customer-registration 0.0.111 → 0.0.113

package/.medusa/server/src/api/store/customers/otp/verify/route.js

@@ -5,10 +5,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.POST = void 0;
 const utils_1 = require("@medusajs/framework/utils");
+const generate_jwt_token_1 = require("@medusajs/medusa/api/auth/utils/generate-jwt-token");
 const otp_verification_1 = require("../../../../../modules/otp-verification");
 const otp_verification_2 = require("../../../../../modules/otp-verification/models/otp-verification");
 const verify_email_1 = __importDefault(require("../../../../../workflows/verify-email"));
 const verify_phone_1 = __importDefault(require("../../../../../workflows/verify-phone"));
+const config_1 = require("../../../../../config");
 const POST = async (req, res) => {
     const { token, code } = req.body;
     if (!token) {
@@ -21,12 +23,14 @@ const POST = async (req, res) => {
     const otpService = req.scope.resolve(otp_verification_1.OTP_VERIFICATION_MODULE);
     // Get JWT secret from config
     const config = req.scope.resolve(utils_1.ContainerRegistrationKeys.CONFIG_MODULE);
-    const jwtSecret = config?.projectConfig?.http?.jwtSecret || "supersecret";
+    const { http } = config.projectConfig;
+    const jwtSecret = http?.jwtSecret || "supersecret";
     // Verify OTP
     const verifyResult = await otpService.verifyOtp({
         token,
         code,
     }, jwtSecret);
+    const loginOptions = (0, config_1.resolveCustomerRegistrationOptions)(config);
     // Execute workflow based on type
     let result;
     if (verifyResult.type === otp_verification_2.OtpPurpose.EMAIL_VERIFICATION) {
@@ -45,6 +49,7 @@ const POST = async (req, res) => {
         const { result: workflowResult } = await (0, verify_phone_1.default)(req.scope).run({
             input: {
                 customer_id: verifyResult.customer_id,
+                login_identifier: loginOptions.login.identifier,
             },
         });
         result = {
@@ -56,7 +61,94 @@ const POST = async (req, res) => {
     else {
         throw new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "Invalid verification type");
     }
-    return res.status(200).json(result);
+    // When login.identifier is "both", automatically create the complementary
+    // auth identity (phonepass <-> emailpass) so the customer can log in with
+    // either provider without a separate registration step.
+    await ensureComplementaryAuthIdentity(result.customer?.id ?? "", result.customer ?? {}, verifyResult.type, loginOptions.login.identifier, req.scope).catch(() => {
+        // Non-fatal — customer can still log in with their original provider.
+        // The next successful OTP verification will retry.
+    });
+    let loginToken;
+    try {
+        const knex = req.scope.resolve(utils_1.ContainerRegistrationKeys.PG_CONNECTION);
+        const authRow = await knex.raw(`SELECT id FROM auth_identity WHERE app_metadata->>'customer_id' = ? LIMIT 1`, [result.customer?.id ?? ""]);
+        const authIdentityId = (authRow.rows?.[0] ?? authRow[0]?.[0])?.id;
+        if (authIdentityId && jwtSecret) {
+            const authService = req.scope.resolve(utils_1.Modules.AUTH);
+            const authIdentity = await authService.retrieveAuthIdentity(authIdentityId);
+            loginToken = await (0, generate_jwt_token_1.generateJwtTokenForAuthIdentity)({ authIdentity, actorType: "customer" }, { secret: jwtSecret, expiresIn: http.jwtExpiresIn || "7d" });
+        }
+    }
+    catch {
+        // token generation is best-effort; verification result is still returned
+    }
+    return res.status(200).json({
+        ...result,
+        token: loginToken ?? null,
+        needs_login: !loginToken,
+    });
 };
 exports.POST = POST;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL2N1c3RvbWVycy9vdHAvdmVyaWZ5L3JvdXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUNBLHFEQUdrQztBQUNsQyw4RUFBaUY7QUFFakYsc0dBQTRGO0FBQzVGLHlGQUF1RTtBQUN2RSx5RkFBdUU7QUFFaEUsTUFBTSxJQUFJLEdBQUcsS0FBSyxFQUFFLEdBQWtCLEVBQUUsR0FBbUIsRUFBRSxFQUFFO0lBQ3BFLE1BQU0sRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLEdBQUcsR0FBRyxDQUFDLElBRzNCLENBQUE7SUFFRCxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUM5QixtQkFBbUIsQ0FDcEIsQ0FBQTtJQUNILENBQUM7SUFFRCxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDVixNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUM5QixzQkFBc0IsQ0FDdkIsQ0FBQTtJQUNILENBQUM7SUFFRCw4QkFBOEI7SUFDOUIsTUFBTSxVQUFVLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQ2xDLDBDQUF1QixDQUNFLENBQUE7SUFFM0IsNkJBQTZCO0lBQzdCLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLGlDQUF5QixDQUFDLGFBQWEsQ0FBQyxDQUFBO0lBQ3pFLE1BQU0sU0FBUyxHQUFJLE1BQU0sRUFBRSxhQUFxQixFQUFFLElBQUksRUFBRSxTQUFTLElBQUksYUFBYSxDQUFBO0lBRWxGLGFBQWE7SUFDYixNQUFNLFlBQVksR0FBRyxNQUFNLFVBQVUsQ0FBQyxTQUFTLENBQzdDO1FBQ0UsS0FBSztRQUNMLElBQUk7S0FDTCxFQUNELFNBQVMsQ0FDVixDQUFBO0lBRUQsaUNBQWlDO0lBQ2pDLElBQUksTUFBVyxDQUFBO0lBRWYsSUFBSSxZQUFZLENBQUMsSUFBSSxLQUFLLDZCQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUN4RCxNQUFNLEVBQUUsTUFBTSxFQUFFLGNBQWMsRUFBRSxHQUFHLE1BQU0sSUFBQSxzQkFBbUIsRUFBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxDQUFDO1lBQzFFLEtBQUssRUFBRTtnQkFDTCxXQUFXLEVBQUUsWUFBWSxDQUFDLFdBQVc7YUFDdEM7U0FDRixDQUFDLENBQUE7UUFDRixNQUFNLEdBQUc7WUFDUCxRQUFRLEVBQUUsSUFBSTtZQUNkLFFBQVEsRUFBRSxjQUFjLENBQUMsUUFBUTtZQUNqQyxjQUFjLEVBQUUsY0FBYyxDQUFDLGNBQWM7U0FDOUMsQ0FBQTtJQUNILENBQUM7U0FBTSxJQUFJLFlBQVksQ0FBQyxJQUFJLEtBQUssNkJBQVUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQy9ELE1BQU0sRUFBRSxNQUFNLEVBQUUsY0FBYyxFQUFFLEdBQUcsTUFBTSxJQUFBLHNCQUFtQixFQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLENBQUM7WUFDMUUsS0FBSyxFQUFFO2dCQUNMLFdBQVcsRUFBRSxZQUFZLENBQUMsV0FBVzthQUN0QztTQUNGLENBQUMsQ0FBQTtRQUNGLE1BQU0sR0FBRztZQUNQLFFBQVEsRUFBRSxJQUFJO1lBQ2QsUUFBUSxFQUFFLGNBQWMsQ0FBQyxRQUFRO1lBQ2pDLGNBQWMsRUFBRSxjQUFjLENBQUMsY0FBYztTQUM5QyxDQUFBO0lBQ0gsQ0FBQztTQUFNLENBQUM7UUFDTixNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUM5QiwyQkFBMkIsQ0FDNUIsQ0FBQTtJQUNILENBQUM7SUFFRCxPQUFPLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFBO0FBQ3JDLENBQUMsQ0FBQTtBQXZFWSxRQUFBLElBQUksUUF1RWhCIn0=
+/**
+ * When `login.identifier` is "both", a customer who registered with one
+ * provider (emailpass or phonepass) needs the complementary provider identity
+ * created so both login methods work.
+ *
+ * Strategy: attach a new provider_identity to the EXISTING auth identity
+ * (rather than creating a second auth identity) and copy the scrypt password
+ * hash. Both emailpass and phonepass use the same scrypt-kdf format, so the
+ * hash is portable between them as long as this plugin controls both providers.
+ */
+async function ensureComplementaryAuthIdentity(customerId, customer, otpType, loginIdentifier, scope) {
+    if (loginIdentifier !== "both")
+        return;
+    if (!customerId)
+        return;
+    const knex = scope.resolve(utils_1.ContainerRegistrationKeys.PG_CONNECTION);
+    const authService = scope.resolve(utils_1.Modules.AUTH);
+    // Find the customer's primary auth identity ID (used as the anchor for the
+    // new provider identity).
+    const authRow = await knex.raw(`SELECT id FROM auth_identity WHERE app_metadata->>'customer_id' = ? LIMIT 1`, [customerId]);
+    const authIdentityId = (authRow.rows?.[0] ?? authRow[0]?.[0])?.id;
+    if (!authIdentityId)
+        return;
+    if (otpType === otp_verification_2.OtpPurpose.PHONE_VERIFICATION && customer.phone) {
+        // Check if phonepass provider identity already exists for this customer.
+        const existing = await knex.raw(`SELECT pi.id FROM provider_identity pi
+       WHERE pi.auth_identity_id = ? AND pi.provider = 'phonepass' LIMIT 1`, [authIdentityId]);
+        if (existing.rows?.[0] ?? existing[0]?.[0])
+            return;
+        // Copy password hash from emailpass identity (same scrypt format).
