Add backend user deletion cascade cleanup endpoint

Author: fuzziecoder

backend/README.md

@@ -34,6 +34,7 @@ Server starts at `http://localhost:4000` by default.
 - `GET /api/orders?spotId=...&userId=...`
 - `POST /api/orders`
 - `GET /api/bills/:spotId`
+- `DELETE /api/users/:userId` (removes the user and all related records)
 
 ## Example login payload
 

backend/db.js

@@ -53,7 +53,7 @@ db.exec(`
     location TEXT NOT NULL,
     date TEXT NOT NULL,
     host_user_id TEXT NOT NULL,
-    FOREIGN KEY (host_user_id) REFERENCES users(id)
+    FOREIGN KEY (host_user_id) REFERENCES users(id) ON DELETE CASCADE
   );
 
   CREATE TABLE IF NOT EXISTS catalog_items (
@@ -70,7 +70,7 @@ db.exec(`
     total_amount REAL NOT NULL,
     created_at TEXT NOT NULL,
     FOREIGN KEY (spot_id) REFERENCES spots(id),
-    FOREIGN KEY (user_id) REFERENCES users(id)
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
   );
 
   CREATE TABLE IF NOT EXISTS order_items (
@@ -160,6 +160,9 @@ const userExistsStatement = db.prepare('SELECT 1 AS found FROM users WHERE id =
 const spotExistsStatement = db.prepare('SELECT 1 AS found FROM spots WHERE id = ? LIMIT 1');
 const getUserByUsernameStatement = db.prepare('SELECT id, username, password, name, role FROM users WHERE username = ?');
 const updateUserPasswordStatement = db.prepare('UPDATE users SET password = ? WHERE id = ?');
+const deleteUserByIdStatement = db.prepare('DELETE FROM users WHERE id = ?');
+const deleteOrdersByUserIdStatement = db.prepare('DELETE FROM orders WHERE user_id = ?');
+const deleteSpotsByHostUserIdStatement = db.prepare('DELETE FROM spots WHERE host_user_id = ?');
 
 export const database = {
   getUserByCredentials(username, password) {
@@ -303,6 +306,21 @@ export const database = {
     };
   },
 
+  deleteUserCompletely(userId) {
+    db.exec('BEGIN');
+
+    try {
+      deleteOrdersByUserIdStatement.run(userId);
+      deleteSpotsByHostUserIdStatement.run(userId);
+      deleteUserByIdStatement.run(userId);
+
+      db.exec('COMMIT');
+    } catch (error) {
+      db.exec('ROLLBACK');
+      throw error;
+    }
+  },
+
   getBillBySpotId(spotId) {
     const summaryRows = db
       .prepare(

backend/server.js

@@ -9,7 +9,7 @@ const sendJson = (res, statusCode, body) => {
     'Content-Type': 'application/json',
     'Access-Control-Allow-Origin': '*',
     'Access-Control-Allow-Headers': 'Content-Type',
-    'Access-Control-Allow-Methods': 'GET,POST,OPTIONS',
+    'Access-Control-Allow-Methods': 'GET,POST,DELETE,OPTIONS',
   });
   res.end(JSON.stringify(body));
 };
@@ -149,6 +149,24 @@ const server = createServer(async (req, res) => {
     return;
   }
 
+  if (method === 'DELETE' && path.startsWith('/api/users/')) {
+    const userId = path.replace('/api/users/', '');
+
+    if (!userId) {
+      sendJson(res, 400, { error: 'userId is required' });
+      return;
+    }
+
+    if (!database.userExists(userId)) {
+      sendJson(res, 404, { error: `Unknown userId: ${userId}` });
+      return;
+    }
+
+    database.deleteUserCompletely(userId);
+    sendJson(res, 200, { success: true, deletedUserId: userId });
+    return;
+  }
+
   sendJson(res, 404, { error: 'Route not found' });
 });