Add purge user functionality - backend and frontend implementation

Copilot · v0l · Copilot · commit 176145ede88a · 2025-07-05T20:11:15.000Z
Co-authored-by: v0l &lt;1172179+v0l@users.noreply.github.com&gt;
diff --git a/src/db.rs b/src/db.rs
@@ -316,6 +316,68 @@ impl Database {
 
         Ok((results, count))
     }
+
+    pub async fn get_user_file_ids(&self, pubkey: &Vec<u8>) -> Result<Vec<Vec<u8>>, Error> {
+        let results: Vec<(Vec<u8>,)> = sqlx::query_as(
+            "select uploads.id from uploads, users, user_uploads \
+            where users.pubkey = ? \
+            and users.id = user_uploads.user_id \
+            and user_uploads.file = uploads.id",
+        )
+        .bind(pubkey)
+        .fetch_all(&self.pool)
+        .await?;
+
+        Ok(results.into_iter().map(|(id,)| id).collect())
+    }
+
+    /// Add a new report to the database
+    pub async fn add_report(&self, file_id: &[u8], reporter_id: u64, event_json: &str) -> Result<(), Error> {
+        sqlx::query("insert into reports (file_id, reporter_id, event_json) values (?, ?, ?)")
+            .bind(file_id)
+            .bind(reporter_id)
+            .bind(event_json)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    /// List reports with pagination for admin view
+    pub async fn list_reports(&self, offset: u32, limit: u32) -> Result<(Vec<Report>, i64), Error> {
+        let reports: Vec<Report> = sqlx::query_as(
+            "select id, file_id, reporter_id, event_json, created, reviewed from reports where reviewed = false order by created desc limit ? offset ?"
+        )
+            .bind(limit)
+            .bind(offset)
+            .fetch_all(&self.pool)
+            .await?;
+        
+        let count: i64 = sqlx::query("select count(id) from reports where reviewed = false")
+            .fetch_one(&self.pool)
+            .await?
+            .try_get(0)?;
+
+        Ok((reports, count))
+    }
+
+    /// Get reports for a specific file
+    pub async fn get_file_reports(&self, file_id: &[u8]) -> Result<Vec<Report>, Error> {
+        sqlx::query_as(
+            "select id, file_id, reporter_id, event_json, created, reviewed from reports where file_id = ? order by created desc"
+        )
+            .bind(file_id)
+            .fetch_all(&self.pool)
+            .await
+    }
+
+    /// Mark a report as reviewed (used for acknowledging)
+    pub async fn mark_report_reviewed(&self, report_id: u64) -> Result<(), Error> {
+        sqlx::query("update reports set reviewed = true where id = ?")
+            .bind(report_id)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
 }
 
 #[cfg(feature = "payments")]
@@ -433,52 +495,4 @@ impl Database {
         // Check if upload would exceed quota
         Ok(user_stats.total_size + upload_size <= available_quota)
     }
-
-    /// Add a new report to the database
-    pub async fn add_report(&self, file_id: &[u8], reporter_id: u64, event_json: &str) -> Result<(), Error> {
-        sqlx::query("insert into reports (file_id, reporter_id, event_json) values (?, ?, ?)")
-            .bind(file_id)
-            .bind(reporter_id)
-            .bind(event_json)
-            .execute(&self.pool)
-            .await?;
-        Ok(())
-    }
-
-    /// List reports with pagination for admin view
-    pub async fn list_reports(&self, offset: u32, limit: u32) -> Result<(Vec<Report>, i64), Error> {
-        let reports: Vec<Report> = sqlx::query_as(
-            "select id, file_id, reporter_id, event_json, created, reviewed from reports where reviewed = false order by created desc limit ? offset ?"
-        )
-            .bind(limit)
-            .bind(offset)
-            .fetch_all(&self.pool)
-            .await?;
-        
-        let count: i64 = sqlx::query("select count(id) from reports where reviewed = false")
-            .fetch_one(&self.pool)
-            .await?
-            .try_get(0)?;
-
-        Ok((reports, count))
-    }
-
-    /// Get reports for a specific file
-    pub async fn get_file_reports(&self, file_id: &[u8]) -> Result<Vec<Report>, Error> {
-        sqlx::query_as(
-            "select id, file_id, reporter_id, event_json, created, reviewed from reports where file_id = ? order by created desc"
-        )
-            .bind(file_id)
-            .fetch_all(&self.pool)
-            .await
-    }
-
-    /// Mark a report as reviewed (used for acknowledging)
-    pub async fn mark_report_reviewed(&self, report_id: u64) -> Result<(), Error> {
-        sqlx::query("update reports set reviewed = true where id = ?")
-            .bind(report_id)
-            .execute(&self.pool)
-            .await?;
-        Ok(())
-    }
 }
diff --git a/src/routes/admin.rs b/src/routes/admin.rs
@@ -1,5 +1,6 @@
 use crate::auth::nip98::Nip98Auth;
 use crate::db::{Database, FileUpload, Report, User};
+use crate::filesystem::FileStore;
 use crate::routes::{Nip94Event, PagedResult};
 use crate::settings::Settings;
 use rocket::serde::json::Json;
@@ -14,6 +15,7 @@ pub fn admin_routes() -> Vec<Route> {
         admin_list_reports,
         admin_acknowledge_report,
         admin_get_user_info,
+        admin_purge_user,
     ]
 }
 