+        const hashRow = await knex.raw(`SELECT pi.provider_metadata FROM provider_identity pi
+       WHERE pi.auth_identity_id = ? AND pi.provider = 'emailpass' LIMIT 1`, [authIdentityId]);
+        const hash = (hashRow.rows?.[0] ?? hashRow[0]?.[0])?.provider_metadata?.password;
+        if (!hash)
+            return;
+        await authService.createProviderIdentities({
+            auth_identity_id: authIdentityId,
+            provider: "phonepass",
+            entity_id: customer.phone,
+            provider_metadata: { password: hash },
+        });
+    }
+    if (otpType === otp_verification_2.OtpPurpose.EMAIL_VERIFICATION && customer.email) {
+        // Check if emailpass provider identity already exists.
+        const existing = await knex.raw(`SELECT pi.id FROM provider_identity pi
+       WHERE pi.auth_identity_id = ? AND pi.provider = 'emailpass' LIMIT 1`, [authIdentityId]);
+        if (existing.rows?.[0] ?? existing[0]?.[0])
+            return;
+        // Copy password hash from phonepass identity.
+        const hashRow = await knex.raw(`SELECT pi.provider_metadata FROM provider_identity pi
+       WHERE pi.auth_identity_id = ? AND pi.provider = 'phonepass' LIMIT 1`, [authIdentityId]);
+        const hash = (hashRow.rows?.[0] ?? hashRow[0]?.[0])?.provider_metadata?.password;
+        if (!hash)
+            return;
+        await authService.createProviderIdentities({
+            auth_identity_id: authIdentityId,
+            provider: "emailpass",
+            entity_id: customer.email.toLowerCase(),
+            provider_metadata: { password: hash },
+        });
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL2N1c3RvbWVycy9vdHAvdmVyaWZ5L3JvdXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUVBLHFEQUlrQztBQUNsQywyRkFBb0c7QUFDcEcsOEVBQWlGO0FBRWpGLHNHQUE0RjtBQUM1Rix5RkFBdUU7QUFDdkUseUZBQXVFO0FBQ3ZFLGtEQUc4QjtBQUV2QixNQUFNLElBQUksR0FBRyxLQUFLLEVBQUUsR0FBa0IsRUFBRSxHQUFtQixFQUFFLEVBQUU7SUFDcEUsTUFBTSxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsR0FBRyxHQUFHLENBQUMsSUFHM0IsQ0FBQTtJQUVELElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSxtQkFBVyxDQUNuQixtQkFBVyxDQUFDLEtBQUssQ0FBQyxZQUFZLEVBQzlCLG1CQUFtQixDQUNwQixDQUFBO0lBQ0gsQ0FBQztJQUVELElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNWLE1BQU0sSUFBSSxtQkFBVyxDQUNuQixtQkFBVyxDQUFDLEtBQUssQ0FBQyxZQUFZLEVBQzlCLHNCQUFzQixDQUN2QixDQUFBO0lBQ0gsQ0FBQztJQUVELDhCQUE4QjtJQUM5QixNQUFNLFVBQVUsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FDbEMsMENBQXVCLENBQ0UsQ0FBQTtJQUUzQiw2QkFBNkI7SUFDN0IsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsYUFBYSxDQUFDLENBQUE7SUFDekUsTUFBTSxFQUFFLElBQUksRUFBRSxHQUFHLE1BQU0sQ0FBQyxhQUFhLENBQUE7SUFDckMsTUFBTSxTQUFTLEdBQUksSUFBSSxFQUFFLFNBQWdDLElBQUksYUFBYSxDQUFBO0lBRTFFLGFBQWE7SUFDYixNQUFNLFlBQVksR0FBRyxNQUFNLFVBQVUsQ0FBQyxTQUFTLENBQzdDO1FBQ0UsS0FBSztRQUNMLElBQUk7S0FDTCxFQUNELFNBQVMsQ0FDVixDQUFBO0lBRUQsTUFBTSxZQUFZLEdBQUcsSUFBQSwyQ0FBa0MsRUFBQyxNQUEyQixDQUFDLENBQUE7SUFFcEYsaUNBQWlDO0lBQ2pDLElBQUksTUFBVyxDQUFBO0lBRWYsSUFBSSxZQUFZLENBQUMsSUFBSSxLQUFLLDZCQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUN4RCxNQUFNLEVBQUUsTUFBTSxFQUFFLGNBQWMsRUFBRSxHQUFHLE1BQU0sSUFBQSxzQkFBbUIsRUFBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxDQUFDO1lBQzFFLEtBQUssRUFBRTtnQkFDTCxXQUFXLEVBQUUsWUFBWSxDQUFDLFdBQVc7YUFDdEM7U0FDRixDQUFDLENBQUE7UUFDRixNQUFNLEdBQUc7WUFDUCxRQUFRLEVBQUUsSUFBSTtZQUNkLFFBQVEsRUFBRSxjQUFjLENBQUMsUUFBUTtZQUNqQyxjQUFjLEVBQUUsY0FBYyxDQUFDLGNBQWM7U0FDOUMsQ0FBQTtJQUNILENBQUM7U0FBTSxJQUFJLFlBQVksQ0FBQyxJQUFJLEtBQUssNkJBQVUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQy9ELE1BQU0sRUFBRSxNQUFNLEVBQUUsY0FBYyxFQUFFLEdBQUcsTUFBTSxJQUFBLHNCQUFtQixFQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLENBQUM7WUFDMUUsS0FBSyxFQUFFO2dCQUNMLFdBQVcsRUFBRSxZQUFZLENBQUMsV0FBVztnQkFDckMsZ0JBQWdCLEVBQUUsWUFBWSxDQUFDLEtBQUssQ0FBQyxVQUFVO2FBQ2hEO1NBQ0YsQ0FBQyxDQUFBO1FBQ0YsTUFBTSxHQUFHO1lBQ1AsUUFBUSxFQUFFLElBQUk7WUFDZCxRQUFRLEVBQUUsY0FBYyxDQUFDLFFBQVE7WUFDakMsY0FBYyxFQUFFLGNBQWMsQ0FBQyxjQUFjO1NBQzlDLENBQUE7SUFDSCxDQUFDO1NBQU0sQ0FBQztRQUNOLE1BQU0sSUFBSSxtQkFBVyxDQUNuQixtQkFBVyxDQUFDLEtBQUssQ0FBQyxZQUFZLEVBQzlCLDJCQUEyQixDQUM1QixDQUFBO0lBQ0gsQ0FBQztJQUVELDBFQUEwRTtJQUMxRSwwRUFBMEU7SUFDMUUsd0RBQXdEO0lBQ3hELE1BQU0sK0JBQStCLENBQ25DLE1BQU0sQ0FBQyxRQUFRLEVBQUUsRUFBRSxJQUFJLEVBQUUsRUFDekIsTUFBTSxDQUFDLFFBQVEsSUFBSSxFQUFFLEVBQ3JCLFlBQVksQ0FBQyxJQUFJLEVBQ2pCLFlBQVksQ0FBQyxLQUFLLENBQUMsVUFBVSxFQUM3QixHQUFHLENBQUMsS0FBSyxDQUNWLENBQUMsS0FBSyxDQUFDLEdBQUcsRUFBRTtRQUNYLHNFQUFzRTtRQUN0RSxtREFBbUQ7SUFDckQsQ0FBQyxDQUFDLENBQUE7SUFFRixJQUFJLFVBQThCLENBQUE7SUFDbEMsSUFBSSxDQUFDO1FBQ0gsTUFBTSxJQUFJLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsYUFBYSxDQUFDLENBQUE7UUFDdkUsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUM1Qiw2RUFBNkUsRUFDN0UsQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FDNUIsQ0FBQTtRQUNELE1BQU0sY0FBYyxHQUFHLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFBO1FBRWpFLElBQUksY0FBYyxJQUFJLFNBQVMsRUFBRSxDQUFDO1lBQ2hDLE1BQU0sV0FBVyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLGVBQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQTtZQUNuRCxNQUFNLFlBQVksR0FBRyxNQUFNLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxjQUFjLENBQUMsQ0FBQTtZQUMzRSxVQUFVLEdBQUcsTUFBTSxJQUFBLG9EQUErQixFQUNoRCxFQUFFLFlBQVksRUFBRSxTQUFTLEVBQUUsVUFBVSxFQUFFLEVBQ3ZDLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLFlBQVksSUFBSSxJQUFJLEVBQUUsQ0FDNUQsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO0lBQUMsTUFBTSxDQUFDO1FBQ1AseUVBQXlFO0lBQzNFLENBQUM7SUFFRCxPQUFPLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1FBQzFCLEdBQUcsTUFBTTtRQUNULEtBQUssRUFBRSxVQUFVLElBQUksSUFBSTtRQUN6QixXQUFXLEVBQUUsQ0FBQyxVQUFVO0tBQ3pCLENBQUMsQ0FBQTtBQUNKLENBQUMsQ0FBQTtBQWxIWSxRQUFBLElBQUksUUFrSGhCO0FBRUQ7Ozs7Ozs7OztHQVNHO0FBQ0gsS0FBSyxVQUFVLCtCQUErQixDQUM1QyxVQUFrQixFQUNsQixRQUE0QyxFQUM1QyxPQUFtQixFQUNuQixlQUF1QixFQUN2QixLQUFzQjtJQUV0QixJQUFJLGVBQWUsS0FBSyxNQUFNO1FBQUUsT0FBTTtJQUN0QyxJQUFJLENBQUMsVUFBVTtRQUFFLE9BQU07SUFFdkIsTUFBTSxJQUFJLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxpQ0FBeUIsQ0FBQyxhQUFhLENBQUMsQ0FBQTtJQUNuRSxNQUFNLFdBQVcsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLGVBQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQTtJQUUvQywyRUFBMkU7SUFDM0UsMEJBQTBCO0lBQzFCLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FDNUIsNkVBQTZFLEVBQzdFLENBQUMsVUFBVSxDQUFDLENBQ2IsQ0FBQTtJQUNELE1BQU0sY0FBYyxHQUFHLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFBO0lBQ2pFLElBQUksQ0FBQyxjQUFjO1FBQUUsT0FBTTtJQUUzQixJQUFJLE9BQU8sS0FBSyw2QkFBVSxDQUFDLGtCQUFrQixJQUFJLFFBQVEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNoRSx5RUFBeUU7UUFDekUsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUM3QjsyRUFDcUUsRUFDckUsQ0FBQyxjQUFjLENBQUMsQ0FDakIsQ0FBQTtRQUNELElBQUksUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLFFBQVEsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUFFLE9BQU07UUFFbEQsbUVBQW1FO1FBQ25FLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FDNUI7MkVBQ3FFLEVBQ3JFLENBQUMsY0FBYyxDQUFDLENBQ2pCLENBQUE7UUFDRCxNQUFNLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLGlCQUFpQixFQUFFLFFBQVEsQ0FBQTtRQUNoRixJQUFJLENBQUMsSUFBSTtZQUFFLE9BQU07UUFFakIsTUFBTSxXQUFXLENBQUMsd0JBQXdCLENBQUM7WUFDekMsZ0JBQWdCLEVBQUUsY0FBYztZQUNoQyxRQUFRLEVBQUUsV0FBVztZQUNyQixTQUFTLEVBQUUsUUFBUSxDQUFDLEtBQUs7WUFDekIsaUJBQWlCLEVBQUUsRUFBRSxRQUFRLEVBQUUsSUFBSSxFQUFFO1NBQ3RDLENBQUMsQ0FBQTtJQUNKLENBQUM7SUFFRCxJQUFJLE9BQU8sS0FBSyw2QkFBVSxDQUFDLGtCQUFrQixJQUFJLFFBQVEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNoRSx1REFBdUQ7UUFDdkQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUM3QjsyRUFDcUUsRUFDckUsQ0FBQyxjQUFjLENBQUMsQ0FDakIsQ0FBQTtRQUNELElBQUksUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLFFBQVEsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUFFLE9BQU07UUFFbEQsOENBQThDO1FBQzlDLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FDNUI7MkVBQ3FFLEVBQ3JFLENBQUMsY0FBYyxDQUFDLENBQ2pCLENBQUE7UUFDRCxNQUFNLElBQUksR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLGlCQUFpQixFQUFFLFFBQVEsQ0FBQTtRQUNoRixJQUFJLENBQUMsSUFBSTtZQUFFLE9BQU07UUFFakIsTUFBTSxXQUFXLENBQUMsd0JBQXdCLENBQUM7WUFDekMsZ0JBQWdCLEVBQUUsY0FBYztZQUNoQyxRQUFRLEVBQUUsV0FBVztZQUNyQixTQUFTLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUU7WUFDdkMsaUJBQWlCLEVBQUUsRUFBRSxRQUFRLEVBQUUsSUFBSSxFQUFFO1NBQ3RDLENBQUMsQ0FBQTtJQUNKLENBQUM7QUFDSCxDQUFDIn0=

package/.medusa/server/src/api/store/customers/route.js

@@ -0,0 +1,89 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.POST = void 0;
+const utils_1 = require("@medusajs/framework/utils");
+const core_flows_1 = require("@medusajs/core-flows");
+const config_1 = require("../../../config");
+/**
+ * Override of Medusa's built-in POST /store/customers.
+ *
+ * Medusa's default implementation calls validateCustomerAccountCreation which
+ * throws when email is missing. When registration.identifier is "phone" we
+ * must bypass that step and create the customer with phone only.
+ *
+ * For "email" and "both" we delegate to the built-in workflow so that all of
+ * Medusa's existing validations (duplicate email check, etc.) are preserved.
+ */
+const POST = async (req, res) => {
+    const authContext = req.auth_context;
+    if (authContext?.actor_id) {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "Request already authenticated as a customer.");
+    }
+    const configModule = req.scope.resolve(utils_1.ContainerRegistrationKeys.CONFIG_MODULE);
+    const options = (0, config_1.resolveCustomerRegistrationOptions)(configModule);
+    const { identifier } = options.registration;
+    const authIdentityId = authContext?.auth_identity_id;
+    const customerData = (req.body ?? {});
+    if (identifier !== "phone") {
+        // "email" or "both": delegate to Medusa's built-in workflow which enforces
+        // the email requirement and handles duplicate detection.
+        const { result } = await (0, core_flows_1.createCustomerAccountWorkflow)(req.scope).run({
+            input: {
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                customerData: customerData,
+                authIdentityId: authIdentityId ?? "",
+            },
+        });
+        const customer = await refetchCustomer(result.id, req.scope);
+        return res.status(200).json({ customer });
+    }
+    // "phone": create customer without email validation.
+    if (!customerData.phone) {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "Phone is required for registration");
+    }
+    const customerService = req.scope.resolve(utils_1.Modules.CUSTOMER);
+    // Check for duplicate phone
+    const knex = req.scope.resolve(utils_1.ContainerRegistrationKeys.PG_CONNECTION);
+    const existing = await knex.raw(`SELECT id FROM customer WHERE phone = ? AND has_account = true LIMIT 1`, [customerData.phone]);
+    if (existing.rows?.[0] ?? existing[0]?.[0]) {
+        throw new utils_1.MedusaError(utils_1.MedusaError.Types.DUPLICATE_ERROR, "A customer with this phone number already has an account");
+    }
+    const [customer] = await customerService.createCustomers([
+        {
+            ...customerData,
+            has_account: !!authIdentityId,
+        },
+    ]);
+    // Link the auth identity to the new customer (same as setAuthAppMetadataStep)
+    if (authIdentityId) {
+        const authService = req.scope.resolve(utils_1.Modules.AUTH);
+        await authService.updateAuthIdentities({
+            id: authIdentityId,
+            app_metadata: { customer_id: customer.id },
+        });
+    }
+    const fullCustomer = await refetchCustomer(customer.id, req.scope);
+    return res.status(200).json({ customer: fullCustomer });
+};
+exports.POST = POST;
+async function refetchCustomer(customerId, scope) {
+    const remoteQuery = scope.resolve(utils_1.ContainerRegistrationKeys.REMOTE_QUERY);
+    const queryObject = (0, utils_1.remoteQueryObjectFromString)({
+        entryPoint: "customer",
+        variables: { filters: { id: customerId } },
+        fields: [
+            "id",
+            "email",
+            "first_name",
+            "last_name",
+            "phone",
+            "has_account",
+            "metadata",
+            "created_at",
+            "updated_at",
+        ],
+    });
+    const customers = await remoteQuery(queryObject);
+    return customers[0];
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL2N1c3RvbWVycy9yb3V0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFFQSxxREFLa0M7QUFDbEMscURBQW9FO0FBQ3BFLDRDQUd3QjtBQUV4Qjs7Ozs7Ozs7O0dBU0c7QUFDSSxNQUFNLElBQUksR0FBRyxLQUFLLEVBQUUsR0FBa0IsRUFBRSxHQUFtQixFQUFFLEVBQUU7SUFDcEUsTUFBTSxXQUFXLEdBQ2YsR0FHRCxDQUFDLFlBQVksQ0FBQTtJQUVkLElBQUksV0FBVyxFQUFFLFFBQVEsRUFBRSxDQUFDO1FBQzFCLE1BQU0sSUFBSSxtQkFBVyxDQUNuQixtQkFBVyxDQUFDLEtBQUssQ0FBQyxZQUFZLEVBQzlCLDhDQUE4QyxDQUMvQyxDQUFBO0lBQ0gsQ0FBQztJQUVELE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLGlDQUF5QixDQUFDLGFBQWEsQ0FBQyxDQUFBO0lBQy9FLE1BQU0sT0FBTyxHQUFHLElBQUEsMkNBQWtDLEVBQUMsWUFBaUMsQ0FBQyxDQUFBO0lBQ3JGLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxPQUFPLENBQUMsWUFBWSxDQUFBO0lBRTNDLE1BQU0sY0FBYyxHQUFHLFdBQVcsRUFBRSxnQkFBZ0IsQ0FBQTtJQUNwRCxNQUFNLFlBQVksR0FBRyxDQUFDLEdBQUcsQ0FBQyxJQUFJLElBQUksRUFBRSxDQUE0QixDQUFBO0lBRWhFLElBQUksVUFBVSxLQUFLLE9BQU8sRUFBRSxDQUFDO1FBQzNCLDJFQUEyRTtRQUMzRSx5REFBeUQ7UUFDekQsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLE1BQU0sSUFBQSwwQ0FBNkIsRUFBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxDQUFDO1lBQ3BFLEtBQUssRUFBRTtnQkFDTCw4REFBOEQ7Z0JBQzlELFlBQVksRUFBRSxZQUFtQjtnQkFDakMsY0FBYyxFQUFFLGNBQWMsSUFBSSxFQUFFO2FBQ3JDO1NBQ0YsQ0FBQyxDQUFBO1FBRUYsTUFBTSxRQUFRLEdBQUcsTUFBTSxlQUFlLENBQUMsTUFBTSxDQUFDLEVBQUUsRUFBRSxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDNUQsT0FBTyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUE7SUFDM0MsQ0FBQztJQUVELHFEQUFxRDtJQUNyRCxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ3hCLE1BQU0sSUFBSSxtQkFBVyxDQUNuQixtQkFBVyxDQUFDLEtBQUssQ0FBQyxZQUFZLEVBQzlCLG9DQUFvQyxDQUNyQyxDQUFBO0lBQ0gsQ0FBQztJQUVELE1BQU0sZUFBZSxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLGVBQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQTtJQUUzRCw0QkFBNEI7SUFDNUIsTUFBTSxJQUFJLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsYUFBYSxDQUFDLENBQUE7SUFDdkUsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUM3Qix3RUFBd0UsRUFDeEUsQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLENBQ3JCLENBQUE7SUFDRCxJQUFJLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxRQUFRLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzNDLE1BQU0sSUFBSSxtQkFBVyxDQUNuQixtQkFBVyxDQUFDLEtBQUssQ0FBQyxlQUFlLEVBQ2pDLDBEQUEwRCxDQUMzRCxDQUFBO0lBQ0gsQ0FBQztJQUVELE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxNQUFNLGVBQWUsQ0FBQyxlQUFlLENBQUM7UUFDdkQ7WUFDRSxHQUFJLFlBQXVCO1lBQzNCLFdBQVcsRUFBRSxDQUFDLENBQUMsY0FBYztTQUM5QjtLQUNGLENBQUMsQ0FBQTtJQUVGLDhFQUE4RTtJQUM5RSxJQUFJLGNBQWMsRUFBRSxDQUFDO1FBQ25CLE1BQU0sV0FBVyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLGVBQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQTtRQUNuRCxNQUFNLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQztZQUNyQyxFQUFFLEVBQUUsY0FBYztZQUNsQixZQUFZLEVBQUUsRUFBRSxXQUFXLEVBQUUsUUFBUSxDQUFDLEVBQUUsRUFBRTtTQUMzQyxDQUFDLENBQUE7SUFDSixDQUFDO0lBRUQsTUFBTSxZQUFZLEdBQUcsTUFBTSxlQUFlLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDbEUsT0FBTyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLFFBQVEsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFBO0FBQ3pELENBQUMsQ0FBQTtBQTdFWSxRQUFBLElBQUksUUE2RWhCO0FBRUQsS0FBSyxVQUFVLGVBQWUsQ0FBQyxVQUFrQixFQUFFLEtBQXNCO0lBQ3ZFLE1BQU0sV0FBVyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsWUFBWSxDQUFDLENBQUE7SUFDekUsTUFBTSxXQUFXLEdBQUcsSUFBQSxtQ0FBMkIsRUFBQztRQUM5QyxVQUFVLEVBQUUsVUFBVTtRQUN0QixTQUFTLEVBQUUsRUFBRSxPQUFPLEVBQUUsRUFBRSxFQUFFLEVBQUUsVUFBVSxFQUFFLEVBQUU7UUFDMUMsTUFBTSxFQUFFO1lBQ04sSUFBSTtZQUNKLE9BQU87WUFDUCxZQUFZO1lBQ1osV0FBVztZQUNYLE9BQU87WUFDUCxhQUFhO1lBQ2IsVUFBVTtZQUNWLFlBQVk7WUFDWixZQUFZO1NBQ2I7S0FDRixDQUFDLENBQUE7SUFDRixNQUFNLFNBQVMsR0FBRyxNQUFNLFdBQVcsQ0FBQyxXQUFXLENBQUMsQ0FBQTtJQUNoRCxPQUFPLFNBQVMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtBQUNyQixDQUFDIn0=

package/.medusa/server/src/config.js

@@ -9,19 +9,50 @@ exports.resolveCustomerRegistrationOptions = resolveCustomerRegistrationOptions;
 const utils_1 = require("@medusajs/framework/utils");
 const PLUGIN_NAME = "customer-registration";
 function normalizeCustomerRegistrationOptions(input) {
-    if (!input) {
-        return null;
-    }
+    const base = input ?? {};
     // Password reset template is required if password_reset is configured
-    if (input.password_reset && !input.password_reset.template) {
+    if (base.password_reset && !base.password_reset.template) {
         throw new Error("customer-registration: password_reset.template is required when password_reset is configured");
     }
+    if (base.password_reset && !base.storefrontUrl) {
+        throw new Error("[customer-registration] storefrontUrl is required when password_reset is configured — " +
+            "the reset email link will be malformed without it");
+    }
+    if (base.account_deletion_request && !base.account_deletion_request.template) {
+        throw new Error("customer-registration: account_deletion_request.template is required when account_deletion_request is configured");
+    }
+    if (base.account_deletion_cancel && !base.account_deletion_cancel.template) {
+        throw new Error("customer-registration: account_deletion_cancel.template is required when account_deletion_cancel is configured");
+    }
+    const registrationIdentifier = base.registration?.identifier ?? "email";
     return {
-        storefrontUrl: input.storefrontUrl,
-        password_reset: input.password_reset
+        storefrontUrl: base.storefrontUrl,
+        registration: {
+            identifier: registrationIdentifier,
+            require_verification: base.registration?.require_verification ?? true,
+        },
+        login: {
+            identifier: base.login?.identifier ?? registrationIdentifier,
+        },
+        password_reset: base.password_reset
+            ? {
+                template: base.password_reset.template,
+                subject: base.password_reset.subject || "Reset Your Password",
+            }
+            : undefined,
+        account_deletion_request: base.account_deletion_request
+            ? {
+                template: base.account_deletion_request.template,
+                subject: base.account_deletion_request.subject ||
+                    "Confirm your account deletion request",
+                scheduled_days: base.account_deletion_request.scheduled_days ?? 7,
+            }
+            : undefined,
+        account_deletion_cancel: base.account_deletion_cancel
             ? {
-                template: input.password_reset.template,
-                subject: input.password_reset.subject || "Reset Your Password",
+                template: base.account_deletion_cancel.template,
+                subject: base.account_deletion_cancel.subject ||
+                    "Confirm cancellation of account deletion",
             }
             : undefined,
     };
@@ -35,8 +66,8 @@ function resolveCustomerRegistrationOptions(configModule) {
     for (const plugin of plugins) {
         if ((0, utils_1.isString)(plugin)) {
             if (plugin === PLUGIN_NAME) {
-                // String plugin without options - return null (options are optional)
-                return null;
+                // String plugin without options — resolve with all defaults
+                return normalizeCustomerRegistrationOptions(null);
             }
             continue;
         }
@@ -44,7 +75,7 @@ function resolveCustomerRegistrationOptions(configModule) {
             return normalizeCustomerRegistrationOptions(plugin.options);
         }
     }
-    // Plugin not found - return null (plugin might not be configured)
-    return null;
+    // Plugin not found in config — return all defaults so callers never get null
+    return normalizeCustomerRegistrationOptions(null);
