feat: delete users - not tested

2025-12-22 18:20:25 -06:00
parent 91b4534e76
commit 4897f0a52c
73 changed files with 4923 additions and 62 deletions
--- a/backend/src/features/admin/api/admin.routes.ts
+++ b/backend/src/features/admin/api/admin.routes.ts
@@ -155,6 +155,12 @@ export const adminRoutes: FastifyPluginAsync = async (fastify) => {
    handler: usersController.promoteToAdmin.bind(usersController)
  });

+  // DELETE /api/admin/users/:auth0Sub - Hard delete user (permanent)
+  fastify.delete<{ Params: UserAuth0SubInput }>('/admin/users/:auth0Sub', {
+    preHandler: [fastify.requireAdmin],
+    handler: usersController.hardDeleteUser.bind(usersController)
+  });
+
  // Phase 3: Catalog CRUD endpoints

  // Makes endpoints
--- a/backend/src/features/admin/api/users.controller.ts
+++ b/backend/src/features/admin/api/users.controller.ts
@@ -486,4 +486,73 @@ export class UsersController {
      });
    }
  }
+
+  /**
+   * DELETE /api/admin/users/:auth0Sub - Hard delete user (permanent)
+   */
+  async hardDeleteUser(
+    request: FastifyRequest<{ Params: UserAuth0SubInput }>,
+    reply: FastifyReply
+  ) {
+    try {
+      const actorId = request.userContext?.userId;
+      if (!actorId) {
+        return reply.code(401).send({
+          error: 'Unauthorized',
+          message: 'User context missing',
+        });
+      }
+
+      // Validate path param
+      const paramsResult = userAuth0SubSchema.safeParse(request.params);
+      if (!paramsResult.success) {
+        return reply.code(400).send({
+          error: 'Validation error',
+          message: paramsResult.error.errors.map(e => e.message).join(', '),
+        });
+      }
+
+      const { auth0Sub } = paramsResult.data;
+
+      // Optional reason from query params
+      const reason = (request.query as any)?.reason;
+
+      // Hard delete user
+      await this.userProfileService.adminHardDeleteUser(
+        auth0Sub,
+        actorId,
+        reason
+      );
+
+      return reply.code(200).send({
+        message: 'User permanently deleted',
+      });
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+
+      logger.error('Error hard deleting user', {
+        error: errorMessage,
+        auth0Sub: request.params?.auth0Sub,
+      });
+
+      if (errorMessage === 'Cannot delete your own account') {
+        return reply.code(400).send({
+          error: 'Bad request',
+          message: errorMessage,
+        });
+      }
+
+      if (errorMessage === 'User not found') {
+        return reply.code(404).send({
+          error: 'Not found',
+          message: errorMessage,
+        });
+      }
+
+      return reply.code(500).send({
+        error: 'Internal server error',
+        message: 'Failed to delete user',
+      });
+    }
+  }
 }