mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-20 13:51:13 -05:00
248 lines
8.0 KiB
TypeScript
248 lines
8.0 KiB
TypeScript
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
|
|
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
|
|
import { startRequest, endRequest } from "../_shared/logger.ts";
|
|
|
|
const corsHeaders = {
|
|
'Access-Control-Allow-Origin': '*',
|
|
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, x-request-id',
|
|
};
|
|
|
|
serve(async (req) => {
|
|
if (req.method === 'OPTIONS') {
|
|
return new Response(null, { headers: corsHeaders });
|
|
}
|
|
|
|
const tracking = startRequest('process-scheduled-deletions');
|
|
|
|
try {
|
|
// Use service role for admin operations
|
|
const supabaseAdmin = createClient(
|
|
Deno.env.get('SUPABASE_URL') ?? '',
|
|
Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? ''
|
|
);
|
|
|
|
console.log('Processing scheduled account deletions...', { requestId: tracking.requestId });
|
|
|
|
// Find confirmed deletion requests that are past their scheduled date
|
|
const { data: pendingDeletions, error: fetchError } = await supabaseAdmin
|
|
.from('account_deletion_requests')
|
|
.select('*')
|
|
.eq('status', 'confirmed')
|
|
.lt('scheduled_deletion_at', new Date().toISOString());
|
|
|
|
if (fetchError) {
|
|
throw fetchError;
|
|
}
|
|
|
|
if (!pendingDeletions || pendingDeletions.length === 0) {
|
|
console.log('No deletions to process');
|
|
|
|
endRequest(tracking, 200);
|
|
|
|
return new Response(
|
|
JSON.stringify({
|
|
success: true,
|
|
message: 'No deletions to process',
|
|
processed: 0,
|
|
requestId: tracking.requestId
|
|
}),
|
|
{
|
|
status: 200,
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json',
|
|
'X-Request-ID': tracking.requestId
|
|
},
|
|
}
|
|
);
|
|
}
|
|
|
|
console.log(`Found ${pendingDeletions.length} deletion(s) to process`);
|
|
|
|
let successCount = 0;
|
|
let errorCount = 0;
|
|
|
|
for (const deletion of pendingDeletions) {
|
|
try {
|
|
console.log(`Processing deletion for user: ${deletion.user_id}`);
|
|
|
|
// Get user email for confirmation email
|
|
const { data: userData } = await supabaseAdmin.auth.admin.getUserById(deletion.user_id);
|
|
const userEmail = userData?.user?.email;
|
|
|
|
// Delete reviews (CASCADE will handle review_photos)
|
|
await supabaseAdmin
|
|
.from('reviews')
|
|
.delete()
|
|
.eq('user_id', deletion.user_id);
|
|
|
|
// Anonymize submissions and photos
|
|
await supabaseAdmin
|
|
.rpc('anonymize_user_submissions', { target_user_id: deletion.user_id });
|
|
|
|
// Delete user roles
|
|
await supabaseAdmin
|
|
.from('user_roles')
|
|
.delete()
|
|
.eq('user_id', deletion.user_id);
|
|
|
|
// Get profile to check for avatar before deletion
|
|
const { data: profile } = await supabaseAdmin
|
|
.from('profiles')
|
|
.select('avatar_image_id')
|
|
.eq('user_id', deletion.user_id)
|
|
.maybeSingle();
|
|
|
|
// Delete avatar from Cloudflare Images if it exists
|
|
if (profile?.avatar_image_id) {
|
|
const cloudflareAccountId = Deno.env.get('VITE_CLOUDFLARE_ACCOUNT_ID');
|
|
const cloudflareApiToken = Deno.env.get('CLOUDFLARE_API_TOKEN');
|
|
|
|
if (cloudflareAccountId && cloudflareApiToken) {
|
|
try {
|
|
console.log(`Deleting avatar image: ${profile.avatar_image_id}`);
|
|
const deleteResponse = await fetch(
|
|
`https://api.cloudflare.com/client/v4/accounts/${cloudflareAccountId}/images/v1/${profile.avatar_image_id}`,
|
|
{
|
|
method: 'DELETE',
|
|
headers: {
|
|
'Authorization': `Bearer ${cloudflareApiToken}`,
|
|
},
|
|
}
|
|
);
|
|
|
|
if (!deleteResponse.ok) {
|
|