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NvbmZpZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7OztHQUdHOztBQTZCSCxvRkF1QkM7QUFFRCxnRkF5QkM7QUE3RUQscURBQW9EO0FBR3BELE1BQU0sV0FBVyxHQUFHLHVCQUF1QixDQUFBO0FBd0IzQyxTQUFnQixvQ0FBb0MsQ0FDbEQsS0FBZ0Q7SUFFaEQsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ1gsT0FBTyxJQUFJLENBQUE7SUFDYixDQUFDO0lBRUQsc0VBQXNFO0lBQ3RFLElBQUksS0FBSyxDQUFDLGNBQWMsSUFBSSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDM0QsTUFBTSxJQUFJLEtBQUssQ0FDYiw4RkFBOEYsQ0FDL0YsQ0FBQTtJQUNILENBQUM7SUFFRCxPQUFPO1FBQ0wsYUFBYSxFQUFFLEtBQUssQ0FBQyxhQUFhO1FBQ2xDLGNBQWMsRUFBRSxLQUFLLENBQUMsY0FBYztZQUNsQyxDQUFDLENBQUM7Z0JBQ0UsUUFBUSxFQUFFLEtBQUssQ0FBQyxjQUFjLENBQUMsUUFBUTtnQkFDdkMsT0FBTyxFQUFFLEtBQUssQ0FBQyxjQUFjLENBQUMsT0FBTyxJQUFJLHFCQUFxQjthQUMvRDtZQUNILENBQUMsQ0FBQyxTQUFTO0tBQ2QsQ0FBQTtBQUNILENBQUM7QUFFRCxTQUFnQixrQ0FBa0MsQ0FDaEQsWUFBZ0M7SUFFaEMsNkRBQTZEO0lBQzdELE1BQU0sY0FBYyxHQUFHLFlBQVksRUFBRSxhQUFhLEVBQUUsT0FBTyxJQUFJLEVBQUUsQ0FBQTtJQUNqRSxzQ0FBc0M7SUFDdEMsTUFBTSxhQUFhLEdBQUcsWUFBWSxFQUFFLE9BQU8sSUFBSSxFQUFFLENBQUE7SUFDakQsTUFBTSxPQUFPLEdBQUcsQ0FBQyxHQUFHLGNBQWMsRUFBRSxHQUFHLGFBQWEsQ0FBQyxDQUFBO0lBRXJELEtBQUssTUFBTSxNQUFNLElBQUksT0FBTyxFQUFFLENBQUM7UUFDN0IsSUFBSSxJQUFBLGdCQUFRLEVBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUNyQixJQUFJLE1BQU0sS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDM0IscUVBQXFFO2dCQUNyRSxPQUFPLElBQUksQ0FBQTtZQUNiLENBQUM7WUFDRCxTQUFRO1FBQ1YsQ0FBQztRQUVELElBQUksTUFBTSxFQUFFLE9BQU8sS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUNwQyxPQUFPLG9DQUFvQyxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQTtRQUM3RCxDQUFDO0lBQ0gsQ0FBQztJQUVELGtFQUFrRTtJQUNsRSxPQUFPLElBQUksQ0FBQTtBQUNiLENBQUMifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NvbmZpZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUE7OztHQUdHOztBQStESCxvRkFrRUM7QUFFRCxnRkF5QkM7QUExSkQscURBQW9EO0FBS3BELE1BQU0sV0FBVyxHQUFHLHVCQUF1QixDQUFBO0FBd0QzQyxTQUFnQixvQ0FBb0MsQ0FDbEQsS0FBZ0Q7SUFFaEQsTUFBTSxJQUFJLEdBQUcsS0FBSyxJQUFJLEVBQUUsQ0FBQTtJQUV4QixzRUFBc0U7SUFDdEUsSUFBSSxJQUFJLENBQUMsY0FBYyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUN6RCxNQUFNLElBQUksS0FBSyxDQUNiLDhGQUE4RixDQUMvRixDQUFBO0lBQ0gsQ0FBQztJQUVELElBQUksSUFBSSxDQUFDLGNBQWMsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUMvQyxNQUFNLElBQUksS0FBSyxDQUNiLHdGQUF3RjtZQUN0RixtREFBbUQsQ0FDdEQsQ0FBQTtJQUNILENBQUM7SUFFRCxJQUFJLElBQUksQ0FBQyx3QkFBd0IsSUFBSSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUM3RSxNQUFNLElBQUksS0FBSyxDQUNiLGtIQUFrSCxDQUNuSCxDQUFBO0lBQ0gsQ0FBQztJQUNELElBQUksSUFBSSxDQUFDLHVCQUF1QixJQUFJLENBQUMsSUFBSSxDQUFDLHVCQUF1QixDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQzNFLE1BQU0sSUFBSSxLQUFLLENBQ2IsZ0hBQWdILENBQ2pILENBQUE7SUFDSCxDQUFDO0lBRUQsTUFBTSxzQkFBc0IsR0FBb0IsSUFBSSxDQUFDLFlBQVksRUFBRSxVQUFVLElBQUksT0FBTyxDQUFBO0lBRXhGLE9BQU87UUFDTCxhQUFhLEVBQUUsSUFBSSxDQUFDLGFBQWE7UUFDakMsWUFBWSxFQUFFO1lBQ1osVUFBVSxFQUFFLHNCQUFzQjtZQUNsQyxvQkFBb0IsRUFBRSxJQUFJLENBQUMsWUFBWSxFQUFFLG9CQUFvQixJQUFJLElBQUk7U0FDdEU7UUFDRCxLQUFLLEVBQUU7WUFDTCxVQUFVLEVBQUUsSUFBSSxDQUFDLEtBQUssRUFBRSxVQUFVLElBQUksc0JBQXNCO1NBQzdEO1FBQ0QsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO1lBQ2pDLENBQUMsQ0FBQztnQkFDRSxRQUFRLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxRQUFRO2dCQUN0QyxPQUFPLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLElBQUkscUJBQXFCO2FBQzlEO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFDYix3QkFBd0IsRUFBRSxJQUFJLENBQUMsd0JBQXdCO1lBQ3JELENBQUMsQ0FBQztnQkFDRSxRQUFRLEVBQUUsSUFBSSxDQUFDLHdCQUF3QixDQUFDLFFBQVE7Z0JBQ2hELE9BQU8sRUFDTCxJQUFJLENBQUMsd0JBQXdCLENBQUMsT0FBTztvQkFDckMsdUNBQXVDO2dCQUN6QyxjQUFjLEVBQ1osSUFBSSxDQUFDLHdCQUF3QixDQUFDLGNBQWMsSUFBSSxDQUFDO2FBQ3BEO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7UUFDYix1QkFBdUIsRUFBRSxJQUFJLENBQUMsdUJBQXVCO1lBQ25ELENBQUMsQ0FBQztnQkFDRSxRQUFRLEVBQUUsSUFBSSxDQUFDLHVCQUF1QixDQUFDLFFBQVE7Z0JBQy9DLE9BQU8sRUFDTCxJQUFJLENBQUMsdUJBQXVCLENBQUMsT0FBTztvQkFDcEMsMENBQTBDO2FBQzdDO1lBQ0gsQ0FBQyxDQUFDLFNBQVM7S0FDZCxDQUFBO0FBQ0gsQ0FBQztBQUVELFNBQWdCLGtDQUFrQyxDQUNoRCxZQUFnQztJQUVoQyw2REFBNkQ7SUFDN0QsTUFBTSxjQUFjLEdBQUcsWUFBWSxFQUFFLGFBQWEsRUFBRSxPQUFPLElBQUksRUFBRSxDQUFBO0lBQ2pFLHNDQUFzQztJQUN0QyxNQUFNLGFBQWEsR0FBRyxZQUFZLEVBQUUsT0FBTyxJQUFJLEVBQUUsQ0FBQTtJQUNqRCxNQUFNLE9BQU8sR0FBRyxDQUFDLEdBQUcsY0FBYyxFQUFFLEdBQUcsYUFBYSxDQUFDLENBQUE7SUFFckQsS0FBSyxNQUFNLE1BQU0sSUFBSSxPQUFPLEVBQUUsQ0FBQztRQUM3QixJQUFJLElBQUEsZ0JBQVEsRUFBQyxNQUFNLENBQUMsRUFBRSxDQUFDO1lBQ3JCLElBQUksTUFBTSxLQUFLLFdBQVcsRUFBRSxDQUFDO2dCQUMzQiw0REFBNEQ7Z0JBQzVELE9BQU8sb0NBQW9DLENBQUMsSUFBSSxDQUFDLENBQUE7WUFDbkQsQ0FBQztZQUNELFNBQVE7UUFDVixDQUFDO1FBRUQsSUFBSSxNQUFNLEVBQUUsT0FBTyxLQUFLLFdBQVcsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sb0NBQW9DLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFBO1FBQzdELENBQUM7SUFDSCxDQUFDO0lBRUQsNkVBQTZFO0lBQzdFLE9BQU8sb0NBQW9DLENBQUMsSUFBSSxDQUFDLENBQUE7QUFDbkQsQ0FBQyJ9

package/.medusa/server/src/jobs/process-account-deletions.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.config = void 0;
+exports.default = processAccountDeletions;
+const utils_1 = require("@medusajs/framework/utils");
+const account_deletion_request_1 = require("../modules/account-deletion-request");
+const BATCH_SIZE = 50;
+async function processAccountDeletions(container) {
+    const logger = (container.resolve(utils_1.ContainerRegistrationKeys.LOGGER) ?? {
+        info: console.log,
+        warn: console.warn,
+        error: console.error,
+        debug: console.debug,
+    });
+    const accountDeletionService = container.resolve(account_deletion_request_1.ACCOUNT_DELETION_REQUEST_MODULE);
+    const authService = container.resolve(utils_1.Modules.AUTH);
+    const customerService = container.resolve(utils_1.Modules.CUSTOMER);
+    const dueRequests = await accountDeletionService.listDueForDeletion(BATCH_SIZE);
+    if (dueRequests.length === 0) {
+        logger.debug("[process-account-deletions] No requests due for deletion");
+        return;
+    }
+    logger.info("[process-account-deletions] Processing requests", {
+        count: dueRequests.length,
+    });
+    let processed = 0;
+    const failed = [];
+    for (const request of dueRequests) {
+        const { id: requestId, customer_id: customerId } = request;
+        try {
+            // 1. List auth identities for this customer
+            const authIdentities = await authService.listAuthIdentities({ app_metadata: { customer_id: customerId } }, { take: 10 });
+            const authIds = Array.isArray(authIdentities)
+                ? authIdentities.map((a) => a.id)
+                : [];
+            if (authIds.length > 0) {
+                await authService.deleteAuthIdentities(authIds);
+            }
+            // 2. Delete customer
+            await customerService.deleteCustomers([customerId]);
+            // 3. Mark request as completed
+            await accountDeletionService.markCompleted(requestId);
+            processed++;
+            logger.debug("[process-account-deletions] Deleted customer", {
+                requestId,
+                customerId,
+            });
