Add user deletion endpoint (#35)

Author: mishankov

auth/cleanup.go

@@ -0,0 +1,18 @@
+package auth
+
+import (
+	"context"
+	"time"
+)
+
+type cleanupEnqueuer interface {
+	Enqueue(ctx context.Context, job UserCleanupJob) error
+}
+
+// UserCleanupJob represents a cleanup job that is enqueued after a user is deleted.
+// It contains the necessary information for cleanup handlers to identify and process
+// the cleanup tasks associated with the deleted user.
+type UserCleanupJob struct {
+	UserID    string
+	DeletedAt time.Time
+}

auth/cleanup_test.go

@@ -0,0 +1,132 @@
+package auth_test
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/platforma-dev/platforma/auth"
+)
+
+func TestDeleteUser_WithCleanupEnqueuer_EnqueuesJob(t *testing.T) {
+	t.Parallel()
+
+	mockRepo := &mockRepository{}
+	mockAuthStorage := &mockAuthStorage{}
+	mockEnqueuer := &mockCleanupEnqueuer{}
+
+	service := auth.NewService(mockRepo, mockAuthStorage, "session", nil, nil, mockEnqueuer)
+
+	user := &auth.User{ID: "test-user-id"}
+	ctx := context.WithValue(context.Background(), auth.UserContextKey, user)
+
+	err := service.DeleteUser(ctx)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if !mockEnqueuer.enqueueCalled {
+		t.Fatal("expected Enqueue to be called")
+	}
+
+	if mockEnqueuer.lastJob.UserID != "test-user-id" {
+		t.Fatalf("expected UserID 'test-user-id', got %q", mockEnqueuer.lastJob.UserID)
+	}
+
+	if mockEnqueuer.lastJob.DeletedAt.IsZero() {
+		t.Fatal("expected DeletedAt to be set")
+	}
+}
+
+func TestDeleteUser_WithNilEnqueuer_Succeeds(t *testing.T) {
+	t.Parallel()
+
+	mockRepo := &mockRepository{}
+	mockAuthStorage := &mockAuthStorage{}
+
+	service := auth.NewService(mockRepo, mockAuthStorage, "session", nil, nil, nil)
+
+	user := &auth.User{ID: "test-user-id"}
+	ctx := context.WithValue(context.Background(), auth.UserContextKey, user)
+
+	err := service.DeleteUser(ctx)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+}
+
+func TestDeleteUser_EnqueueError_StillSucceeds(t *testing.T) {
+	t.Parallel()
+
+	mockRepo := &mockRepository{}
+	mockAuthStorage := &mockAuthStorage{}
+	mockEnqueuer := &mockCleanupEnqueuer{
+		enqueueErr: errors.New("queue is full"),
+	}
+
+	service := auth.NewService(mockRepo, mockAuthStorage, "session", nil, nil, mockEnqueuer)
+
+	user := &auth.User{ID: "test-user-id"}
+	ctx := context.WithValue(context.Background(), auth.UserContextKey, user)
+
+	err := service.DeleteUser(ctx)
+	if err != nil {
+		t.Fatalf("expected no error even with enqueue failure, got %v", err)
+	}
+
+	if !mockEnqueuer.enqueueCalled {
+		t.Fatal("expected Enqueue to be called")
+	}
+}
+
+type mockCleanupEnqueuer struct {
+	enqueueCalled bool
+	lastJob       auth.UserCleanupJob
+	enqueueErr    error
+}
+
+func (m *mockCleanupEnqueuer) Enqueue(_ context.Context, job auth.UserCleanupJob) error {
+	m.enqueueCalled = true
+	m.lastJob = job
+	return m.enqueueErr
+}
+
+type mockRepository struct{}
+
+func (m *mockRepository) Get(_ context.Context, _ string) (*auth.User, error) {
+	return nil, nil
+}
+
+func (m *mockRepository) GetByUsername(_ context.Context, _ string) (*auth.User, error) {
+	return nil, nil
+}
+
+func (m *mockRepository) Create(_ context.Context, _ *auth.User) error {
+	return nil
+}
+
+func (m *mockRepository) UpdatePassword(_ context.Context, _, _, _ string) error {
+	return nil
+}
+
+func (m *mockRepository) Delete(_ context.Context, _ string) error {
+	return nil
+}
+
+type mockAuthStorage struct{}
+
+func (m *mockAuthStorage) GetUserIdFromSessionId(_ context.Context, _ string) (string, error) {
+	return "", nil
+}
+
+func (m *mockAuthStorage) CreateSessionForUser(_ context.Context, _ string) (string, error) {
+	return "", nil
+}
+
+func (m *mockAuthStorage) DeleteSession(_ context.Context, _ string) error {
+	return nil
+}
+
+func (m *mockAuthStorage) DeleteSessionsByUserId(_ context.Context, _ string) error {
+	return nil
+}

auth/domain.go

@@ -15,23 +15,25 @@ func (d *Domain) GetRepository() any {
 	return d.Repository
 }
 
