Add /v1/me account management endpoints

Adds self-service endpoints: GET/PATCH/DELETE /v1/me, POST /v1/me/password, POST /v1/me/password/reset{/confirm}, GET/DELETE /v1/me/providers/{provider}. Includes OAuth account-linking flow via cookie, hard-delete cleanup goroutine (24h ticker, 15-day grace period), and OpenAPI spec for all new routes.
2026-04-16 03:24:55 +06:00
parent bc8348b199
commit f69fa8cded
5 changed files with 923 additions and 0 deletions
--- a/pkg/cpserver/run.go
+++ b/pkg/cpserver/run.go
@ -188,6 +188,24 @@ func Run(opts ...Option) {
 	monitor := api.NewHostMonitor(queries, hostPool, al, 30*time.Second)
 	monitor.Start(ctx)

+	// Hard-delete accounts that have been soft-deleted for more than 15 days (runs every 24h).
+	go func() {
+		ticker := time.NewTicker(24 * time.Hour)
+		defer ticker.Stop()
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case <-ticker.C:
+				if err := queries.HardDeleteExpiredUsers(ctx); err != nil {
+					slog.Error("account cleanup: failed to hard-delete expired users", "error", err)
+				} else {
+					slog.Info("account cleanup: hard-deleted expired users")
+				}
+			}
+		}
+	}()
+
 	// Start metrics sampler (records per-team sandbox stats every 10s).
 	sampler := api.NewMetricsSampler(queries, 10*time.Second)
 	sampler.Start(ctx)