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            failed.push({ requestId, customerId, error: message });
+            logger.error("[process-account-deletions] Failed to process request", {
+                requestId,
+                customerId,
+                error: message,
+            });
+        }
+    }
+    logger.info("[process-account-deletions] Job finished", {
+        processed,
+        failed: failed.length,
+        failedCustomerIds: failed.map((f) => f.customerId),
+    });
+}
+exports.config = {
+    name: "process-account-deletions",
+    schedule: "0 * * * *", // Every hour at minute 0
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvY2Vzcy1hY2NvdW50LWRlbGV0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9qb2JzL3Byb2Nlc3MtYWNjb3VudC1kZWxldGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBY0EsMENBZ0ZDO0FBN0ZELHFEQUE4RTtBQUM5RSxrRkFBcUY7QUFHckYsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFBO0FBU04sS0FBSyxVQUFVLHVCQUF1QixDQUNuRCxTQUEwQjtJQUUxQixNQUFNLE1BQU0sR0FBRyxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsTUFBTSxDQUFDLElBQUk7UUFDckUsSUFBSSxFQUFFLE9BQU8sQ0FBQyxHQUFHO1FBQ2pCLElBQUksRUFBRSxPQUFPLENBQUMsSUFBSTtRQUNsQixLQUFLLEVBQUUsT0FBTyxDQUFDLEtBQUs7UUFDcEIsS0FBSyxFQUFFLE9BQU8sQ0FBQyxLQUFLO0tBQ3JCLENBQVcsQ0FBQTtJQUVaLE1BQU0sc0JBQXNCLEdBQUcsU0FBUyxDQUFDLE9BQU8sQ0FDOUMsMERBQStCLENBQ2hDLENBQUE7SUFDRCxNQUFNLFdBQVcsR0FBRyxTQUFTLENBQUMsT0FBTyxDQUFDLGVBQU8sQ0FBQyxJQUFJLENBTWpELENBQUE7SUFDRCxNQUFNLGVBQWUsR0FBRyxTQUFTLENBQUMsT0FBTyxDQUFDLGVBQU8sQ0FBQyxRQUFRLENBRXpELENBQUE7SUFFRCxNQUFNLFdBQVcsR0FBRyxNQUFNLHNCQUFzQixDQUFDLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBRS9FLElBQUksV0FBVyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUM3QixNQUFNLENBQUMsS0FBSyxDQUFDLDBEQUEwRCxDQUFDLENBQUE7UUFDeEUsT0FBTTtJQUNSLENBQUM7SUFFRCxNQUFNLENBQUMsSUFBSSxDQUFDLGlEQUFpRCxFQUFFO1FBQzdELEtBQUssRUFBRSxXQUFXLENBQUMsTUFBTTtLQUMxQixDQUFDLENBQUE7SUFFRixJQUFJLFNBQVMsR0FBRyxDQUFDLENBQUE7SUFDakIsTUFBTSxNQUFNLEdBQStELEVBQUUsQ0FBQTtJQUU3RSxLQUFLLE1BQU0sT0FBTyxJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQ2xDLE1BQU0sRUFBRSxFQUFFLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxVQUFVLEVBQUUsR0FBRyxPQUFPLENBQUE7UUFDMUQsSUFBSSxDQUFDO1lBQ0gsNENBQTRDO1lBQzVDLE1BQU0sY0FBYyxHQUFHLE1BQU0sV0FBVyxDQUFDLGtCQUFrQixDQUN6RCxFQUFFLFlBQVksRUFBRSxFQUFFLFdBQVcsRUFBRSxVQUFVLEVBQUUsRUFBRSxFQUM3QyxFQUFFLElBQUksRUFBRSxFQUFFLEVBQUUsQ0FDYixDQUFBO1lBQ0QsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUM7Z0JBQzNDLENBQUMsQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUNqQyxDQUFDLENBQUMsRUFBRSxDQUFBO1lBRU4sSUFBSSxPQUFPLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUN2QixNQUFNLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxPQUFPLENBQUMsQ0FBQTtZQUNqRCxDQUFDO1lBRUQscUJBQXFCO1lBQ3JCLE1BQU0sZUFBZSxDQUFDLGVBQWUsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUE7WUFFbkQsK0JBQStCO1lBQy9CLE1BQU0sc0JBQXNCLENBQUMsYUFBYSxDQUFDLFNBQVMsQ0FBQyxDQUFBO1lBQ3JELFNBQVMsRUFBRSxDQUFBO1lBQ1gsTUFBTSxDQUFDLEtBQUssQ0FBQyw4Q0FBOEMsRUFBRTtnQkFDM0QsU0FBUztnQkFDVCxVQUFVO2FBQ1gsQ0FBQyxDQUFBO1FBQ0osQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLE9BQU8sR0FBRyxHQUFHLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUE7WUFDaEUsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLFNBQVMsRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUE7WUFDdEQsTUFBTSxDQUFDLEtBQUssQ0FBQyx1REFBdUQsRUFBRTtnQkFDcEUsU0FBUztnQkFDVCxVQUFVO2dCQUNWLEtBQUssRUFBRSxPQUFPO2FBQ2YsQ0FBQyxDQUFBO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFRCxNQUFNLENBQUMsSUFBSSxDQUFDLDBDQUEwQyxFQUFFO1FBQ3RELFNBQVM7UUFDVCxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQU07UUFDckIsaUJBQWlCLEVBQUUsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQztLQUNuRCxDQUFDLENBQUE7QUFDSixDQUFDO0FBRVksUUFBQSxNQUFNLEdBQUc7SUFDcEIsSUFBSSxFQUFFLDJCQUEyQjtJQUNqQyxRQUFRLEVBQUUsV0FBVyxFQUFFLHlCQUF5QjtDQUNqRCxDQUFBIn0=

package/.medusa/server/src/modules/account-deletion-request/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccountDeletionRequestStatus = exports.AccountDeletionRequest = exports.AccountDeletionRequestService = exports.ACCOUNT_DELETION_REQUEST_MODULE = void 0;
+const utils_1 = require("@medusajs/framework/utils");
+const service_1 = __importDefault(require("./service"));
+exports.AccountDeletionRequestService = service_1.default;
+exports.ACCOUNT_DELETION_REQUEST_MODULE = "account_deletion_request";
+exports.default = (0, utils_1.Module)(exports.ACCOUNT_DELETION_REQUEST_MODULE, {
+    service: service_1.default,
+});
+var account_deletion_request_1 = require("./models/account-deletion-request");
+Object.defineProperty(exports, "AccountDeletionRequest", { enumerable: true, get: function () { return account_deletion_request_1.AccountDeletionRequest; } });
+Object.defineProperty(exports, "AccountDeletionRequestStatus", { enumerable: true, get: function () { return account_deletion_request_1.AccountDeletionRequestStatus; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi9zcmMvbW9kdWxlcy9hY2NvdW50LWRlbGV0aW9uLXJlcXVlc3QvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEscURBQWtEO0FBQ2xELHdEQUFxRDtBQVE1Qyx3Q0FSRixpQkFBNkIsQ0FRRTtBQU56QixRQUFBLCtCQUErQixHQUFHLDBCQUEwQixDQUFBO0FBRXpFLGtCQUFlLElBQUEsY0FBTSxFQUFDLHVDQUErQixFQUFFO0lBQ3JELE9BQU8sRUFBRSxpQkFBNkI7Q0FDdkMsQ0FBQyxDQUFBO0FBR0YsOEVBSTBDO0FBSHhDLGtJQUFBLHNCQUFzQixPQUFBO0FBQ3RCLHdJQUFBLDRCQUE0QixPQUFBIn0=

package/.medusa/server/src/modules/account-deletion-request/migrations/Migration20250221000000CreateAccountDeletionRequestTable.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Migration20250221000000CreateAccountDeletionRequestTable = void 0;
+const migrations_1 = require("@mikro-orm/migrations");
+class Migration20250221000000CreateAccountDeletionRequestTable extends migrations_1.Migration {
+    async up() {
+        this.addSql(`
+      CREATE TABLE "account_deletion_request" (
+        "id" TEXT NOT NULL,
+        "customer_id" TEXT NOT NULL,
+        "reason" TEXT NULL,
+        "deletion_scheduled_at" TIMESTAMP WITH TIME ZONE NULL,
+        "status" TEXT NOT NULL DEFAULT 'pending' CHECK ("status" IN ('pending', 'confirmed', 'cancelled')),
+        "cancelled_at" TIMESTAMP WITH TIME ZONE NULL,
+        "created_at" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
+        "updated_at" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
+        "deleted_at" TIMESTAMP WITH TIME ZONE NULL,
+        CONSTRAINT "account_deletion_request_pkey" PRIMARY KEY ("id")
+      );
+    `);
+        this.addSql(`
+      CREATE INDEX "IDX_account_deletion_request_customer_id"
+      ON "account_deletion_request" ("customer_id");
+    `);
+        this.addSql(`
+      CREATE INDEX "IDX_account_deletion_request_status"
+      ON "account_deletion_request" ("status");
+    `);
+        this.addSql(`
