arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5

fix(api): remove redundant profile soft-delete

Browse source 
profiles.id has ON DELETE CASCADE from auth.users, so calling
auth.admin.deleteUser already removes the profile row. Only the
org soft-delete needs to happen explicitly.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Arthur Belleville 2026-04-29 18:22:36 +02:00
parent 42d5161ab6
commit 4eaa8731c4
No known key found for this signature in database
2 changed files with 2 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
apps/api/src/routers/user.ts
View file

@ -815,7 +815,6 @@ const deleteMe = factory.createHandlers(async (c) => {
} }
const profile = rawProfile as typeof rawProfile & { organization_id: number | null }; const profile = rawProfile as typeof rawProfile & { organization_id: number | null };
const deletedAt = new Date().toISOString();
let orgWasSoftDeleted = false; let orgWasSoftDeleted = false;
if (profile.organization_id) { if (profile.organization_id) {
@ -828,7 +827,7 @@ const deleteMe = factory.createHandlers(async (c) => {
console.warn("Failed to count org members during account deletion, skipping org soft-delete:", countError.message); console.warn("Failed to count org members during account deletion, skipping org soft-delete:", countError.message);
} else if ((count ?? 0) === 1) { } else if ((count ?? 0) === 1) {
const { error: orgDeleteError } = await (supabase.from("organizations") as any) const { error: orgDeleteError } = await (supabase.from("organizations") as any)
.update({ deleted_at: deletedAt }) .update({ deleted_at: new Date().toISOString() })
.eq("id", profile.organization_id); .eq("id", profile.organization_id);
if (orgDeleteError) { if (orgDeleteError) {
return c.json({ error: "Failed to delete account" }, 500); return c.json({ error: "Failed to delete account" }, 500);
@ -837,27 +836,10 @@ const deleteMe = factory.createHandlers(async (c) => {
} }
} }
const { error: profileDeleteError } = await (supabase.from("profiles") as any) // Deleting the auth user cascades to profiles via FK (profiles_id_fkey ON DELETE CASCADE)
.update({ deleted_at: deletedAt })
.eq("id", user.id);
if (profileDeleteError) {
if (orgWasSoftDeleted) {
const { error: rollbackErr } = await (supabase.from("organizations") as any)
.update({ deleted_at: null })
.eq("id", profile.organization_id);
if (rollbackErr) console.error("Failed to roll back org soft-delete:", rollbackErr.message);
}
return c.json({ error: "Failed to delete account" }, 500);
}
const { error: authDeleteError } = await supabase.auth.admin.deleteUser(user.id); const { error: authDeleteError } = await supabase.auth.admin.deleteUser(user.id);
if (authDeleteError) { if (authDeleteError) {
const { error: profileRollbackErr } = await (supabase.from("profiles") as any)
.update({ deleted_at: null })
.eq("id", user.id);
if (profileRollbackErr) console.error("Failed to roll back profile soft-delete:", profileRollbackErr.message);
if (orgWasSoftDeleted) { if (orgWasSoftDeleted) {
const { error: orgRollbackErr } = await (supabase.from("organizations") as any) const { error: orgRollbackErr } = await (supabase.from("organizations") as any)
.update({ deleted_at: null }) .update({ deleted_at: null })

1
supabase/migrations/20260427120000_add_deleted_at_to_profiles_and_organizations.sql
View file

@ -1,2 +1 @@
ALTER TABLE profiles ADD COLUMN IF NOT EXISTS deleted_at timestamptz DEFAULT NULL;
ALTER TABLE organizations ADD COLUMN IF NOT EXISTS deleted_at timestamptz DEFAULT NULL; ALTER TABLE organizations ADD COLUMN IF NOT EXISTS deleted_at timestamptz DEFAULT NULL;