status: 400,
headers: { ...corsHeaders, 'Content-Type': 'application/json' },
}
);
}
});