+      CREATE INDEX "IDX_account_deletion_request_created_at"
+      ON "account_deletion_request" ("created_at");
+    `);
+    }
+    async down() {
+        this.addSql(`DROP INDEX IF EXISTS "IDX_account_deletion_request_created_at";`);
+        this.addSql(`DROP INDEX IF EXISTS "IDX_account_deletion_request_status";`);
+        this.addSql(`DROP INDEX IF EXISTS "IDX_account_deletion_request_customer_id";`);
+        this.addSql(`DROP TABLE IF EXISTS "account_deletion_request";`);
+    }
+}
+exports.Migration20250221000000CreateAccountDeletionRequestTable = Migration20250221000000CreateAccountDeletionRequestTable;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTWlncmF0aW9uMjAyNTAyMjEwMDAwMDBDcmVhdGVBY2NvdW50RGVsZXRpb25SZXF1ZXN0VGFibGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9zcmMvbW9kdWxlcy9hY2NvdW50LWRlbGV0aW9uLXJlcXVlc3QvbWlncmF0aW9ucy9NaWdyYXRpb24yMDI1MDIyMTAwMDAwMENyZWF0ZUFjY291bnREZWxldGlvblJlcXVlc3RUYWJsZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxzREFBaUQ7QUFFakQsTUFBYSx3REFBeUQsU0FBUSxzQkFBUztJQUNyRixLQUFLLENBQUMsRUFBRTtRQUNOLElBQUksQ0FBQyxNQUFNLENBQUM7Ozs7Ozs7Ozs7Ozs7S0FhWCxDQUFDLENBQUE7UUFDRixJQUFJLENBQUMsTUFBTSxDQUFDOzs7S0FHWCxDQUFDLENBQUE7UUFDRixJQUFJLENBQUMsTUFBTSxDQUFDOzs7S0FHWCxDQUFDLENBQUE7UUFDRixJQUFJLENBQUMsTUFBTSxDQUFDOzs7S0FHWCxDQUFDLENBQUE7SUFDSixDQUFDO0lBRUQsS0FBSyxDQUFDLElBQUk7UUFDUixJQUFJLENBQUMsTUFBTSxDQUFDLGlFQUFpRSxDQUFDLENBQUE7UUFDOUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyw2REFBNkQsQ0FBQyxDQUFBO1FBQzFFLElBQUksQ0FBQyxNQUFNLENBQUMsa0VBQWtFLENBQUMsQ0FBQTtRQUMvRSxJQUFJLENBQUMsTUFBTSxDQUFDLGtEQUFrRCxDQUFDLENBQUE7SUFDakUsQ0FBQztDQUNGO0FBcENELDRIQW9DQyJ9

package/.medusa/server/src/modules/account-deletion-request/migrations/Migration20250221100000AddCompletedStatusToAccountDeletionRequest.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Migration20250221100000AddCompletedStatusToAccountDeletionRequest = void 0;
+const migrations_1 = require("@mikro-orm/migrations");
+class Migration20250221100000AddCompletedStatusToAccountDeletionRequest extends migrations_1.Migration {
+    async up() {
+        this.addSql(`
+      ALTER TABLE "account_deletion_request"
+      DROP CONSTRAINT IF EXISTS "account_deletion_request_status_check";
+    `);
+        this.addSql(`
+      ALTER TABLE "account_deletion_request"
+      ADD CONSTRAINT "account_deletion_request_status_check"
+      CHECK ("status" IN ('pending', 'confirmed', 'cancelled', 'completed'));
+    `);
+    }
+    async down() {
+        this.addSql(`
+      ALTER TABLE "account_deletion_request"
+      DROP CONSTRAINT IF EXISTS "account_deletion_request_status_check";
+    `);
+        this.addSql(`
+      ALTER TABLE "account_deletion_request"
+      ADD CONSTRAINT "account_deletion_request_status_check"
+      CHECK ("status" IN ('pending', 'confirmed', 'cancelled'));
+    `);
+    }
+}
+exports.Migration20250221100000AddCompletedStatusToAccountDeletionRequest = Migration20250221100000AddCompletedStatusToAccountDeletionRequest;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTWlncmF0aW9uMjAyNTAyMjExMDAwMDBBZGRDb21wbGV0ZWRTdGF0dXNUb0FjY291bnREZWxldGlvblJlcXVlc3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9zcmMvbW9kdWxlcy9hY2NvdW50LWRlbGV0aW9uLXJlcXVlc3QvbWlncmF0aW9ucy9NaWdyYXRpb24yMDI1MDIyMTEwMDAwMEFkZENvbXBsZXRlZFN0YXR1c1RvQWNjb3VudERlbGV0aW9uUmVxdWVzdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxzREFBaUQ7QUFFakQsTUFBYSxpRUFBa0UsU0FBUSxzQkFBUztJQUM5RixLQUFLLENBQUMsRUFBRTtRQUNOLElBQUksQ0FBQyxNQUFNLENBQUM7OztLQUdYLENBQUMsQ0FBQTtRQUNGLElBQUksQ0FBQyxNQUFNLENBQUM7Ozs7S0FJWCxDQUFDLENBQUE7SUFDSixDQUFDO0lBRUQsS0FBSyxDQUFDLElBQUk7UUFDUixJQUFJLENBQUMsTUFBTSxDQUFDOzs7S0FHWCxDQUFDLENBQUE7UUFDRixJQUFJLENBQUMsTUFBTSxDQUFDOzs7O0tBSVgsQ0FBQyxDQUFBO0lBQ0osQ0FBQztDQUNGO0FBeEJELDhJQXdCQyJ9

package/.medusa/server/src/modules/account-deletion-request/models/account-deletion-request.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccountDeletionRequest = exports.AccountDeletionRequestStatus = void 0;
+const utils_1 = require("@medusajs/framework/utils");
+exports.AccountDeletionRequestStatus = {
+    PENDING: "pending",
+    CONFIRMED: "confirmed",
+    CANCELLED: "cancelled",
+    COMPLETED: "completed",
+};
+exports.AccountDeletionRequest = utils_1.model
+    .define("account_deletion_request", {
+    id: utils_1.model.id().primaryKey(),
+    customer_id: utils_1.model.text().searchable(),
+    reason: utils_1.model.text().nullable(),
+    deletion_scheduled_at: utils_1.model.dateTime().nullable(),
+    status: utils_1.model
+        .enum(["pending", "confirmed", "cancelled", "completed"])
+        .default("pending"),
+    cancelled_at: utils_1.model.dateTime().nullable(),
+})
+    .indexes([
+    { name: "IDX_account_deletion_request_customer_id", on: ["customer_id"] },
+    { name: "IDX_account_deletion_request_status", on: ["status"] },
+]);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjb3VudC1kZWxldGlvbi1yZXF1ZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vLi4vc3JjL21vZHVsZXMvYWNjb3VudC1kZWxldGlvbi1yZXF1ZXN0L21vZGVscy9hY2NvdW50LWRlbGV0aW9uLXJlcXVlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEscURBQWlEO0FBRXBDLFFBQUEsNEJBQTRCLEdBQUc7SUFDMUMsT0FBTyxFQUFFLFNBQVM7SUFDbEIsU0FBUyxFQUFFLFdBQVc7SUFDdEIsU0FBUyxFQUFFLFdBQVc7SUFDdEIsU0FBUyxFQUFFLFdBQVc7Q0FDZCxDQUFBO0FBS0csUUFBQSxzQkFBc0IsR0FBRyxhQUFLO0tBQ3hDLE1BQU0sQ0FBQywwQkFBMEIsRUFBRTtJQUNsQyxFQUFFLEVBQUUsYUFBSyxDQUFDLEVBQUUsRUFBRSxDQUFDLFVBQVUsRUFBRTtJQUMzQixXQUFXLEVBQUUsYUFBSyxDQUFDLElBQUksRUFBRSxDQUFDLFVBQVUsRUFBRTtJQUN0QyxNQUFNLEVBQUUsYUFBSyxDQUFDLElBQUksRUFBRSxDQUFDLFFBQVEsRUFBRTtJQUMvQixxQkFBcUIsRUFBRSxhQUFLLENBQUMsUUFBUSxFQUFFLENBQUMsUUFBUSxFQUFFO0lBQ2xELE1BQU0sRUFBRSxhQUFLO1NBQ1YsSUFBSSxDQUFDLENBQUMsU0FBUyxFQUFFLFdBQVcsRUFBRSxXQUFXLEVBQUUsV0FBVyxDQUFDLENBQUM7U0FDeEQsT0FBTyxDQUFDLFNBQVMsQ0FBQztJQUNyQixZQUFZLEVBQUUsYUFBSyxDQUFDLFFBQVEsRUFBRSxDQUFDLFFBQVEsRUFBRTtDQUMxQyxDQUFDO0tBQ0QsT0FBTyxDQUFDO0lBQ1AsRUFBRSxJQUFJLEVBQUUsMENBQTBDLEVBQUUsRUFBRSxFQUFFLENBQUMsYUFBYSxDQUFDLEVBQUU7SUFDekUsRUFBRSxJQUFJLEVBQUUscUNBQXFDLEVBQUUsRUFBRSxFQUFFLENBQUMsUUFBUSxDQUFDLEVBQUU7Q0FDaEUsQ0FBQyxDQUFBIn0=

package/.medusa/server/src/modules/account-deletion-request/service.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@medusajs/framework/utils");
+const account_deletion_request_1 = require("./models/account-deletion-request");
+class AccountDeletionRequestService extends (0, utils_1.MedusaService)({
+    AccountDeletionRequest: account_deletion_request_1.AccountDeletionRequest,
+}) {
+    constructor(container, moduleOptions, moduleDeclaration) {
+        super(container, moduleOptions, moduleDeclaration);
+        this.manager_ = container.manager;
+    }
+    /**
+     * Create the account_deletion_request row only when the customer confirms (OTP verified).
