Skip to content

Commit fada80c

Browse files
authored
Compliance (#19)
* fat: compliance docs * fix: update wording * feat: delete profile * fix: upgrade to modal * feat: completion of delete feature * fix: address review comment on privacy.md regarding typo * fix: address review comment on vite.config.ts regarding __dirname * perf: address review comment on .tsx by lazy loading markdown dependencies * fix: address review comment on main.rs regarding missing discord_login in OpenAPI paths * fix: address review comment on ConfirmationModal.tsx regarding design-system mismatch * fix: address review comment on cookies.md regarding auth token storage * fix: address second round of review comments on PR #19 * fix: address remaining PR comments * fix: playwright in CI * ci: add pepper * fix: address review comment on vite.config.ts regarding command injection * fix: address review comments on terminology and privacy policy accuracy * fix: address review comment on home.lazy.tsx regarding modal closure * docs: address review comment on .env.example regarding IDENTITY_HASH_PEPPER
1 parent aa93acc commit fada80c

29 files changed

Lines changed: 9859 additions & 47 deletions

.env.example

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,11 @@ DISCORD_REDIRECT_URI=http://localhost:5038/api/auth/discord/callback
1515
# Generate a strong random secret (e.g., openssl rand -base64 32)
1616
JWT_SECRET=your_jwt_secret_minimum_32_characters
1717

18+
# Secret pepper for hashing denylisted identifiers.
19+
# Generate a strong random string (e.g., openssl rand -base64 32)
20+
# Since state.rs uses .expect() this is REQUIRED for the backend to start.
21+
IDENTITY_HASH_PEPPER=your_random_pepper_string
22+
1823
# Frontend URL for CORS and redirects
1924
FRONTEND_URL=http://localhost:5173
2025

.github/workflows/ci.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ jobs:
3030
env:
3131
SCCACHE_GHA_ENABLED: "true"
3232
RUSTC_WRAPPER: "sccache"
33+
IDENTITY_HASH_PEPPER: ci-test-pepper
3334
steps:
3435
- name: Free Disk Space (Ubuntu)
3536
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
@@ -242,6 +243,7 @@ jobs:
242243
DATABASE_URL: "sqlite::memory:"
243244
JWT_SECRET: ci-test-secret
244245
FRONTEND_URL: http://localhost:4173
246+
IDENTITY_HASH_PEPPER: ci-test-pepper
245247

246248
- name: Upload blob report
247249
uses: actions/upload-artifact@v6

src/backend/Cargo.lock

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/backend/Cargo.toml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,3 +33,5 @@ utoipa = { version = "5.4.0", features = ["axum_extras", "uuid", "chrono"] }
3333
utoipa-scalar = { version = "0.3.0", features = ["axum"] }
3434
utoipa-swagger-ui = { version = "9.0.2", features = ["axum"] }
3535
bcrypt = "0.18.0"
36+
sha2 = "0.10.8"
37+
hex = "0.4.3"
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
-- Table to store hashed identifiers of deleted accounts to prevent circumvention
2+
CREATE TABLE IF NOT EXISTS identity_hashes (
3+
hash TEXT PRIMARY KEY,
4+
type TEXT NOT NULL, -- 'DISCORD' or 'WALLET'
5+
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
6+
);
7+
8+
CREATE INDEX IF NOT EXISTS idx_identity_hashes_type ON identity_hashes(type);

src/backend/src/audit.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ pub enum AuditAction {
2323
SuperAdminCreateTribe,
2424
SuperAdminUpdateTribe,
2525
SuperAdminDeleteWallet,
26+
DeleteUser,
2627
}
2728

2829
impl AuditAction {
@@ -45,6 +46,7 @@ impl AuditAction {
4546
AuditAction::SuperAdminCreateTribe => "SUPER_ADMIN_CREATE_TRIBE",
4647
AuditAction::SuperAdminUpdateTribe => "SUPER_ADMIN_UPDATE_TRIBE",
4748
AuditAction::SuperAdminDeleteWallet => "SUPER_ADMIN_DELETE_WALLET",
49+
AuditAction::DeleteUser => "DELETE_USER",
4850
}
4951
}
5052
}

0 commit comments

Comments
 (0)