alvis/oO
1
0
Fork 0
Code Issues 34 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: complete M0 — legal pages, consent, tip_views metrics, account deletion UI

Browse Source 
- /legal/terms and /legal/privacy pages (linked from sign-in)
- Consent (consentGiven=true) recorded on first Google sign-in
- tip_views table: one row per tip served — enables activation + reaction rate queries
- tip_views purged on account deletion
- Delete account button on /connect (confirm → revoke tokens → purge data → sign out)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
alvis
2026-04-15 09:09:08 +00:00
parent 888f8b9a99
commit f6c890213b
18 changed files with 438 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
services/api/src/routes/user.ts
View File

@@ -1,6 +1,6 @@
import { type Router as ExpressRouter, Router, Response } from 'express';
import { db } from '../db/index.js';
import { users, integrationTokens, tipFeedback, sessions } from '../db/schema.js';
import { users, integrationTokens, tipFeedback, tipViews, sessions } from '../db/schema.js';
import { eq } from 'drizzle-orm';
import { requireAuth, AuthenticatedRequest } from '../middleware/session.js';
@@ -54,6 +54,7 @@ router.delete('/me', requireAuth, async (req: AuthenticatedRequest, res: Respons
// Delete cascade
await db.delete(integrationTokens).where(eq(integrationTokens.userId, userId));
await db.delete(tipFeedback).where(eq(tipFeedback.userId, userId));
await db.delete(tipViews).where(eq(tipViews.userId, userId));
await db.delete(sessions).where(eq(sessions.userId, userId));
// Soft-delete user (GDPR: keep audit trail row without PII)