zaid.marzguioui/myeasycms-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce deletion environment variables server side; added logging

Browse Source
This commit is contained in:
gbuomprisco
2024-10-08 00:37:35 +02:00
parent 67f428a56d
commit e9500463bf
2 changed files with 46 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
packages/features/accounts/src/server/personal-accounts-server-actions.ts
View File

@@ -6,6 +6,7 @@ import { redirect } from 'next/navigation';
import { z } from 'zod'; import { z } from 'zod';
import { enhanceAction } from '@kit/next/actions'; import { enhanceAction } from '@kit/next/actions';
import { getLogger } from '@kit/shared/logger';
import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client'; import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';
import { getSupabaseServerClient } from '@kit/supabase/server-client'; import { getSupabaseServerClient } from '@kit/supabase/server-client';
@@ -14,6 +15,9 @@ import { createDeletePersonalAccountService } from './services/delete-personal-a
const emailSettings = getEmailSettingsFromEnvironment(); const emailSettings = getEmailSettingsFromEnvironment();
const enableAccountDeletion =
process.env.NEXT_PUBLIC_ENABLE_PERSONAL_ACCOUNT_DELETION === 'true';
export async function refreshAuthSession() { export async function refreshAuthSession() {
const client = getSupabaseServerClient(); const client = getSupabaseServerClient();
@@ -24,6 +28,8 @@ export async function refreshAuthSession() {
export const deletePersonalAccountAction = enhanceAction( export const deletePersonalAccountAction = enhanceAction(
async (formData: FormData, user) => { async (formData: FormData, user) => {
const logger = await getLogger();
// validate the form data // validate the form data
const { success } = DeletePersonalAccountSchema.safeParse( const { success } = DeletePersonalAccountSchema.safeParse(
Object.fromEntries(formData.entries()), Object.fromEntries(formData.entries()),
@@ -33,6 +39,19 @@ export const deletePersonalAccountAction = enhanceAction(
throw new Error('Invalid form data'); throw new Error('Invalid form data');
} }
const ctx = {
name: 'account.delete',
userId: user.id,
};
if (!enableAccountDeletion) {
logger.warn(ctx, `Account deletion is not enabled`);
throw new Error('Account deletion is not enabled');
}
logger.info(ctx, `Deleting account...`);
const client = getSupabaseServerClient(); const client = getSupabaseServerClient();
// create a new instance of the personal accounts service // create a new instance of the personal accounts service
@@ -49,6 +68,8 @@ export const deletePersonalAccountAction = enhanceAction(
emailSettings, emailSettings,
}); });
logger.info(ctx, `Account request successfully sent`);
// clear the cache for all pages // clear the cache for all pages
revalidatePath('/', 'layout'); revalidatePath('/', 'layout');

26
packages/features/team-accounts/src/server/actions/delete-team-account-server-actions.ts
View File

@@ -5,26 +5,50 @@ import { redirect } from 'next/navigation';
import type { SupabaseClient } from '@supabase/supabase-js'; import type { SupabaseClient } from '@supabase/supabase-js';
import { enhanceAction } from '@kit/next/actions'; import { enhanceAction } from '@kit/next/actions';
import { getLogger } from '@kit/shared/logger';
import type { Database } from '@kit/supabase/database'; import type { Database } from '@kit/supabase/database';
import { getSupabaseServerClient } from '@kit/supabase/server-client'; import { getSupabaseServerClient } from '@kit/supabase/server-client';
import { DeleteTeamAccountSchema } from '../../schema/delete-team-account.schema'; import { DeleteTeamAccountSchema } from '../../schema/delete-team-account.schema';
import { createDeleteTeamAccountService } from '../services/delete-team-account.service'; import { createDeleteTeamAccountService } from '../services/delete-team-account.service';
const enableTeamAccountDeletion =
process.env.NEXT_PUBLIC_ENABLE_TEAM_ACCOUNTS_DELETION === 'true';
export const deleteTeamAccountAction = enhanceAction( export const deleteTeamAccountAction = enhanceAction(
async (formData: FormData, user) => { async (formData: FormData, user) => {
const logger = await getLogger();
const params = DeleteTeamAccountSchema.parse( const params = DeleteTeamAccountSchema.parse(
Object.fromEntries(formData.entries()), Object.fromEntries(formData.entries()),
); );
const ctx = {
name: 'team-accounts.delete',
userId: user.id,
accountId: params.accountId,
};
if (!enableTeamAccountDeletion) {
logger.warn(ctx, `Team account deletion is not enabled`);
throw new Error('Team account deletion is not enabled');
}
logger.info(ctx, `Deleting team account...`);
await deleteTeamAccount({ await deleteTeamAccount({
accountId: params.accountId, accountId: params.accountId,
userId: user.id, userId: user.id,
}); });
logger.info(ctx, `Team account request successfully sent`);
return redirect('/home'); return redirect('/home');
}, },
{}, {
auth: true,
},
); );
async function deleteTeamAccount(params: { async function deleteTeamAccount(params: {