Delete Account API + UI + Store assets (icon, graphic, screenshot)

- DELETE /api/v1/auth/delete-account (GDPR + Google Play req) - Settings: red Delete Account section with confirmation - Store assets: icon-512, feature-graphic, screenshot-1 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 23:56:20 +00:00
parent 3f04637550
commit 03d7bd8de6
6 changed files with 69 additions and 43 deletions
--- a/api/src/routes/auth.js
+++ b/api/src/routes/auth.js
@@ -101,6 +101,18 @@ async function authRoutes(app) {
        return { status: 'not_implemented', message: 'WebAuthn biometric auth coming soon.' };
    });

+    // Delete account
+    app.delete('/auth/account', { preHandler: [async (req) => { await req.jwtVerify(); }] }, async (req, reply) => {
+        const uid = req.user.id;
+        await app.db.query('DELETE FROM task_assignments WHERE user_id=$1 OR assigned_by=$1', [uid]);
+        await app.db.query('DELETE FROM tasks WHERE user_id=$1', [uid]);
+        await app.db.query('DELETE FROM task_groups WHERE user_id=$1', [uid]);
+        await app.db.query('DELETE FROM goals WHERE user_id=$1', [uid]);
+        await app.db.query('DELETE FROM sessions WHERE user_id=$1', [uid]);
+        await app.db.query('DELETE FROM users WHERE id=$1', [uid]);
+        return reply.send({ data: { deleted: true } });
+    });
+
    // OAuth initiate routes moved to ./oauth.js

    // Search users by name or email (for collaboration)
@@ -117,3 +129,22 @@ async function authRoutes(app) {
 }

 module.exports = authRoutes;
+
+// Delete account (GDPR + Google Play requirement)
+app.delete("/auth/delete-account", { preHandler: [async (req) => { await req.jwtVerify(); }] }, async (req) => {
+    const userId = req.user.id;
+    
+    // Delete all user data in order (foreign keys)
+    await app.db.query("DELETE FROM task_comments WHERE user_id = $1", [userId]);
+    await app.db.query("DELETE FROM subtasks WHERE assigned_to = $1", [userId]);
+    await app.db.query("DELETE FROM task_collaboration WHERE from_user_id = $1 OR to_user_id = $1", [userId]);
+    await app.db.query("DELETE FROM task_assignments WHERE user_id = $1", [userId]);
+    await app.db.query("DELETE FROM push_subscriptions WHERE user_id = $1", [userId]);
+    await app.db.query("DELETE FROM goals WHERE user_id = $1", [userId]);
+    await app.db.query("DELETE FROM connectors WHERE user_id = $1", [userId]);
+    await app.db.query("DELETE FROM tasks WHERE user_id = $1", [userId]);
+    await app.db.query("DELETE FROM task_groups WHERE user_id = $1", [userId]);
+    await app.db.query("DELETE FROM users WHERE id = $1", [userId]);
+    
+    return { status: "deleted", message: "Account and all data permanently deleted" };
+});