Enforce deletion environment variables server side; added logging

packages/features/accounts/src/server/personal-accounts-server-actions.ts

@@ -6,6 +6,7 @@ import { redirect } from 'next/navigation';
 import { z } from 'zod';
 
 import { enhanceAction } from '@kit/next/actions';
+import { getLogger } from '@kit/shared/logger';
 import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';
 import { getSupabaseServerClient } from '@kit/supabase/server-client';
 
@@ -14,6 +15,9 @@ import { createDeletePersonalAccountService } from './services/delete-personal-a
 
 const emailSettings = getEmailSettingsFromEnvironment();
 
+const enableAccountDeletion =
+  process.env.NEXT_PUBLIC_ENABLE_PERSONAL_ACCOUNT_DELETION === 'true';
+
 export async function refreshAuthSession() {
   const client = getSupabaseServerClient();
 
@@ -24,6 +28,8 @@ export async function refreshAuthSession() {
 
 export const deletePersonalAccountAction = enhanceAction(
   async (formData: FormData, user) => {
+    const logger = await getLogger();
+
     // validate the form data
     const { success } = DeletePersonalAccountSchema.safeParse(
       Object.fromEntries(formData.entries()),
@@ -33,6 +39,19 @@ export const deletePersonalAccountAction = enhanceAction(
       throw new Error('Invalid form data');
     }
 
+    const ctx = {
+      name: 'account.delete',
+      userId: user.id,
+    };
+
+    if (!enableAccountDeletion) {
+      logger.warn(ctx, `Account deletion is not enabled`);
+
+      throw new Error('Account deletion is not enabled');
+    }
+
+    logger.info(ctx, `Deleting account...`);
+
     const client = getSupabaseServerClient();
 
     // create a new instance of the personal accounts service
@@ -49,6 +68,8 @@ export const deletePersonalAccountAction = enhanceAction(
       emailSettings,
     });
 
+    logger.info(ctx, `Account request successfully sent`);
+
     // clear the cache for all pages
     revalidatePath('/', 'layout');