@@ -351,6 +353,72 @@ async fn admin_get_user_info(
     })
 }
 
+#[rocket::delete("/user/<user_pubkey>/purge")]
+async fn admin_purge_user(
+    auth: Nip98Auth,
+    user_pubkey: &str,
+    db: &State<Database>,
+    fs: &State<crate::filesystem::FileStore>,
+) -> AdminResponse<()> {
+    let pubkey_vec = auth.event.pubkey.to_bytes().to_vec();
+    
+    // Check if the requesting user is an admin
+    let admin_user = match db.get_user(&pubkey_vec).await {
+        Ok(user) => user,
+        Err(_) => return AdminResponse::error("User not found"),
+    };
+
+    if !admin_user.is_admin {
+        return AdminResponse::error("User is not an admin");
+    }
+
+    // Parse target user pubkey
+    let target_pubkey = match hex::decode(user_pubkey) {
+        Ok(pk) => pk,
+        Err(_) => return AdminResponse::error("Invalid pubkey format"),
+    };
+
+    // Get all file IDs for the target user
+    let file_ids = match db.get_user_file_ids(&target_pubkey).await {
+        Ok(ids) => ids,
+        Err(e) => return AdminResponse::error(&format!("Failed to get user files: {}", e)),
+    };
+
+    let mut deleted_count = 0;
+    let mut failed_count = 0;
+
+    // Delete each file
+    for file_id in file_ids {
+        // Delete file ownership records
+        if let Err(e) = db.delete_all_file_owner(&file_id).await {
+            log::warn!("Failed to delete file ownership for file {}: {}", hex::encode(&file_id), e);
+            failed_count += 1;
+            continue;
+        }
+
+        // Delete file record from database
+        if let Err(e) = db.delete_file(&file_id).await {
+            log::warn!("Failed to delete file record for file {}: {}", hex::encode(&file_id), e);
+            failed_count += 1;
+            continue;
+        }
+
+        // Delete physical file
+        if let Err(e) = tokio::fs::remove_file(fs.get(&file_id)).await {
+            log::warn!("Failed to delete physical file {}: {}", hex::encode(&file_id), e);
+            // Don't increment failed_count here as the DB record is already deleted
+        }
+
+        deleted_count += 1;
+    }
+
+    if failed_count > 0 {
+        AdminResponse::error(&format!("Partially completed: {} files deleted, {} failed", deleted_count, failed_count))
+    } else {
+        AdminResponse::success(())
+    }
+}
+
 impl Database {
     pub async fn list_all_files(
         &self,
diff --git a/ui_src/src/upload/admin.ts b/ui_src/src/upload/admin.ts
@@ -115,6 +115,12 @@ export class Route96 {
     return data;
   }
 
+  async purgeUser(pubkey: string) {
+    const rsp = await this.#req(`admin/user/${pubkey}/purge`, "DELETE");
+    const data = await this.#handleResponse<AdminResponse<void>>(rsp);
+    return data;
+  }
+
   async getPaymentInfo() {
     const rsp = await this.#req("payment", "GET");
     if (rsp.ok) {
diff --git a/ui_src/src/views/user-scope.tsx b/ui_src/src/views/user-scope.tsx
@@ -14,6 +14,7 @@ export default function UserScope() {
   const [error, setError] = useState<string>();
   const [loading, setLoading] = useState(true);
   const [filesPage, setFilesPage] = useState(0);
+  const [purging, setPurging] = useState(false);
 
   const login = useLogin();
   const pub = usePublisher();
@@ -54,6 +55,44 @@ export default function UserScope() {
     }
   }, [pub, self?.is_admin, pubkey, filesPage, url]);
 
