Skip to content

feat: implement user profile deletion and compliance updates#19

Merged
Scetrov merged 23 commits into
mainfrom
feat/compliance
Feb 14, 2026
Merged

feat: implement user profile deletion and compliance updates#19
Scetrov merged 23 commits into
mainfrom
feat/compliance

Conversation

@Scetrov

@Scetrov Scetrov commented Feb 13, 2026

Copy link
Copy Markdown
Owner

1. Title

feat: implement user profile deletion and compliance updates

2. Description

What?

This PR introduces the ability for users to delete their profiles, adds essential legal documentation (Privacy Policy, Terms of Service, etc.), and updates the codebase to use more inclusive language ("denylist" instead of "blacklist").

Why?

  • Compliance: To adhere to data privacy regulations (GDPR/CCPA), users must have a way to delete their accounts and be informed of their rights through legal documentation.
  • Inclusivity: Standardizing inclusive language across the project.
  • Security: Ensuring that deleted users' identifiers (Discord ID, Wallets) are denylisted (hashed) to prevent re-registration or misuse of deleted accounts.

How?

  • Backend:
    • Implemented delete_profile endpoint in auth.rs.
    • Added hashing logic to safely store denylisted identifiers.
    • Updated database schemas and queries to use denylisted terminology.
  • Frontend:
    • Added ConfirmationModal for critical actions like account deletion.
    • Implemented deleted.tsx route for the post-deletion state.
    • Added static markdown files for legal policies and a generic $page.tsx route to render them.
    • Updated DashboardLayout and AuthProvider to handle the new routes and states.

3. Type of Change

  • feat: A new feature
  • fix: A bug fix
  • docs: Documentation only changes
  • style: Changes that do not affect the meaning of the code (white-space, formatting, etc.)
  • refactor: A code change that neither fixes a bug nor adds a feature
  • perf: A code change that improves performance
  • test: Adding missing tests or correcting existing tests
  • chore: Changes to the build process or auxiliary tools and libraries

4. Development Checklist

  • Rust: Ran cargo fmt and cargo clippy.
  • TypeScript: Ran bun run lint in the frontend directory.
  • Migrations: If the database schema was modified, ran sqlx migrate run and updated sqlx-data.json via cargo sqlx prepare.
  • Testing: Verified changes locally with appropriate tests.
  • Release: Confirmed that any necessary version metadata patching is compatible with the automated release workflow.

5. Security Assessment

Evaluating against OWASP Top 10:2025 guidelines.

  • Access Control: Verified that AuthenticatedUser extractors properly validate session state and that deletion is restricted to the owner.
  • Injection: Verified that all new SQLx queries use parameterized inputs for denylist checks.
  • Cryptographic: Implemented salted hashing for denylisted identifiers to ensure privacy while maintaining security.
  • CORS/Infrastructure: No changes to infrastructure or overly permissive policies.
OWASP Mapping MITRE ATT&CK ID Impact Description
A01:2025 T1078 Verified session boundaries for profile deletion.
A03:2025 T1059 Used parameterized SQLx queries.

6. Frontend (if applicable)

  • Components adhere to the "Design System".
  • Screenshots or screen recordings of the UI changes are attached below. (To be added manually).

7. Reviewer Feedback & Resolution

This PR follows the "Fix & Reply" loop for all unresolved comments.

  • I have replied directly to all reviewer comment threads with a resolution summary.
  • All fixes are committed atomically with references to the specific feedback.

# Please enter a commit message to explain why this merge is necessary,
# especially if it merges an updated upstream into a topic branch.
#
# Lines starting with '#' will be ignored, and an empty message aborts
# the commit.
@Scetrov Scetrov self-assigned this Feb 13, 2026
@Scetrov Scetrov added the dependencies Pull requests that update a dependency file label Feb 13, 2026
Copilot AI review requested due to automatic review settings February 13, 2026 21:31

This comment was marked as resolved.

Copilot AI review requested due to automatic review settings February 13, 2026 22:09

This comment was marked as resolved.

Copilot AI review requested due to automatic review settings February 13, 2026 22:45
@Scetrov

Scetrov commented Feb 13, 2026

Copy link
Copy Markdown
Owner Author

I have addressed the second round of review comments.

Key changes:

  • Enforced IDENTITY_HASH_PEPPER to prevent insecure fallbacks.
  • Fixed a potential SQLite deadlock by moving log_audit after transaction commit.
  • Expanded account deletion scrubbing to include user_tribes, mumble_accounts, and notes.
  • Improved ConfirmationModal accessibility (ARIA roles, keyboard support) and user flow (redirecting to /deleted).

Verified with pre-commit run --all. Commit: 5730d5e

This comment was marked as resolved.

@Scetrov
Scetrov enabled auto-merge (squash) February 13, 2026 23:11
@Scetrov
Scetrov disabled auto-merge February 13, 2026 23:13
Copilot AI review requested due to automatic review settings February 13, 2026 23:24

This comment was marked as resolved.

@Scetrov Scetrov added the enhancement New feature or request label Feb 14, 2026
@Scetrov
Scetrov enabled auto-merge (squash) February 14, 2026 15:35
@Scetrov Scetrov changed the title Compliance feat: implement user profile deletion and compliance updates Feb 14, 2026
@Scetrov
Scetrov merged commit fada80c into main Feb 14, 2026
12 checks passed
@Scetrov
Scetrov deleted the feat/compliance branch February 14, 2026 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants