From 4548a0c6694f6ab6f7ad0332a13da36de9797ba0 Mon Sep 17 00:00:00 2001
From: Mariano Fuentes <marfuen98@gmail.com>
Date: Thu, 31 Jul 2025 14:19:22 -0400
Subject: [PATCH] feat: enhance delete user API to require email for user
 deletion

- Updated the POST endpoint at /api/qa/delete-user to include email in the request body for user deletion.
- Modified error handling to check for both userId and email, returning appropriate error messages.
- Adjusted user existence check and deletion logic to validate against both userId and email.
---
 apps/app/src/app/api/qa/delete-user/route.ts | 21 +++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/apps/app/src/app/api/qa/delete-user/route.ts b/apps/app/src/app/api/qa/delete-user/route.ts
index ec02d4139..6f725f628 100644
--- a/apps/app/src/app/api/qa/delete-user/route.ts
+++ b/apps/app/src/app/api/qa/delete-user/route.ts
@@ -12,10 +12,11 @@ import { type NextRequest, NextResponse } from 'next/server';
  *
  * Body:
  * - userId: string - The ID of the user to delete.
+ * - email: string - The email of the user to delete.
  *
  * Returns:
  * - 200: { success: true, message: "User deleted successfully", userId: string }
- * - 400: { success: false, error: "Missing userId in request body" }
+ * - 400: { success: false, error: "Missing userId or email in request body" }
  * - 401: { success: false, error: "Unauthorized" }
  * - 500: { success: false, error: "Failed to delete user" }
  */
@@ -59,22 +60,25 @@ export async function POST(request: NextRequest) {
     );
   }
 
-  const { userId } = body;
+  const { userId, email } = body;
 
-  if (!userId) {
+  if (!userId || !email) {
     return NextResponse.json(
       {
         success: false,
-        error: 'Missing userId in request body',
+        error: 'Missing userId or email in request body',
       },
       { status: 400 },
     );
   }
 
   try {
-    // Check if user exists
+    // Check if user exists with matching id and email
     const existingUser = await db.user.findUnique({
-      where: { id: userId },
+      where: {
+        id: userId,
+        email: email,
+      },
     });
 
     if (!existingUser) {
@@ -89,7 +93,10 @@ export async function POST(request: NextRequest) {
 
     // Delete the user (cascading deletes will handle related records)
     await db.user.delete({
-      where: { id: userId },
+      where: {
+        id: userId,
+        email: email,
+      },
     });
 
     console.log(`QA: User ${userId} deleted successfully`);