pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 10:51:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
771405961f7fd1e6b109d0421d33b8c6023fced0
thrilltrack-explorer/supabase/functions/cancel-account-deletion/index.ts
gpt-engineer-app[bot] 82b85e3284 Add system phase 4 audits 
- Add audit logging for system maintenance operations (cache/orphaned images/manual cleanup)
- Log account deletion request handling (requests/confirm/cancel)
- Log security actions (admin password resets, MFA enforcement changes, account lockouts)
2025-11-11 14:49:11 +00:00

136 lines
4.6 KiB
TypeScript
Raw Blame History

import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
import { corsHeaders } from '../_shared/cors.ts';
import { edgeLogger } from '../_shared/logger.ts';
import { createEdgeFunction } from '../_shared/edgeFunctionWrapper.ts';
export default createEdgeFunction(
{
name: 'cancel-account-deletion',
requireAuth: true,
corsHeaders: corsHeaders
},
async (req, context) => {
const { cancellation_reason } = await req.json();
const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{
global: {
headers: { Authorization: req.headers.get('Authorization')! },
},
}
);
context.span.setAttribute('action', 'cancel_deletion');
edgeLogger.info('Cancelling deletion request', { action: 'cancel_deletion', userId: context.userId, requestId: context.requestId });
// Find pending or confirmed deletion request
const { data: deletionRequest, error: requestError } = await supabaseClient
.from('account_deletion_requests')
.select('*')
.eq('user_id', context.userId)
.in('status', ['pending', 'confirmed'])
.maybeSingle();
if (requestError || !deletionRequest) {
throw new Error('No active deletion request found');
}
// Validate that deletion hasn't already been processed
if (deletionRequest.status === 'completed') {
throw new Error('This deletion request has already been completed');
}
// Validate scheduled deletion hasn't passed
const scheduledDate = new Date(deletionRequest.scheduled_deletion_at);
if (scheduledDate < new Date()) {
throw new Error('Cannot cancel - deletion has already been processed');
}
// Cancel deletion request
const { error: updateError } = await supabaseClient
.from('account_deletion_requests')
.update({
status: 'cancelled',
cancelled_at: new Date().toISOString(),
cancellation_reason: cancellation_reason || 'User cancelled',
})
.eq('id', deletionRequest.id);
if (updateError) {
throw updateError;
}
// Reactivate profile
const { error: profileError } = await supabaseClient
.from('profiles')
.update({
deactivated: false,
deactivated_at: null,
deactivation_reason: null,
})
.eq('user_id', context.userId);
if (profileError) {
throw profileError;
}
// Log to system activity log
await supabaseClient.rpc('log_system_activity', {
_user_id: context.userId,
_action: 'account_deletion_cancelled',
_details: {
request_id: deletionRequest.id,
cancellation_reason: cancellation_reason || 'User cancelled',
account_reactivated: true,
}
});
// Send cancellation email
const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
const userEmail = (await supabaseClient.auth.getUser()).data.user?.email;
if (forwardEmailKey && userEmail) {
try {
await fetch('https://api.forwardemail.net/v1/emails', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
},
body: JSON.stringify({
from: fromEmail,
to: userEmail,
subject: 'Account Deletion Cancelled',
html: `
<h2>Account Deletion Cancelled</h2>
<p>Your account deletion request has been cancelled on ${new Date().toLocaleDateString()}.</p>
<p>Your account has been reactivated and you can continue using all features.</p>
<p>If you did not cancel this request, please contact support immediately.</p>
<p>Welcome back!</p>
`,
}),
});
edgeLogger.info('Cancellation confirmation email sent', { action: 'cancel_deletion_email', userId: context.userId, requestId: context.requestId });
} catch (emailError) {
edgeLogger.error('Failed to send email', { action: 'cancel_deletion_email', userId: context.userId, requestId: context.requestId });
}
}
edgeLogger.info('Deletion cancelled successfully', { action: 'cancel_deletion_success', userId: context.userId, requestId: context.requestId });
return new Response(
JSON.stringify({
success: true,
message: 'Account deletion cancelled successfully',
}),
{
status: 200,
headers: { 'Content-Type': 'application/json' },
}
);
}
);
Reference in New Issue View Git Blame Copy Permalink