sojorn/_legacy/supabase/functions/deactivate-account/index.ts

/**
 * POST /deactivate-account - Deactivate user account (reactivatable within 30 days)
 * POST /deactivate-account/reactivate - Reactivate a deactivated account
 *
 * Design intent:
 * - Allows users to temporarily deactivate their account
 * - Account can be reactivated by logging in
 * - Profile and posts are hidden while deactivated
 */

import { serve } from 'https://deno.land/std@0.177.0/http/server.ts';
import { createSupabaseClient } from '../_shared/supabase-client.ts';

const ALLOWED_ORIGIN = Deno.env.get('ALLOWED_ORIGIN') || 'https://gosojorn.com';

serve(async (req) => {
  if (req.method === 'OPTIONS') {
    return new Response(null, {
      headers: {
        'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
        'Access-Control-Allow-Methods': 'POST',
        'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
      },
    });
  }

  try {
    const authHeader = req.headers.get('Authorization');
    if (!authHeader) {
      return new Response(JSON.stringify({ error: 'Missing authorization header' }), {
        status: 401,
        headers: {
          'Content-Type': 'application/json',
          'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
        },
      });
    }

    const supabase = createSupabaseClient(authHeader);
    const {
      data: { user },
      error: authError,
    } = await supabase.auth.getUser();

    if (authError || !user) {
      return new Response(JSON.stringify({ error: 'Unauthorized' }), {
        status: 401,
        headers: {
          'Content-Type': 'application/json',
          'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
        },
      });
    }

    if (req.method !== 'POST') {
      return new Response(JSON.stringify({ error: 'Method not allowed' }), {
        status: 405,
        headers: {
          'Content-Type': 'application/json',
          'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
        },
      });
    }

    const url = new URL(req.url);
    const isReactivate = url.pathname.endsWith('/reactivate');

    if (isReactivate) {
      // Reactivate account
      const { data, error } = await supabase
        .rpc('reactivate_account', { p_user_id: user.id });

      if (error) {
        console.error('Error reactivating account:', error);
        return new Response(JSON.stringify({
          error: 'Failed to reactivate account',
          details: error.message
        }), {
          status: 500,
          headers: {
            'Content-Type': 'application/json',
            'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
          },
        });
      }

      if (!data || !data.success) {
        return new Response(JSON.stringify({
          error: data?.error || 'Account is not deactivated'
        }), {
          status: 400,
          headers: {
            'Content-Type': 'application/json',
            'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
          },
        });
      }

      return new Response(
        JSON.stringify({
          success: true,
          message: 'Account reactivated successfully',
        }),
        {
          status: 200,
          headers: {
            'Content-Type': 'application/json',
            'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
          },
        }
      );
    } else {
      // Deactivate account
      const { data, error } = await supabase
        .rpc('deactivate_account', { p_user_id: user.id });

      if (error) {
        console.error('Error deactivating account:', error);
        return new Response(JSON.stringify({
          error: 'Failed to deactivate account',
          details: error.message
        }), {
          status: 500,
          headers: {
            'Content-Type': 'application/json',
            'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
          },
        });
      }

      if (!data || !data.success) {
        return new Response(JSON.stringify({
          error: data?.error || 'Account already deactivated'
        }), {
          status: 400,
          headers: {
            'Content-Type': 'application/json',
            'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
          },
        });
      }

      return new Response(
        JSON.stringify({
          success: true,
          message: 'Account deactivated successfully. You can reactivate it anytime by logging in.',
          deactivated_at: data.deactivated_at,
        }),
        {
          status: 200,
          headers: {
            'Content-Type': 'application/json',
            'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
          },
        }
      );
    }
  } catch (error) {
    console.error('Unexpected error:', error);
    return new Response(JSON.stringify({ error: 'Internal server error' }), {
      status: 500,
      headers: {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
      },
    });
  }
});