feat: account deletion

internal/routes/routes.go

@@ -34,6 +34,7 @@ func SetupRoutes(a *app.App) http.Handler {
 		middleware.NoCacheDynamic,
 		middleware.CSRFProtection,
 		middleware.AuthMiddleware(a.AuthService, a.UserService),
+		middleware.BlockPendingDeletion,
 		middleware.WithURLPath,
 		middleware.WithSidebarState,
 	)
@@ -83,6 +84,10 @@ func SetupRoutes(a *app.App) http.Handler {
 	})
 	r.Post("/auth/logout", authH.Logout).Name("action.auth.logout")
 
+	// Account pending deletion page — reachable while the deletion worker
+	// finishes wiping the user's data.
+	r.Get("/account-pending-deletion", settingsH.AccountPendingDeletionPage).Name("page.account.pending-deletion")
+
 	// App routes
 	r.Group("/app", func(g *router.Group) {
 		g.Use(middleware.RequireAuth)
@@ -154,6 +159,7 @@ func SetupRoutes(a *app.App) http.Handler {
 			g.SubGroup("", func(g *router.Group) {
 				g.RateLimit(5, 15*time.Minute)
 				g.Post("/password", settingsH.SetPassword).Name("action.app.settings.password.set")
+				g.Post("/delete-account", settingsH.DeleteAccount).Name("action.app.settings.account.delete")
 			})
 		})
 	})

internal/routes/routes_test.go

@@ -27,7 +27,7 @@ func newTestApp(dbi testutil.DBInfo) *app.App {
 	accountSvc := service.NewAccountService(accountRepo)
 	emailSvc := service.NewEmailService(nil, "test@example.com", "http://localhost:9999", "Budgit Test", false)
 	authSvc := service.NewAuthService(emailSvc, userRepo, tokenRepo, spaceSvc, accountSvc, cfg.JWTSecret, cfg.JWTExpiry, cfg.TokenMagicLinkExpiry, false, false)
-	userSvc := service.NewUserService(userRepo)
+	userSvc := service.NewUserService(dbi.DB, userRepo, repository.NewAccountDeletionRequestRepository(dbi.DB))
 	inviteSvc := service.NewInviteService(inviteRepo, spaceRepo, userRepo, emailSvc, nil)
 
 	return &app.App{