import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'; import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'; import { edgeLogger, startRequest, endRequest } from '../_shared/logger.ts'; const corsHeaders = { 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type', }; serve(async (req) => { const tracking = startRequest(); if (req.method === 'OPTIONS') { return new Response(null, { headers: corsHeaders }); } try { const { cancellation_reason } = await req.json(); const supabaseClient = createClient( Deno.env.get('SUPABASE_URL') ?? '', Deno.env.get('SUPABASE_ANON_KEY') ?? '', { global: { headers: { Authorization: req.headers.get('Authorization')! }, }, } ); // Get authenticated user const { data: { user }, error: userError, } = await supabaseClient.auth.getUser(); if (userError || !user) { throw new Error('Unauthorized'); } edgeLogger.info('Cancelling deletion request', { action: 'cancel_deletion', userId: user.id, requestId: tracking.requestId }); // Find pending or confirmed deletion request const { data: deletionRequest, error: requestError } = await supabaseClient .from('account_deletion_requests') .select('*') .eq('user_id', user.id) .in('status', ['pending', 'confirmed']) .maybeSingle(); if (requestError || !deletionRequest) { throw new Error('No active deletion request found'); } // Validate that deletion hasn't already been processed if (deletionRequest.status === 'completed') { throw new Error('This deletion request has already been completed'); } // Validate scheduled deletion hasn't passed const scheduledDate = new Date(deletionRequest.scheduled_deletion_at); if (scheduledDate < new Date()) { throw new Error('Cannot cancel - deletion has already been processed'); } // Cancel deletion request const { error: updateError } = await supabaseClient .from('account_deletion_requests') .update({ status: 'cancelled', cancelled_at: new Date().toISOString(), cancellation_reason: cancellation_reason || 'User cancelled', }) .eq('id', deletionRequest.id); if (updateError) { throw updateError; } // Reactivate profile const { error: profileError } = await supabaseClient .from('profiles') .update({ deactivated: false, deactivated_at: null, deactivation_reason: null, }) .eq('user_id', user.id); if (profileError) { throw profileError; } // Send cancellation email const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY'); const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com'; if (forwardEmailKey) { try { await fetch('https://api.forwardemail.net/v1/emails', { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`, }, body: JSON.stringify({ from: fromEmail, to: user.email, subject: 'Account Deletion Cancelled', html: `

Account Deletion Cancelled

Your account deletion request has been cancelled on ${new Date().toLocaleDateString()}.

Your account has been reactivated and you can continue using all features.

If you did not cancel this request, please contact support immediately.

Welcome back!

`, }), }); edgeLogger.info('Cancellation confirmation email sent', { action: 'cancel_deletion_email', userId: user.id, requestId: tracking.requestId }); } catch (emailError) { edgeLogger.error('Failed to send email', { action: 'cancel_deletion_email', userId: user.id, requestId: tracking.requestId }); } } const duration = endRequest(tracking); edgeLogger.info('Deletion cancelled successfully', { action: 'cancel_deletion_success', userId: user.id, requestId: tracking.requestId, duration }); return new Response( JSON.stringify({ success: true, message: 'Account deletion cancelled successfully', requestId: tracking.requestId }), { status: 200, headers: { ...corsHeaders, 'Content-Type': 'application/json', 'X-Request-ID': tracking.requestId }, } ); } catch (error) { const duration = endRequest(tracking); edgeLogger.error('Error cancelling deletion', { action: 'cancel_deletion_error', error: error instanceof Error ? error.message : String(error), requestId: tracking.requestId, duration }); return new Response( JSON.stringify({ error: error.message, requestId: tracking.requestId }), { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json', 'X-Request-ID': tracking.requestId }, } ); } });