feat(AUTH, USER): ajouter la fonctionnalité de suppression de compte utilisateur#71
Conversation
rom98759
requested review from
Ilia1177,
codastream,
jmtth and
lisambet
as code owners
rom98759
left a comment
rom98759
left a comment
There was a problem hiding this comment.
Good pour moi 👍🏼
There was a problem hiding this comment.
Pull request overview
This PR adds a “delete user account” flow across the microservices: auth orchestrates the deletion (users-service profile + Redis online state + auth DB), and users exposes an internal endpoint to delete a profile by userId.
Changes:
- Users-service: add
DELETE /users/:userIdendpoint and service/controller method to delete a profile by auth/user id. - Auth-service: add
DELETE /user/deleteroute + handler and implementauthService.deleteUser()to cascade delete across UM + Redis + auth DB. - Auth-service: add UM client method to call users-service deletion, add Redis cleanup helper, and add rate limit config for delete.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| srcs/users/src/services/profiles.service.ts | Adds deleteById() for profile deletion by numeric id. |
| srcs/users/src/routes/profiles.routes.ts | Registers new internal DELETE /users/:userId route + Zod schema. |
| srcs/users/src/controllers/profiles.controller.ts | Adds controller handler for deletion by id (204). |
| srcs/auth/src/utils/constants.ts | Adds rate-limit config bucket for delete-user route. |
| srcs/auth/src/services/online.service.ts | Adds Redis cleanup helper for removing a user’s online presence. |
| srcs/auth/src/services/external/um.service.ts | Adds deleteUserProfile() call to users-service via mTLS fetch. |
| srcs/auth/src/services/auth.service.ts | Adds orchestrated deleteUser() cascade delete implementation. |
| srcs/auth/src/routes/auth.routes.ts | Exposes DELETE /user/delete route with rate limiting. |
| srcs/auth/src/controllers/auth.controller.ts | Adds deleteUserHandler for self-account deletion. |
| srcs/auth/src/controllers/admin.controller.ts | Switches admin deletion to use the new cascade authService.deleteUser(). |
| export async function removeUserFromRedis(userId: number): Promise<void> { | ||
| try { | ||
| const client = getRedisClient(); | ||
| const userKey = `${ONLINE_KEY_PREFIX}${userId}`; | ||
|
|
||
| // Supp user online key | ||
| await client.del(userKey); | ||
|
|
||
| // Supp user du set des utilisateurs en ligne | ||
| await client.srem(ONLINE_USERS_SET, userId.toString()); | ||
|
|
||
| logger.info({ | ||
| event: 'user_redis_cleanup', | ||
| userId, | ||
| message: 'User data removed from Redis', | ||
| }); | ||
| } catch (error) { | ||
| logger.error({ | ||
| event: 'user_redis_cleanup_error', | ||
| userId, | ||
| error: (error as Error)?.message, | ||
| }); | ||
| throw error; | ||
| } |
There was a problem hiding this comment.
Operationally, failing Redis cleanup currently aborts account deletion because this function rethrows. Since online status is ephemeral and other Redis reads (e.g. isUserOnline) degrade gracefully on Redis errors, consider making removeUserFromRedis best-effort (log + continue) or returning a typed error that deleteUser can treat as non-blocking.
codastream
left a comment
codastream
left a comment
There was a problem hiding this comment.
les PR courtes sont effectivement + simples à suivre et c'est bien d'avoir les suppressions en cascade (profile et redis)
il y a peut-être moyen de mutualiser du code (checks sur user pour les routes avec auth), voire de throw AppError & laisser faire errorHandler pour raccourcir les controllers et services
| logger.info({ msg: `user profile deleted successfully`, userId }); | ||
| } catch (error) { | ||
| logger.error({ msg: `error DELETE ${UM_SERVICE_URL}/users/${userId}`, error: error }); | ||
| if (error instanceof ServiceError) throw error; |
There was a problem hiding this comment.
on peut utiliser AppError : c'était trop de distinguer les DataError et ServiceError
| }, | ||
| } as const; | ||
|
|
||
| const deleteProfileByIdSchema = { |
3 participants
Ajouter les routes pour delete user depuis le service auth qui call user et redis pour supprimer en cascade
Route delete user :
api/auth/user/delete
Delete son propre user
Admin :
api/auth/users/:id
peut delete n'importe quel user