account management #41
Conversation
Implements user account management features including: - Account deletion API endpoint (/api/user/account DELETE) - Complete data cleanup (templates, generations, settings, R2 files) - Delete account button in dashboard Account tab - Confirmation dialog before account deletion - Proper session invalidation after deletion - Support for both development and production modes Database changes: - Added deleteUser() method to DatabaseService for cascading deletion - Respects foreign key constraints during deletion - Returns R2 keys for cleanup API changes: - Added handleAccount() method to UserAPI - New Next.js API route at /app/api/user/account/route.ts - Proxies DELETE requests to worker endpoint UI changes: - Added delete account section to dashboard Account tab - Confirmation dialog with list of data to be deleted - Loading state during account deletion - Automatic redirect to home after successful deletion Enhances user privacy and provides GDPR/data protection compliance.
Deploying creatortoolhub with
|
| Latest commit: |
9c7fe66
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://9370dfeb.creatortoolhub.pages.dev |
| Branch Preview URL: | https://claude-work-on-issue-0133th8.creatortoolhub.pages.dev |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| } | ||
|
|
||
| // Get all generations and their outputs | ||
| const generations = await this.getGenerations(userId, { limit: 100 }); |
There was a problem hiding this comment.
Limiting to 100 generations risks leaking older R2 files for users with more history; consider iterating through all generations to collect every key before deletion.
🤖 Was this useful? React with 👍 or 👎
| // Get all generations and their outputs | ||
| const generations = await this.getGenerations(userId, { limit: 100 }); | ||
| for (const generation of generations) { | ||
| const outputs = await this.getGenerationOutputs(generation.id); |
There was a problem hiding this comment.
Only generation_outputs keys are collected; if generation_inputs.r2_key is used for uploaded inputs, those files won’t be deleted and will leak (also applies to other locations in the PR).
🤖 Was this useful? React with 👍 or 👎
| headers: { | ||
| 'Content-Type': 'application/json', | ||
| // Clear the auth cookie | ||
| 'Set-Cookie': 'auth-token=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0' |
There was a problem hiding this comment.
The cookie invalidation header uses SameSite=Lax and no Secure, which doesn’t match the production auth cookie attributes; this can prevent reliable deletion in some browsers.
🤖 Was this useful? React with 👍 or 👎
| res.headers.forEach((v, k) => { | ||
| // Avoid setting hop-by-hop headers | ||
| if (!['content-encoding', 'transfer-encoding'].includes(k.toLowerCase())) { | ||
| out.headers.set(k, v); |
There was a problem hiding this comment.
Copying response headers with out.headers.set(k, v) can collapse multiple Set-Cookie headers; this may drop cookies when the upstream sets more than one.
🤖 Was this useful? React with 👍 or 👎
Implements user account management features including:
Database changes:
API changes:
UI changes:
Enhances user privacy and provides GDPR/data protection compliance.