server/src/routes/account.ts

import { Router } from 'express';
import { pool } from '../db/pool.js';
import { requireAuth } from '../auth/middleware.js';
import fs from 'fs';
import path from 'path';
import { fileURLToPath } from 'url';

const __dirname = path.dirname(fileURLToPath(import.meta.url));
const uploadsDir = process.env.UPLOADS_DIR || path.join(__dirname, '../../uploads');

const router = Router();
router.use(requireAuth);

// POST /api/account/delete
router.post('/delete', async (req, res) => {
  const userId = req.user!.id;
  const client = await pool.connect();

  try {
    await client.query('BEGIN');

    // 1. Delete all chemicals for this user
    await client.query('DELETE FROM chemicals WHERE user_id = $1', [userId]);

    // 2. Delete all protocols for this user
    await client.query('DELETE FROM protocols WHERE user_id = $1', [userId]);

    // 3. Delete user profile (has CASCADE, but be explicit)
    await client.query('DELETE FROM user_profile WHERE user_id = $1', [userId]);

    // 4. Delete sessions and accounts (CASCADE from user, but be explicit)
    await client.query('DELETE FROM session WHERE "userId" = $1', [userId]);
    await client.query('DELETE FROM account WHERE "userId" = $1', [userId]);
    await client.query('DELETE FROM verification WHERE identifier = $1', [userId]);

    // 5. Delete the user record itself
    await client.query('DELETE FROM "user" WHERE id = $1', [userId]);

    await client.query('COMMIT');

    // 6. Clean up uploaded files outside the transaction
    const userUploadsDir = path.join(uploadsDir, userId);
    if (fs.existsSync(userUploadsDir)) {
      fs.rmSync(userUploadsDir, { recursive: true, force: true });
    }

    res.json({ deleted: true });
  } catch (err) {
    await client.query('ROLLBACK');
    console.error('Account deletion failed:', err);
    res.status(500).json({ error: 'Account deletion failed' });
  } finally {
    client.release();
  }
});

export default router;
Account deletion logic 2026-04-09 23:10:23 -05:00			`import { Router } from 'express';`
			`import { pool } from '../db/pool.js';`
			`import { requireAuth } from '../auth/middleware.js';`
			`import fs from 'fs';`
			`import path from 'path';`
			`import { fileURLToPath } from 'url';`

			`const __dirname = path.dirname(fileURLToPath(import.meta.url));`
			`const uploadsDir = process.env.UPLOADS_DIR \|\| path.join(__dirname, '../../uploads');`

			`const router = Router();`
			`router.use(requireAuth);`

			`// POST /api/account/delete`
			`router.post('/delete', async (req, res) => {`
			`const userId = req.user!.id;`
			`const client = await pool.connect();`

			`try {`
			`await client.query('BEGIN');`

			`// 1. Delete all chemicals for this user`
			`await client.query('DELETE FROM chemicals WHERE user_id = $1', [userId]);`

			`// 2. Delete all protocols for this user`
			`await client.query('DELETE FROM protocols WHERE user_id = $1', [userId]);`

			`// 3. Delete user profile (has CASCADE, but be explicit)`
			`await client.query('DELETE FROM user_profile WHERE user_id = $1', [userId]);`

			`// 4. Delete sessions and accounts (CASCADE from user, but be explicit)`
			`await client.query('DELETE FROM session WHERE "userId" = $1', [userId]);`
			`await client.query('DELETE FROM account WHERE "userId" = $1', [userId]);`
			`await client.query('DELETE FROM verification WHERE identifier = $1', [userId]);`

			`// 5. Delete the user record itself`
			`await client.query('DELETE FROM "user" WHERE id = $1', [userId]);`

			`await client.query('COMMIT');`

			`// 6. Clean up uploaded files outside the transaction`
			`const userUploadsDir = path.join(uploadsDir, userId);`
			`if (fs.existsSync(userUploadsDir)) {`
			`fs.rmSync(userUploadsDir, { recursive: true, force: true });`
			`}`

			`res.json({ deleted: true });`
			`} catch (err) {`
			`await client.query('ROLLBACK');`
			`console.error('Account deletion failed:', err);`
			`res.status(500).json({ error: 'Account deletion failed' });`
			`} finally {`
			`client.release();`
			`}`
			`});`

			`export default router;`