console.error('Failed to delete avatar from Cloudflare:', await deleteResponse.text());
|
|
} else {
|
|
console.log('Avatar deleted from Cloudflare successfully');
|
|
}
|
|
} catch (avatarError) {
|
|
console.error('Error deleting avatar from Cloudflare:', avatarError);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Delete profile
|
|
await supabaseAdmin
|
|
.from('profiles')
|
|
.delete()
|
|
.eq('user_id', deletion.user_id);
|
|
|
|
// Remove from Novu before deleting auth user
|
|
try {
|
|
console.log(`Removing Novu subscriber: ${deletion.user_id}`);
|
|
|
|
const { error: novuError } = await supabaseAdmin.functions.invoke(
|
|
'remove-novu-subscriber',
|
|
{
|
|
body: {
|
|
subscriberId: deletion.user_id,
|
|
deleteSubscriber: true // Also delete the subscriber entirely
|
|
}
|
|
}
|
|
);
|
|
|
|
if (novuError) {
|
|
console.error('Failed to remove Novu subscriber:', novuError);
|
|
} else {
|
|
console.log('Novu subscriber removed successfully');
|
|
}
|
|
} catch (novuError) {
|
|
// Non-blocking - log but continue with deletion
|
|
console.error('Error removing Novu subscriber:', novuError);
|
|
}
|
|
|
|
// Update deletion request status
|
|
await supabaseAdmin
|
|
.from('account_deletion_requests')
|
|
.update({
|
|
status: 'completed',
|
|
completed_at: new Date().toISOString(),
|
|
})
|
|
.eq('id', deletion.id);
|
|
|
|
// Delete auth user
|
|
await supabaseAdmin.auth.admin.deleteUser(deletion.user_id);
|
|
|
|
// Send final confirmation email if we have the email
|
|
if (userEmail) {
|
|
const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
|
|
const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
|
|
|
|
if (forwardEmailKey) {
|
|
try {
|
|
await fetch('https://api.forwardemail.net/v1/emails', {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'Authorization': `Basic ${btoa(forwardEmailKey + ':')}`,
|
|
},
|
|
body: JSON.stringify({
|
|
from: fromEmail,
|
|
to: userEmail,
|
|
subject: 'Account Deletion Completed',
|
|
html: `
|
|
<h2>Account Deletion Completed</h2>
|
|
<p>Your account has been automatically deleted as scheduled on ${new Date().toLocaleDateString()}.</p>
|
|
<p>Your profile and reviews have been removed, but your contributions to the database remain preserved.</p>
|
|
<p>Thank you for being part of our community.</p>
|
|
`,
|
|
}),
|
|
});
|
|
} catch (emailError) {
|
|
console.error('Failed to send confirmation email:', emailError);
|
|
}
|
|
}
|
|
}
|
|
|
|
successCount++;
|
|
console.log(`Successfully deleted account for user: ${deletion.user_id}`);
|
|
} catch (error) {
|
|
errorCount++;
|
|
console.error(`Failed to delete account for user ${deletion.user_id}:`, error);
|
|
}
|
|
}
|
|
|
|
console.log(`Processed ${successCount} deletion(s) successfully, ${errorCount} error(s)`);
|
|
|
|
endRequest(tracking, 200);
|
|
|
|
return new Response(
|
|
JSON.stringify({
|
|
success: true,
|
|
message: `Processed ${successCount} deletion(s)`,
|
|
processed: successCount,
|
|
errors: errorCount,
|
|
requestId: tracking.requestId
|
|
}),
|
|
{
|
|
status: 200,
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json',
|
|
'X-Request-ID': tracking.requestId
|
|
},
|
|
}
|
|
);
|
|
} catch (error) {
|
|
console.error('Error processing scheduled deletions:', error);
|
|
|
|
endRequest(tracking, 500, error.message);
|
|
|
|
return new Response(
|
|
JSON.stringify({
|
|
error: error.message,
|
|
requestId: tracking.requestId
|
|
}),
|
|
{
|
|
status: 500,
|
|
headers: {
|
|
...corsHeaders,
|
|
'Content-Type': 'application/json',
|
|
'X-Request-ID': tracking.requestId
|
|
},
|
|
}
|
|
);
|
|
}
|
|
});
|