use actix_web::{HttpResponse, web}; use crate::api::response::{ApiErrorResponse, ApiResponse}; use crate::error::AppError; use crate::service::AppService; use crate::session::Session; /// Delete user account /// /// Marks the authenticated user's account and all associated data for deletion. /// The user's data is soft-deleted (marked as deleted, not physically removed). /// A restore link is sent to the user's verified email, valid for 30 days. /// Requires authentication and a verified email address. /// /// Preconditions: /// - User must have at least one verified email address /// - User must transfer or delete all owned workspaces /// - User must transfer or delete all owned repositories /// /// Effects: /// - All user data is soft-deleted (SSH keys, GPG keys, sessions, devices, etc.) /// - Current session is cleared /// - A restore token is generated and sent via email /// - Account can be restored within 30 days using the restore link /// /// Returns success message on completion. #[utoipa::path( delete, path = "/api/v1/user/account", tag = "User", operation_id = "userDeleteAccount", responses( (status = 200, description = "Account marked for deletion. A restore link has been sent to your email.", body = ApiResponse), (status = 400, description = "Cannot delete: user still owns workspaces or repositories, or no verified email", body = ApiErrorResponse), (status = 401, description = "Authentication required or session expired", body = ApiErrorResponse), (status = 404, description = "User not found", body = ApiErrorResponse), (status = 500, description = "Internal server error", body = ApiErrorResponse), ), security( ("session_cookie" = []) ) )] pub async fn delete_account( service: web::Data, session: Session, ) -> Result { service.user.user_delete_account(&session).await?; Ok(HttpResponse::Ok().json(ApiResponse::new( "Account deletion scheduled. A restore link has been sent to your email.".to_string(), ))) }