From 92cf8c9158d7d46fc628acdabe9f39d038e1626f Mon Sep 17 00:00:00 2001 From: rissrice2105-agent Date: Tue, 30 Jun 2026 23:39:59 -0600 Subject: [PATCH] fix(keys): remove stale user update on delete --- src/app/api/keys/delete/route.js | 13 +---- src/app/api/keys/delete/route.test.js | 74 +++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 11 deletions(-) create mode 100644 src/app/api/keys/delete/route.test.js diff --git a/src/app/api/keys/delete/route.js b/src/app/api/keys/delete/route.js index 0e23c08..5647d3c 100644 --- a/src/app/api/keys/delete/route.js +++ b/src/app/api/keys/delete/route.js @@ -7,7 +7,7 @@ import { NextResponse } from 'next/server'; import { createSupabaseServerClient } from '@/lib/supabase.js'; import { createClient } from '@supabase/supabase-js'; -export async function POST(request, { params } = {}) { +export async function POST() { try { // Create Supabase client using the server client helper (handles auth automatically) const supabase = await createSupabaseServerClient(); @@ -35,15 +35,6 @@ export async function POST(request, { params } = {}) { .delete() .eq('user_id', user.id); - // Also clear from users table if needed - const { error: updateError } = await serviceSupabase - .from('users') - .update({ - ml_kem_public_key: null, - updated_at: new Date().toISOString() - }) - .eq('user_id', user.id); - if (deleteError) { console.error('Database deletion failed:', deleteError); return NextResponse.json({ error: `Database deletion failed: ${deleteError.message}` }, { status: 500 }); @@ -56,4 +47,4 @@ export async function POST(request, { params } = {}) { console.error('Key deletion API error:', error); return NextResponse.json({ error: 'Internal server error' }, { status: 500 }); } -} \ No newline at end of file +} diff --git a/src/app/api/keys/delete/route.test.js b/src/app/api/keys/delete/route.test.js new file mode 100644 index 0000000..c131698 --- /dev/null +++ b/src/app/api/keys/delete/route.test.js @@ -0,0 +1,74 @@ +import { beforeEach, describe, expect, it, vi } from 'vitest'; + +const mocks = vi.hoisted(() => ({ + authGetUser: vi.fn(), + from: vi.fn() +})); + +vi.mock('@/lib/supabase.js', () => ({ + createSupabaseServerClient: vi.fn(async () => ({ + auth: { + getUser: mocks.authGetUser + } + })) +})); + +vi.mock('@supabase/supabase-js', () => ({ + createClient: vi.fn(() => ({ + from: mocks.from + })) +})); + +function createDeleteQuery(result) { + const query = { + delete: vi.fn(() => query), + eq: vi.fn().mockResolvedValue(result) + }; + return query; +} + +describe('POST /api/keys/delete', () => { + beforeEach(() => { + vi.resetModules(); + vi.clearAllMocks(); + + mocks.authGetUser.mockResolvedValue({ + data: { user: { id: 'auth-user-id' } }, + error: null + }); + }); + + it('deletes the authenticated public key without touching the users profile table', async () => { + const deleteQuery = createDeleteQuery({ error: null }); + mocks.from.mockImplementation((table) => { + if (table === 'user_public_keys') return deleteQuery; + throw new Error(`Unexpected table: ${table}`); + }); + + const { POST } = await import('./route.js'); + const response = await POST(); + const body = await response.json(); + + expect(response.status).toBe(200); + expect(body).toEqual({ success: true, message: 'Public key deleted successfully' }); + expect(mocks.from).toHaveBeenCalledWith('user_public_keys'); + expect(mocks.from).not.toHaveBeenCalledWith('users'); + expect(deleteQuery.eq).toHaveBeenCalledWith('user_id', 'auth-user-id'); + }); + + it('returns a database error when public key deletion fails', async () => { + const deleteQuery = createDeleteQuery({ error: { message: 'delete failed' } }); + mocks.from.mockImplementation((table) => { + if (table === 'user_public_keys') return deleteQuery; + throw new Error(`Unexpected table: ${table}`); + }); + + const { POST } = await import('./route.js'); + const response = await POST(); + const body = await response.json(); + + expect(response.status).toBe(500); + expect(body).toEqual({ error: 'Database deletion failed: delete failed' }); + expect(mocks.from).not.toHaveBeenCalledWith('users'); + }); +});