feat: 添加账号删除功能

backend/alembic/versions/20260407_0002_add_invite_codes.py

@@ -124,7 +124,7 @@ def upgrade() -> None:
                 lifetime_spent,
                 version
             )
-            VALUES (new.id, 100, 0, 100, 0, 0)
+            VALUES (new.id, 60, 0, 60, 0, 0)
             ON CONFLICT (user_id) DO NOTHING;
 
             INSERT INTO public.points_ledger (
@@ -144,8 +144,8 @@ def upgrade() -> None:
                 v_ledger_id,
                 new.id,
                 1,
-                100,
-                100,
+                60,
+                60,
                 'register',
                 null,
                 null,
@@ -269,7 +269,7 @@ def downgrade() -> None:
                 lifetime_spent,
                 version
             )
-            VALUES (new.id, 100, 0, 100, 0, 0)
+            VALUES (new.id, 60, 0, 60, 0, 0)
             ON CONFLICT (user_id) DO NOTHING;
 
             INSERT INTO public.points_ledger (
@@ -289,8 +289,8 @@ def downgrade() -> None:
                 v_ledger_id,
                 new.id,
                 1,
-                100,
-                100,
+                60,
+                60,
                 'register',
                 null,
                 null,

backend/alembic/versions/20260409_0004_update_signup_welcome_points_to_60.py

@@ -0,0 +1,54 @@
+"""update signup welcome points from 100 to 60
+
+Revision ID: 20260409_0004
+Revises: 20260407_0003
+Create Date: 2026-04-09 00:00:00
+"""
+
+from typing import Sequence, Union
+
+from alembic import op
+
+revision: str = "20260409_0004"
+down_revision: Union[str, Sequence[str], None] = "20260407_0003"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def _rewrite_signup_function(*, from_points: int, to_points: int) -> None:
+    op.execute(
+        f"""
+        DO $$
+        DECLARE
+            v_def text;
+            v_from_points text := '{from_points}';
+            v_to_points text := '{to_points}';
+        BEGIN
+            SELECT pg_get_functiondef('public.initialize_profile_and_invite_code_on_signup()'::regprocedure)
+            INTO v_def;
+
+            v_def := regexp_replace(
+                v_def,
+                'VALUES \\(new\\.id,\\s*' || v_from_points || ',\\s*0,\\s*' || v_from_points || ',\\s*0,\\s*0\\)',
+                'VALUES (new.id, ' || v_to_points || ', 0, ' || v_to_points || ', 0, 0)'
+            );
+
+            v_def := regexp_replace(
+                v_def,
+                E'\\n\\s*' || v_from_points || ',\\n\\s*' || v_from_points || ',\\n\\s*''register''',
+                E'\\n                ' || v_to_points || ',\\n                ' || v_to_points || ',\\n                ''register'''
+            );
+
+            EXECUTE v_def;
+        END;
+        $$;
+        """
+    )
+
+
+def upgrade() -> None:
+    _rewrite_signup_function(from_points=100, to_points=60)
+
+
+def downgrade() -> None:
+    _rewrite_signup_function(from_points=60, to_points=100)

backend/src/services/base/supabase.py

@@ -271,6 +271,76 @@ class SupabaseService(BaseServiceProvider):
                 return signed_url
         raise RuntimeError("Invalid signed url payload")
 
+    async def delete_prefix(self, *, bucket: str, prefix: str) -> int:
+        normalized_prefix = prefix.strip("/")
+
+        def _delete_prefix() -> int:
+            bucket_client = self._ensure_bucket_client(bucket)
+            list_objects = getattr(bucket_client, "list", None)
+            remove_objects = getattr(bucket_client, "remove", None)
+            if not callable(list_objects) or not callable(remove_objects):
+                raise RuntimeError("Supabase storage delete APIs are unavailable")
+
+            offset = 0
+            limit = 100
+            total_deleted = 0
+
+            while True:
+                options = {
+                    "limit": limit,
+                    "offset": offset,
+                    "sortBy": {"column": "name", "order": "asc"},
+                }
+                try:
+                    raw_entries = list_objects(normalized_prefix, options)
+                except TypeError:
+                    raw_entries = list_objects(normalized_prefix)
+
+                entries = raw_entries if isinstance(raw_entries, list) else []
+                if not entries:
+                    break
+
+                paths: list[str] = []
+                for entry in entries:
+                    name: str | None = None
+                    if isinstance(entry, dict):
+                        raw_name = entry.get("name")
+                        if isinstance(raw_name, str) and raw_name:
+                            name = raw_name
+                    else:
+                        raw_name = getattr(entry, "name", None)
+                        if isinstance(raw_name, str) and raw_name:
+                            name = raw_name
+                    if name is None:
+                        continue
+                    if normalized_prefix:
+                        paths.append(f"{normalized_prefix}/{name}")
+                    else:
+                        paths.append(name)
+
+                if paths:
+                    remove_objects(paths)
+                    total_deleted += len(paths)
+
+                if len(entries) < limit:
+                    break
+                offset += limit
+
+            return total_deleted
+
+        return await asyncio.to_thread(_delete_prefix)
+
+    async def delete_auth_user(self, *, user_id: str) -> None:
+        def _delete_auth_user() -> None:
+            admin_client = self.get_admin_client()
+            auth_admin = getattr(getattr(admin_client, "auth", None), "admin", None)
+            delete_user = getattr(auth_admin, "delete_user", None)
+            if not callable(delete_user):
+                raise RuntimeError("Supabase admin delete_user API is unavailable")
+            delete_user(user_id)
+
+        await asyncio.to_thread(_delete_auth_user)
+
     def parse_signed_url(self, url: str) -> tuple[str, str]:
         from urllib.parse import urlparse
 

backend/src/v1/users/router.py

@@ -1,6 +1,6 @@
 from __future__ import annotations
 
-from fastapi import APIRouter, Depends, File, UploadFile
+from fastapi import APIRouter, Depends, File, Response, UploadFile
 
 from v1.users.dependencies import get_user_service
 from v1.users.schemas import (
@@ -54,3 +54,11 @@ async def upload_avatar(
     service: UserService = Depends(get_user_service),
 ) -> ProfileResponse:
     return await service.upload_avatar(file)
+
+
+@router.delete("/me", status_code=204)
+async def delete_my_account(
+    service: UserService = Depends(get_user_service),
+) -> Response:
+    await service.delete_account()
+    return Response(status_code=204)

backend/src/v1/users/service.py

@@ -290,6 +290,46 @@ class UserService:
         await self.repository.save()
         return await self.get_profile()
 
+    async def delete_account(self) -> None:
+        user_id = str(self.current_user.id)
+        avatar_bucket = config.storage.avatar.bucket
+        avatar_prefix = f"{self.current_user.id}/"
+
+        try:
+            await self.attachment_storage.delete_prefix(
+                bucket=avatar_bucket,
+                prefix=avatar_prefix,
+            )
+        except Exception as exc:
+            logger.exception(
+                "Account deletion failed while cleaning avatar objects",
+                user_id=user_id,
+                bucket=avatar_bucket,
+                prefix=avatar_prefix,
+            )
+            raise ApiProblemError(
+                status_code=502,
+                detail=problem_payload(
+                    code="PROFILE_DELETE_FAILED",
+                    detail="Failed to delete account data",
+                ),
+            ) from exc
+
+        try:
+            await self.attachment_storage.delete_auth_user(user_id=user_id)
+        except Exception as exc:
+            logger.exception(
+                "Account deletion failed while deleting auth user",
+                user_id=user_id,
+            )
+            raise ApiProblemError(
+                status_code=502,
+                detail=problem_payload(
+                    code="PROFILE_DELETE_FAILED",
+                    detail="Failed to delete account data",
+                ),
+            ) from exc
+
     async def _resolve_avatar_url(self, avatar_path: str | None) -> str | None:
         if avatar_path is None:
             return None

backend/tests/unit/test_user_service_delete_account.py

@@ -0,0 +1,94 @@
+from __future__ import annotations
+
+from uuid import uuid4
+
+import pytest
+
+from core.auth.models import CurrentUser
+from core.http.errors import ApiProblemError
+from v1.users.service import UserService
+
+
+class _NoopRepository:
+    pass
+
+
+class _FakeStorage:
+    def __init__(self) -> None:
+        self.deleted_prefix_calls: list[tuple[str, str]] = []
+        self.deleted_auth_user_calls: list[str] = []
+
+    async def delete_prefix(self, *, bucket: str, prefix: str) -> int:
+        self.deleted_prefix_calls.append((bucket, prefix))
+        return 0
+
+    async def delete_auth_user(self, *, user_id: str) -> None:
+        self.deleted_auth_user_calls.append(user_id)
+
+
+@pytest.mark.asyncio
+async def test_delete_account_success_calls_storage_cleanup_and_auth_delete() -> None:
+    user = CurrentUser(id=uuid4(), email="test@example.com")
+    storage = _FakeStorage()
+    service = UserService(
+        current_user=user,
+        repository=_NoopRepository(),  # type: ignore[arg-type]
+        attachment_storage=storage,  # type: ignore[arg-type]
+    )
+
+    await service.delete_account()
+
+    assert storage.deleted_prefix_calls == [("avatars", f"{user.id}/")]
+    assert storage.deleted_auth_user_calls == [str(user.id)]
+
+
+@pytest.mark.asyncio
+async def test_delete_account_raises_profile_delete_failed_on_storage_cleanup_error() -> (
+    None
+):
+    user = CurrentUser(id=uuid4(), email="test@example.com")
+
+    class _FailingStorage(_FakeStorage):
+        async def delete_prefix(self, *, bucket: str, prefix: str) -> int:
+            raise RuntimeError("storage unavailable")
+
+    storage = _FailingStorage()
+    service = UserService(
+        current_user=user,
+        repository=_NoopRepository(),  # type: ignore[arg-type]
+        attachment_storage=storage,  # type: ignore[arg-type]
+    )
+
+    with pytest.raises(ApiProblemError) as exc_info:
+        await service.delete_account()
+
+    err = exc_info.value
+    assert err.status_code == 502
+    assert err.code == "PROFILE_DELETE_FAILED"
+    assert storage.deleted_auth_user_calls == []
+
+
+@pytest.mark.asyncio
+async def test_delete_account_raises_profile_delete_failed_on_auth_delete_error() -> (
+    None
+):
+    user = CurrentUser(id=uuid4(), email="test@example.com")
+
+    class _FailingStorage(_FakeStorage):
+        async def delete_auth_user(self, *, user_id: str) -> None:
+            raise RuntimeError("delete user failed")
+
+    storage = _FailingStorage()
+    service = UserService(
+        current_user=user,
+        repository=_NoopRepository(),  # type: ignore[arg-type]
+        attachment_storage=storage,  # type: ignore[arg-type]
+    )
+
+    with pytest.raises(ApiProblemError) as exc_info:
+        await service.delete_account()
+
+    err = exc_info.value
+    assert err.status_code == 502
+    assert err.code == "PROFILE_DELETE_FAILED"
+    assert storage.deleted_prefix_calls == [("avatars", f"{user.id}/")]