-func New(db db, authStorage authStorage, sessionCookieName string, usernameValidator, passwordValidator func(string) error) *Domain {
+func New(db db, authStorage authStorage, sessionCookieName string, usernameValidator, passwordValidator func(string) error, cleanupEnqueuer cleanupEnqueuer) *Domain {
 	repository := NewRepository(db)
-	service := NewService(repository, authStorage, sessionCookieName, usernameValidator, passwordValidator)
+	service := NewService(repository, authStorage, sessionCookieName, usernameValidator, passwordValidator, cleanupEnqueuer)
 
 	authMiddleware := NewAuthenticationMiddleware(service)
 	registerHandler := NewRegisterHandler(service)
 	loginHandler := NewLoginHandler(service)
 	logoutHandler := NewLogoutHandler(service)
 	getUserHandler := NewGetHandler(service)
 	changePasswordHandler := authMiddleware.Wrap(NewChangePasswordHandler(service))
+	deleteHandler := authMiddleware.Wrap(NewDeleteHandler(service))
 
 	authAPI := httpserver.NewHandlerGroup()
 	authAPI.Handle("POST /register", registerHandler)
 	authAPI.Handle("POST /login", loginHandler)
 	authAPI.Handle("POST /logout", logoutHandler)
 	authAPI.Handle("GET /me", getUserHandler)
 	authAPI.Handle("POST /change-password", changePasswordHandler)
+	authAPI.Handle("DELETE /me", deleteHandler)
 
 	return &Domain{
 		Repository:  repository,

auth/handler_delete.go

@@ -0,0 +1,48 @@
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"net/http"
+
+	"github.com/platforma-dev/platforma/log"
+)
+
+type userDeleter interface {
+	DeleteUser(ctx context.Context) error
+}
+
+type DeleteHandler struct {
+	service userDeleter
+}
+
+func NewDeleteHandler(service userDeleter) *DeleteHandler {
+	return &DeleteHandler{
+		service: service,
+	}
+}
+
+func (h *DeleteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	if r.Method != http.MethodDelete {
+		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	err := h.service.DeleteUser(ctx)
+	if err != nil {
+		if errors.Is(err, ErrUserNotFound) {
+			http.Error(w, err.Error(), http.StatusUnauthorized)
+			return
+		}
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+	if err := json.NewEncoder(w).Encode("User deleted successfully"); err != nil {
+		log.ErrorContext(ctx, "failed to decode response to json", "error", err)
+	}
+}

auth/handler_delete_test.go

@@ -0,0 +1,117 @@
+package auth_test
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/platforma-dev/platforma/auth"
+)
+
+func TestDeleteHandler_Success(t *testing.T) {
+	t.Parallel()
+
+	mockService := &mockDeleteService{
+		deleteUserErr: nil,
+	}
+	handler := auth.NewDeleteHandler(mockService)
+
+	req := httptest.NewRequest(http.MethodDelete, "/", nil)
+	ctx := context.WithValue(req.Context(), auth.UserContextKey, &auth.User{ID: "user-id"})
+	req = req.WithContext(ctx)
+	w := httptest.NewRecorder()
+
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status 200, got %d", w.Code)
+	}
+
+	expectedBody := `"User deleted successfully"`
+	actualBody := w.Body.String()
+	if actualBody != expectedBody+"\n" {
+		t.Fatalf("expected body %q, got %q", expectedBody+"\n", actualBody)
+	}
+}
+
+func TestDeleteHandler_WrongMethod(t *testing.T) {
+	t.Parallel()
+
+	mockService := &mockDeleteService{}
+	handler := auth.NewDeleteHandler(mockService)
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	w := httptest.NewRecorder()
+
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusMethodNotAllowed {
+		t.Fatalf("expected status 405, got %d", w.Code)
+	}
+}
+
+func TestDeleteHandler_UserNotFound(t *testing.T) {
+	t.Parallel()
+
+	mockService := &mockDeleteService{
+		deleteUserErr: auth.ErrUserNotFound,
+	}
+	handler := auth.NewDeleteHandler(mockService)
+
+	req := httptest.NewRequest(http.MethodDelete, "/", nil)
+	w := httptest.NewRecorder()
+
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusUnauthorized {
+		t.Fatalf("expected status 401, got %d", w.Code)
+	}
+}
+
+func TestDeleteHandler_InternalError(t *testing.T) {
+	t.Parallel()
+
+	mockService := &mockDeleteService{
+		deleteUserErr: errors.New("database error"),
+	}
+	handler := auth.NewDeleteHandler(mockService)
+
+	req := httptest.NewRequest(http.MethodDelete, "/", nil)
+	ctx := context.WithValue(req.Context(), auth.UserContextKey, &auth.User{ID: "user-id"})
+	req = req.WithContext(ctx)
+	w := httptest.NewRecorder()
+
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusInternalServerError {
+		t.Fatalf("expected status 500, got %d", w.Code)
+	}
+}
+
+func TestDeleteHandler_NoUserInContext(t *testing.T) {
+	t.Parallel()
+
+	mockService := &mockDeleteService{
+		deleteUserErr: auth.ErrUserNotFound,
+	}
+	handler := auth.NewDeleteHandler(mockService)
+
+	req := httptest.NewRequest(http.MethodDelete, "/", nil)
+	w := httptest.NewRecorder()
+
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusUnauthorized {
+		t.Fatalf("expected status 401, got %d", w.Code)
+	}
+}
+
+type mockDeleteService struct {
+	deleteUserErr error
+}
+
+func (m *mockDeleteService) DeleteUser(ctx context.Context) error {
+	return m.deleteUserErr
+}

auth/repository.go

@@ -84,3 +84,12 @@ func (r *Repository) UpdatePassword(ctx context.Context, id, password, salt stri
 	}
 	return nil
 }
+
+func (r *Repository) Delete(ctx context.Context, id string) error {
+	query := `DELETE FROM users WHERE id = $1`
+	_, err := r.db.ExecContext(ctx, query, id)
+	if err != nil {
+		return fmt.Errorf("failed to delete user: %w", err)
+	}
+	return nil
+}