+  async function handlePurgeUser() {
+    if (!pub || !pubkey) return;
+    
+    const confirmed = window.confirm(
+      `Are you sure you want to delete ALL files for this user?\n\nThis action cannot be undone and will permanently delete:\n- ${userInfo?.file_count || 0} files\n- ${FormatBytes(userInfo?.total_size || 0, 2)} of storage\n\nType "DELETE" to confirm.`
+    );
+    
+    if (!confirmed) return;
+    
+    const confirmText = window.prompt(
+      'Please type "DELETE" to confirm this destructive action:'
+    );
+    
+    if (confirmText !== "DELETE") {
+      alert("Confirmation text did not match. Operation cancelled.");
+      return;
+    }
+
+    setPurging(true);
+    setError(undefined);
+    
+    try {
+      const r96 = new Route96(url, pub);
+      await r96.purgeUser(pubkey);
+      
+      // Refresh user info to show updated counts
+      const response = await r96.getUserInfo(pubkey, filesPage, 50);
+      setUserInfo(response.data);
+      
+      alert("User account purged successfully. All files have been deleted.");
+    } catch (e) {
+      const message = e instanceof Error ? e.message : "Failed to purge user account";
+      setError(message);
+    } finally {
+      setPurging(false);
+    }
+  }
+
   if (loading) {
     return (
       <div className="flex justify-center items-center h-64">
@@ -161,6 +200,28 @@ export default function UserScope() {
               </div>
             )}
           </div>
+          
+          {/* Danger Zone */}
+          <div className="mt-6 pt-6 border-t border-neutral-600">
+            <h4 className="text-lg font-semibold mb-4 text-red-400">Danger Zone</h4>
+            <div className="bg-red-900/20 border border-red-700/50 rounded-lg p-4">
+              <div className="flex items-center justify-between">
+                <div>
+                  <h5 className="text-sm font-medium text-red-300">Purge User Account</h5>
+                  <p className="text-sm text-red-400/80 mt-1">
+                    Permanently delete all {userInfo.file_count} files for this user ({FormatBytes(userInfo.total_size, 2)})
+                  </p>
+                </div>
+                <button
+                  onClick={handlePurgeUser}
+                  disabled={purging || userInfo.file_count === 0}
+                  className="bg-red-600 hover:bg-red-500 disabled:bg-red-800 disabled:text-red-400 text-white px-4 py-2 rounded font-medium text-sm transition-colors"
+                >
+                  {purging ? "Purging..." : "Purge Account"}
+                </button>
+              </div>
+            </div>
+          </div>
         </div>
       </div>
 
diff --git a/ui_src/tsconfig.app.tsbuildinfo b/ui_src/tsconfig.app.tsbuildinfo
@@ -1 +1 @@
-{"root":["./src/App.tsx","./src/const.ts","./src/login.ts","./src/main.tsx","./src/vite-env.d.ts","./src/components/button.tsx","./src/components/mirror-suggestions.tsx","./src/components/payment.tsx","./src/components/profile.tsx","./src/components/progress-bar.tsx","./src/hooks/login.ts","./src/hooks/publisher.ts","./src/hooks/use-blossom-servers.ts","./src/upload/admin.ts","./src/upload/blossom.ts","./src/upload/index.ts","./src/upload/nip96.ts","./src/upload/progress.ts","./src/views/admin.tsx","./src/views/files.tsx","./src/views/header.tsx","./src/views/reports.tsx","./src/views/upload.tsx","./src/views/user-scope.tsx"],"version":"5.6.2"}
+{"root":["./src/App.tsx","./src/const.ts","./src/login.ts","./src/main.tsx","./src/vite-env.d.ts","./src/components/button.tsx","./src/components/mirror-suggestions.tsx","./src/components/payment.tsx","./src/components/profile.tsx","./src/components/progress-bar.tsx","./src/hooks/login.ts","./src/hooks/publisher.ts","./src/hooks/use-blossom-servers.ts","./src/upload/admin.ts","./src/upload/blossom.ts","./src/upload/index.ts","./src/upload/nip96.ts","./src/upload/progress.ts","./src/views/admin.tsx","./src/views/files.tsx","./src/views/header.tsx","./src/views/reports.tsx","./src/views/upload.tsx","./src/views/user-scope.tsx"],"version":"5.8.3"}
diff --git a/ui_src/tsconfig.node.tsbuildinfo b/ui_src/tsconfig.node.tsbuildinfo
@@ -1 +1 @@
-{"root":["./vite.config.ts"],"version":"5.6.2"}
+{"root":["./vite.config.ts"],"version":"5.8.3"}
diff --git a/ui_src/yarn.lock b/ui_src/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		-{"root":["./src/App.tsx","./src/const.ts","./src/login.ts","./src/main.tsx","./src/vite-env.d.ts","./src/components/button.tsx","./src/components/mirror-suggestions.tsx","./src/components/payment.tsx","./src/components/profile.tsx","./src/components/progress-bar.tsx","./src/hooks/login.ts","./src/hooks/publisher.ts","./src/hooks/use-blossom-servers.ts","./src/upload/admin.ts","./src/upload/blossom.ts","./src/upload/index.ts","./src/upload/nip96.ts","./src/upload/progress.ts","./src/views/admin.tsx","./src/views/files.tsx","./src/views/header.tsx","./src/views/reports.tsx","./src/views/upload.tsx","./src/views/user-scope.tsx"],"version":"5.6.2"}
	`1`	+{"root":["./src/App.tsx","./src/const.ts","./src/login.ts","./src/main.tsx","./src/vite-env.d.ts","./src/components/button.tsx","./src/components/mirror-suggestions.tsx","./src/components/payment.tsx","./src/components/profile.tsx","./src/components/progress-bar.tsx","./src/hooks/login.ts","./src/hooks/publisher.ts","./src/hooks/use-blossom-servers.ts","./src/upload/admin.ts","./src/upload/blossom.ts","./src/upload/index.ts","./src/upload/nip96.ts","./src/upload/progress.ts","./src/views/admin.tsx","./src/views/files.tsx","./src/views/header.tsx","./src/views/reports.tsx","./src/views/upload.tsx","./src/views/user-scope.tsx"],"version":"5.8.3"}
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-{"root":["./vite.config.ts"],"version":"5.6.2"}`
	`1`	`+{"root":["./vite.config.ts"],"version":"5.8.3"}`