chore: update supporting code for UUID identity (refs #216)

- audit-log: JOIN on user_profiles.id instead of auth0_sub - backup: use userContext.userId instead of auth0Sub - ocr: use request.userContext.userId instead of request.user.sub - user-profile controller: use getById() with UUID instead of getOrCreateProfile() - user-profile service: accept UUID userId for all admin-focused methods - user-profile repository: fix admin JOIN aliases from auth0_sub to id Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 09:59:05 -06:00
parent fd9d1add24
commit 3b1112a9fe
6 changed files with 137 additions and 140 deletions
--- a/backend/src/features/user-profile/api/user-profile.controller.ts
+++ b/backend/src/features/user-profile/api/user-profile.controller.ts
@@ -18,11 +18,12 @@ import {

 export class UserProfileController {
  private userProfileService: UserProfileService;
+  private userProfileRepository: UserProfileRepository;

  constructor() {
-    const repository = new UserProfileRepository(pool);
+    this.userProfileRepository = new UserProfileRepository(pool);
    const adminRepository = new AdminRepository(pool);
-    this.userProfileService = new UserProfileService(repository);
+    this.userProfileService = new UserProfileService(this.userProfileRepository);
    this.userProfileService.setAdminRepository(adminRepository);
  }

@@ -31,27 +32,24 @@ export class UserProfileController {
   */
  async getProfile(request: FastifyRequest, reply: FastifyReply) {
    try {
-      const auth0Sub = request.userContext?.userId;
+      const userId = request.userContext?.userId;

-      if (!auth0Sub) {
+      if (!userId) {
        return reply.code(401).send({
          error: 'Unauthorized',
          message: 'User context missing',
        });
      }

-      // Get user data from Auth0 token
-      const auth0User = {
-        sub: auth0Sub,
-        email: (request as any).user?.email || request.userContext?.email || '',
-        name: (request as any).user?.name,
-      };
+      // Get profile by UUID (auth plugin ensures profile exists during authentication)
+      const profile = await this.userProfileRepository.getById(userId);

-      // Get or create profile
-      const profile = await this.userProfileService.getOrCreateProfile(
-        auth0Sub,
-        auth0User
-      );
+      if (!profile) {
+        return reply.code(404).send({
+          error: 'Not Found',
+          message: 'User profile not found',
+        });
+      }

      return reply.code(200).send(profile);
    } catch (error: any) {
@@ -75,9 +73,9 @@ export class UserProfileController {
    reply: FastifyReply
  ) {
    try {
-      const auth0Sub = request.userContext?.userId;
+      const userId = request.userContext?.userId;

-      if (!auth0Sub) {
+      if (!userId) {
        return reply.code(401).send({
          error: 'Unauthorized',
          message: 'User context missing',
@@ -96,9 +94,9 @@ export class UserProfileController {

      const updates = validation.data;

-      // Update profile
+      // Update profile by UUID
      const profile = await this.userProfileService.updateProfile(
-        auth0Sub,
+        userId,
        updates
      );

@@ -138,9 +136,9 @@ export class UserProfileController {
    reply: FastifyReply
  ) {
    try {
-      const auth0Sub = request.userContext?.userId;
+      const userId = request.userContext?.userId;

-      if (!auth0Sub) {
+      if (!userId) {
        return reply.code(401).send({
          error: 'Unauthorized',
          message: 'User context missing',
@@ -159,9 +157,9 @@ export class UserProfileController {

      const { confirmationText } = validation.data;

-      // Request deletion (user is already authenticated via JWT)
+      // Request deletion by UUID
      const profile = await this.userProfileService.requestDeletion(
-        auth0Sub,
+        userId,
        confirmationText
      );

@@ -210,17 +208,17 @@ export class UserProfileController {
   */
  async cancelDeletion(request: FastifyRequest, reply: FastifyReply) {
    try {
-      const auth0Sub = request.userContext?.userId;
+      const userId = request.userContext?.userId;

-      if (!auth0Sub) {
+      if (!userId) {
        return reply.code(401).send({
          error: 'Unauthorized',
          message: 'User context missing',
        });
      }

-      // Cancel deletion
-      const profile = await this.userProfileService.cancelDeletion(auth0Sub);
+      // Cancel deletion by UUID
+      const profile = await this.userProfileService.cancelDeletion(userId);

      return reply.code(200).send({
        message: 'Account deletion canceled successfully',
@@ -258,27 +256,24 @@ export class UserProfileController {
   */
  async getDeletionStatus(request: FastifyRequest, reply: FastifyReply) {
    try {
-      const auth0Sub = request.userContext?.userId;
+      const userId = request.userContext?.userId;

-      if (!auth0Sub) {
+      if (!userId) {
        return reply.code(401).send({
          error: 'Unauthorized',
          message: 'User context missing',
        });
      }

-      // Get user data from Auth0 token
-      const auth0User = {
-        sub: auth0Sub,
-        email: (request as any).user?.email || request.userContext?.email || '',
-        name: (request as any).user?.name,
-      };
+      // Get profile by UUID (auth plugin ensures profile exists)
+      const profile = await this.userProfileRepository.getById(userId);

-      // Get or create profile
-      const profile = await this.userProfileService.getOrCreateProfile(
-        auth0Sub,
-        auth0User
-      );
+      if (!profile) {
+        return reply.code(404).send({
+          error: 'Not Found',
+          message: 'User profile not found',
+        });
+      }

      const deletionStatus = this.userProfileService.getDeletionStatus(profile);