diff --git a/db/queries/users.sql b/db/queries/users.sql index ac20d30..81d3fe2 100644 --- a/db/queries/users.sql +++ b/db/queries/users.sql @@ -92,7 +92,7 @@ WHERE ut.user_id = $1 ); -- name: ListExpiredSoftDeletedUsers :many -SELECT id FROM users WHERE deleted_at IS NOT NULL AND deleted_at < NOW() - INTERVAL '15 days'; +SELECT id, email FROM users WHERE deleted_at IS NOT NULL AND deleted_at < NOW() - INTERVAL '15 days'; -- name: HardDeleteUser :exec DELETE FROM users WHERE id = $1; diff --git a/pkg/cpserver/run.go b/pkg/cpserver/run.go index 9066a8c..58ef7f1 100644 --- a/pkg/cpserver/run.go +++ b/pkg/cpserver/run.go @@ -193,6 +193,7 @@ func Run(opts ...Option) { // Hard-delete accounts that have been soft-deleted for more than 15 days (runs every 24h). // Audit logs referencing deleted users are anonymized before the user row is removed. + // A notification email is sent to the user before their data is permanently removed. go func() { ticker := time.NewTicker(24 * time.Hour) defer ticker.Stop() @@ -207,16 +208,24 @@ func Run(opts ...Option) { continue } var deleted int - for _, userID := range expired { - prefixedID := id.FormatUserID(userID) + for _, row := range expired { + prefixedID := id.FormatUserID(row.ID) if err := queries.AnonymizeAuditLogsByUserID(ctx, pgtype.Text{String: prefixedID, Valid: true}); err != nil { slog.Error("account cleanup: failed to anonymize audit logs, skipping delete", "user_id", prefixedID, "error", err) continue } - if err := queries.HardDeleteUser(ctx, userID); err != nil { + if err := queries.HardDeleteUser(ctx, row.ID); err != nil { slog.Error("account cleanup: failed to hard-delete user", "user_id", prefixedID, "error", err) continue } + if err := mailer.Send(ctx, row.Email, "Your Wrenn account has been deleted", email.EmailData{ + Message: "Your Wrenn account and all associated data have been permanently deleted. " + + "This action was taken automatically because your account was scheduled for deletion more than 15 days ago.\n\n" + + "If you believe this was done in error, please contact support.", + Closing: "Thank you for using Wrenn.", + }); err != nil { + slog.Warn("account cleanup: failed to send deletion notification", "email", row.Email, "error", err) + } deleted++ } if len(expired) > 0 { diff --git a/pkg/db/users.sql.go b/pkg/db/users.sql.go index be898ea..b2d79e8 100644 --- a/pkg/db/users.sql.go +++ b/pkg/db/users.sql.go @@ -326,22 +326,27 @@ func (q *Queries) InsertUserOAuth(ctx context.Context, arg InsertUserOAuthParams } const listExpiredSoftDeletedUsers = `-- name: ListExpiredSoftDeletedUsers :many -SELECT id FROM users WHERE deleted_at IS NOT NULL AND deleted_at < NOW() - INTERVAL '15 days' +SELECT id, email FROM users WHERE deleted_at IS NOT NULL AND deleted_at < NOW() - INTERVAL '15 days' ` -func (q *Queries) ListExpiredSoftDeletedUsers(ctx context.Context) ([]pgtype.UUID, error) { +type ListExpiredSoftDeletedUsersRow struct { + ID pgtype.UUID `json:"id"` + Email string `json:"email"` +} + +func (q *Queries) ListExpiredSoftDeletedUsers(ctx context.Context) ([]ListExpiredSoftDeletedUsersRow, error) { rows, err := q.db.Query(ctx, listExpiredSoftDeletedUsers) if err != nil { return nil, err } defer rows.Close() - var items []pgtype.UUID + var items []ListExpiredSoftDeletedUsersRow for rows.Next() { - var id pgtype.UUID - if err := rows.Scan(&id); err != nil { + var i ListExpiredSoftDeletedUsersRow + if err := rows.Scan(&i.ID, &i.Email); err != nil { return nil, err } - items = append(items, id) + items = append(items, i) } if err := rows.Err(); err != nil { return nil, err