feat(api): expand API endpoints for repo, PR, user, workspace management

- Add git operation endpoints: archive, compare branches, diff, tree,
  repository extras
- Add repo endpoints: contributors, delete fork, get branch/commit
  status/deploy key/invitation/member/release/tag/webhook, topics,
  release assets, webhook deliveries/retry
- Add PR endpoints: review requests, templates
- Add user endpoints: block/unblock, follow/unfollow, presence,
  personal access tokens, account restore
- Add workspace endpoints: billing history, approvals, domains,
  integrations, invitations, members, webhooks, restore
- Add internal API, notification API, IM API modules
- Update route configuration and OpenAPI spec

api/user/delete_account.rs

@@ -7,18 +7,21 @@ use crate::session::Session;
 
 /// Delete user account
 ///
-/// Permanently deletes the authenticated user's account and all associated data.
-/// Requires authentication.
+/// Marks the authenticated user's account and all associated data for deletion.
+/// The user's data is soft-deleted (marked as deleted, not physically removed).
+/// A restore link is sent to the user's verified email, valid for 30 days.
+/// Requires authentication and a verified email address.
 ///
 /// Preconditions:
+/// - User must have at least one verified email address
 /// - User must transfer or delete all owned workspaces
 /// - User must transfer or delete all owned repositories
 ///
 /// Effects:
-/// - All user data is removed (SSH keys, GPG keys, sessions, devices, OAuth links, etc.)
-/// - User is soft-deleted (marked as deleted, not physically removed)
+/// - All user data is soft-deleted (SSH keys, GPG keys, sessions, devices, etc.)
 /// - Current session is cleared
-/// - Account cannot be recovered
+/// - A restore token is generated and sent via email
+/// - Account can be restored within 30 days using the restore link
 ///
 /// Returns success message on completion.
 #[utoipa::path(
@@ -27,8 +30,8 @@ use crate::session::Session;
     tag = "User",
     operation_id = "userDeleteAccount",
     responses(
-        (status = 200, description = "Account deleted successfully. All user data has been removed.", body = ApiResponse<String>),
-        (status = 400, description = "Cannot delete: user still owns workspaces or repositories", body = ApiErrorResponse),
+        (status = 200, description = "Account marked for deletion. A restore link has been sent to your email.", body = ApiResponse<String>),
+        (status = 400, description = "Cannot delete: user still owns workspaces or repositories, or no verified email", body = ApiErrorResponse),
         (status = 401, description = "Authentication required or session expired", body = ApiErrorResponse),
         (status = 404, description = "User not found", body = ApiErrorResponse),
         (status = 500, description = "Internal server error", body = ApiErrorResponse),
@@ -42,5 +45,7 @@ pub async fn delete_account(
     session: Session,
 ) -> Result<HttpResponse, AppError> {
     service.user.user_delete_account(&session).await?;
-    Ok(HttpResponse::Ok().json(ApiResponse::new("Account deleted successfully".to_string())))
+    Ok(HttpResponse::Ok().json(ApiResponse::new(
+        "Account deletion scheduled. A restore link has been sent to your email.".to_string(),
+    )))
 }