pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 12:11:17 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
28fa2fd0d44319403fb1745ff09f3530014f3bb9
thrilltrack-explorer/supabase/functions/confirm-account-deletion/index.ts
gpt-engineer-app[bot] bf3da6414a Centralize CORS configuration 
Consolidate CORS handling by introducing a shared supabase/functions/_shared/cors.ts and migrate edge functions to import from it. Remove inline cors.ts usage across functions, standardize headers (including traceparent and x-request-id), and prepare for environment-aware origins.
2025-11-10 21:28:46 +00:00

226 lines
7.0 KiB
TypeScript
Raw Blame History

import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
import { corsHeaders } from '../_shared/cors.ts';
import { edgeLogger, startRequest, endRequest } from '../_shared/logger.ts';
serve(async (req) => {
const tracking = startRequest();
if (req.method === 'OPTIONS') {
return new Response(null, {
headers: {
...corsHeaders,
'X-Request-ID': tracking.requestId
}
});
}
try {
const { confirmation_code } = await req.json();
if (!confirmation_code) {
throw new Error('Confirmation code is required');
}
const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{
global: {
headers: { Authorization: req.headers.get('Authorization')! },
},
}
);
// Get authenticated user
const {
data: { user },
error: userError,
} = await supabaseClient.auth.getUser();
if (userError || !user) {
const duration = endRequest(tracking);
edgeLogger.error('Authentication failed', {
action: 'confirm_deletion',
requestId: tracking.requestId,
duration
});
throw new Error('Unauthorized');
}
edgeLogger.info('Confirming deletion for user', {
action: 'confirm_deletion',
requestId: tracking.requestId,
userId: user.id
});
// Find deletion request
const { data: deletionRequest, error: requestError } = await supabaseClient
.from('account_deletion_requests')
.select('*')
.eq('user_id', user.id)
.eq('status', 'pending')
.maybeSingle();
if (requestError || !deletionRequest) {
throw new Error('No pending deletion request found');
}
// Check if there's already a confirmed request
const { data: confirmedRequest } = await supabaseClient
.from('account_deletion_requests')
.select('*')
.eq('user_id', user.id)
.eq('status', 'confirmed')
.maybeSingle();
if (confirmedRequest) {
throw new Error('You already have a confirmed deletion request. Your account is scheduled for deletion.');
}
// Verify confirmation code
if (deletionRequest.confirmation_code !== confirmation_code) {
throw new Error('Invalid confirmation code');
}
// Verify code was entered within 24 hours
const codeSentAt = new Date(deletionRequest.confirmation_code_sent_at);
const now = new Date();
const hoursSinceCodeSent = (now.getTime() - codeSentAt.getTime()) / (1000 * 60 * 60);
if (hoursSinceCodeSent > 24) {
throw new Error('Confirmation code has expired. Please request a new deletion code.');
}
edgeLogger.info('Deactivating account and confirming deletion request', {
userId: user.id,
requestId: tracking.requestId
});
// Deactivate profile
const { error: profileError } = await supabaseClient
.from('profiles')
.update({
deactivated: true,
deactivated_at: new Date().toISOString(),
deactivation_reason: 'User confirmed account deletion request',
})
.eq('user_id', user.id);
if (profileError) {
edgeLogger.error('Error deactivating profile', {
error: profileError.message,
userId: user.id,
requestId: tracking.requestId
});
throw profileError;
}
// Update deletion request status to 'confirmed'
const { error: updateError } = await supabaseClient
.from('account_deletion_requests')
.update({
status: 'confirmed',
})
.eq('id', deletionRequest.id);
if (updateError) {
edgeLogger.error('Error updating deletion request', {
error: updateError.message,
requestId: tracking.requestId
});
throw updateError;
}
// Send confirmation email
const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
if (forwardEmailKey) {
try {
await fetch('https://api.forwardemail.net/v1/emails', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
},
body: JSON.stringify({
from: fromEmail,
to: user.email,
subject: 'Account Deletion Confirmed - 14 Days to Cancel',
html: `
<h2>Account Deletion Confirmed</h2>
<p>Your deletion request has been confirmed. Your account is now <strong>deactivated</strong> and will be permanently deleted on <strong>${new Date(deletionRequest.scheduled_deletion_at).toLocaleDateString()}</strong>.</p>
<h3>What happens now?</h3>
<ul>
<li>✓ Your account is deactivated immediately</li>
<li>✓ You have 14 days to cancel before permanent deletion</li>
<li>✓ To cancel, log in and visit your account settings</li>
</ul>
<h3>Changed Your Mind?</h3>
<p>You can cancel at any time during the 14-day waiting period by logging in and clicking "Cancel Deletion" in your account settings.</p>
<p><strong>If you take no action</strong>, your account will be automatically deleted after the 14-day waiting period.</p>
`,
}),
});
edgeLogger.info('Deletion confirmation email sent', { requestId: tracking.requestId });
} catch (emailError) {
edgeLogger.error('Failed to send email', {
error: emailError instanceof Error ? emailError.message : String(emailError),
requestId: tracking.requestId
});
}
}
const duration = endRequest(tracking);
edgeLogger.info('Account deactivated and deletion confirmed', {
action: 'confirm_deletion',
requestId: tracking.requestId,
userId: user.id,
duration
});
return new Response(
JSON.stringify({
success: true,
message: 'Deletion confirmed. Account deactivated and scheduled for permanent deletion.',
scheduled_deletion_at: deletionRequest.scheduled_deletion_at,
requestId: tracking.requestId,
}),
{
status: 200,
headers: {
...corsHeaders,
'Content-Type': 'application/json',
'X-Request-ID': tracking.requestId
},
}
);
} catch (error) {
const duration = endRequest(tracking);
edgeLogger.error('Error confirming deletion', {
action: 'confirm_deletion',
requestId: tracking.requestId,
duration,
error: error.message
});
return new Response(
JSON.stringify({
error: error.message,
requestId: tracking.requestId
}),
{
status: 400,
headers: {
...corsHeaders,
'Content-Type': 'application/json',
'X-Request-ID': tracking.requestId
},
}
);
}
});
Reference in New Issue View Git Blame Copy Permalink