+     * Throws if the customer already has an active (pending or confirmed) request.
+     */
+    async createConfirmed(customer_id, deletion_scheduled_at) {
+        const active = await this.getActiveByCustomerId(customer_id);
+        if (active) {
+            throw new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "An active deletion request already exists for this customer.");
+        }
+        const result = await this.createAccountDeletionRequests({
+            customer_id,
+            reason: null,
+            deletion_scheduled_at,
+            status: "confirmed",
+            cancelled_at: null,
+        });
+        return Array.isArray(result) ? result[0] : result;
+    }
+    async cancelRequest(customer_id) {
+        const active = await this.getActiveByCustomerId(customer_id);
+        if (!active) {
+            throw new utils_1.MedusaError(utils_1.MedusaError.Types.NOT_FOUND, "No active deletion request found for this customer.");
+        }
+        const now = new Date();
+        await this.updateAccountDeletionRequests({
+            selector: { id: active.id },
+            data: {
+                status: "cancelled",
+                cancelled_at: now,
+            },
+        });
+        const [updated] = await this.listAccountDeletionRequests({ id: active.id }, { take: 1 });
+        return updated;
+    }
+    async getActiveByCustomerId(customer_id) {
+        const requests = await this.listAccountDeletionRequests({ customer_id }, { take: 10, order: { created_at: "DESC" } });
+        return (requests.find((r) => r.status === "pending" || r.status === "confirmed") ?? null);
+    }
+    /**
+     * Returns true if the customer has an account_deletion_request with status "pending".
+     * Used by login guard to block sign-in for pending accounts.
+     */
+    async hasPendingRequest(customerId) {
+        const rows = await this.listAccountDeletionRequests({ customer_id: customerId, status: "pending" }, { take: 1 });
+        return rows.length > 0;
+    }
+    /**
+     * Returns true if the customer has an active deletion request (pending or confirmed).
+     * Used by middleware to block store API access until deletion is completed or cancelled.
+     */
+    async hasActiveRequest(customerId) {
+        const active = await this.getActiveByCustomerId(customerId);
+        return active != null;
+    }
+    async listForAdmin(selector = {}, listConfig = {}) {
+        const { take = 20, skip = 0, order = { created_at: "DESC" } } = listConfig;
+        const [requests, count] = await this.listAndCountAccountDeletionRequests(selector, { take, skip, order });
+        return { requests, count };
+    }
+    /**
+     * List requests due for deletion: status = confirmed and deletion_scheduled_at <= now.
+     */
+    async listDueForDeletion(limit = 50) {
+        const now = new Date();
+        const requests = await this.listAccountDeletionRequests({ status: "confirmed" }, { take: limit, order: { deletion_scheduled_at: "ASC" } });
+        return requests.filter((r) => r.deletion_scheduled_at != null && r.deletion_scheduled_at <= now);
+    }
+    /**
+     * Mark a request as completed (after customer and auth identity have been deleted).
+     */
+    async markCompleted(id) {
+        await this.updateAccountDeletionRequests({
+            selector: { id },
+            data: { status: "completed" },
+        });
+    }
+}
+exports.default = AccountDeletionRequestService;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3NyYy9tb2R1bGVzL2FjY291bnQtZGVsZXRpb24tcmVxdWVzdC9zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEscURBQXNFO0FBRXRFLGdGQUEwRTtBQWlCMUUsTUFBcUIsNkJBQThCLFNBQVEsSUFBQSxxQkFBYSxFQUFDO0lBQ3ZFLHNCQUFzQixFQUF0QixpREFBc0I7Q0FDdkIsQ0FBQztJQUdBLFlBQ0UsU0FBK0IsRUFDL0IsYUFBdUMsRUFDdkMsaUJBQXlEO1FBRXpELEtBQUssQ0FBQyxTQUFTLEVBQUUsYUFBYSxFQUFFLGlCQUFpQixDQUFDLENBQUE7UUFDbEQsSUFBSSxDQUFDLFFBQVEsR0FBRyxTQUFTLENBQUMsT0FBTyxDQUFBO0lBQ25DLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsZUFBZSxDQUNuQixXQUFtQixFQUNuQixxQkFBMkI7UUFFM0IsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQUMsV0FBVyxDQUFDLENBQUE7UUFDNUQsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSxtQkFBVyxDQUNuQixtQkFBVyxDQUFDLEtBQUssQ0FBQyxZQUFZLEVBQzlCLDhEQUE4RCxDQUMvRCxDQUFBO1FBQ0gsQ0FBQztRQUNELE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLDZCQUE2QixDQUFDO1lBQ3RELFdBQVc7WUFDWCxNQUFNLEVBQUUsSUFBSTtZQUNaLHFCQUFxQjtZQUNyQixNQUFNLEVBQUUsV0FBK0M7WUFDdkQsWUFBWSxFQUFFLElBQUk7U0FDbkIsQ0FBQyxDQUFBO1FBQ0YsT0FBTyxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQTtJQUNwRCxDQUFDO0lBRUQsS0FBSyxDQUFDLGFBQWEsQ0FBQyxXQUFtQjtRQUNyQyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxXQUFXLENBQUMsQ0FBQTtRQUM1RCxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDWixNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUMzQixxREFBcUQsQ0FDdEQsQ0FBQTtRQUNILENBQUM7UUFDRCxNQUFNLEdBQUcsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFBO1FBQ3RCLE1BQU0sSUFBSSxDQUFDLDZCQUE2QixDQUFDO1lBQ3ZDLFFBQVEsRUFBRSxFQUFFLEVBQUUsRUFBRSxNQUFNLENBQUMsRUFBRSxFQUFFO1lBQzNCLElBQUksRUFBRTtnQkFDSixNQUFNLEVBQUUsV0FBK0M7Z0JBQ3ZELFlBQVksRUFBRSxHQUFHO2FBQ2xCO1NBQ0YsQ0FBQyxDQUFBO1FBQ0YsTUFBTSxDQUFDLE9BQU8sQ0FBQyxHQUFHLE1BQU0sSUFBSSxDQUFDLDJCQUEyQixDQUN0RCxFQUFFLEVBQUUsRUFBRSxNQUFNLENBQUMsRUFBRSxFQUFFLEVBQ2pCLEVBQUUsSUFBSSxFQUFFLENBQUMsRUFBRSxDQUNaLENBQUE7UUFDRCxPQUFPLE9BQU8sQ0FBQTtJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLHFCQUFxQixDQUFDLFdBQW1CO1FBQzdDLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLDJCQUEyQixDQUNyRCxFQUFFLFdBQVcsRUFBRSxFQUNmLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxLQUFLLEVBQUUsRUFBRSxVQUFVLEVBQUUsTUFBTSxFQUFFLEVBQUUsQ0FDNUMsQ0FBQTtRQUNELE9BQU8sQ0FDTCxRQUFRLENBQUMsSUFBSSxDQUNYLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxLQUFLLFNBQVMsSUFBSSxDQUFDLENBQUMsTUFBTSxLQUFLLFdBQVcsQ0FDMUQsSUFBSSxJQUFJLENBQ1YsQ0FBQTtJQUNILENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsaUJBQWlCLENBQUMsVUFBa0I7UUFDeEMsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsMkJBQTJCLENBQ2pELEVBQUUsV0FBVyxFQUFFLFVBQVUsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLEVBQzlDLEVBQUUsSUFBSSxFQUFFLENBQUMsRUFBRSxDQUNaLENBQUE7UUFDRCxPQUFPLElBQUksQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFBO0lBQ3hCLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsVUFBa0I7UUFDdkMsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQUMsVUFBVSxDQUFDLENBQUE7UUFDM0QsT0FBTyxNQUFNLElBQUksSUFBSSxDQUFBO0lBQ3ZCLENBQUM7SUFFRCxLQUFLLENBQUMsWUFBWSxDQUNoQixXQUFvQyxFQUFFLEVBQ3RDLGFBQXlCLEVBQUU7UUFFM0IsTUFBTSxFQUFFLElBQUksR0FBRyxFQUFFLEVBQUUsSUFBSSxHQUFHLENBQUMsRUFBRSxLQUFLLEdBQUcsRUFBRSxVQUFVLEVBQUUsTUFBTSxFQUFFLEVBQUUsR0FBRyxVQUFVLENBQUE7UUFDMUUsTUFBTSxDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsR0FBRyxNQUFNLElBQUksQ0FBQyxtQ0FBbUMsQ0FDdEUsUUFBUSxFQUNSLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsQ0FDdEIsQ0FBQTtRQUNELE9BQU8sRUFBRSxRQUFRLEVBQUUsS0FBSyxFQUFFLENBQUE7SUFDNUIsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLGtCQUFrQixDQUFDLEtBQUssR0FBRyxFQUFFO1FBQ2pDLE1BQU0sR0FBRyxHQUFHLElBQUksSUFBSSxFQUFFLENBQUE7UUFDdEIsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsMkJBQTJCLENBQ3JELEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxFQUN2QixFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsS0FBSyxFQUFFLEVBQUUscUJBQXFCLEVBQUUsS0FBSyxFQUFFLEVBQUUsQ0FDekQsQ0FBQTtRQUNELE9BQU8sUUFBUSxDQUFDLE1BQU0sQ0FDcEIsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUNKLENBQUMsQ0FBQyxxQkFBcUIsSUFBSSxJQUFJLElBQUksQ0FBQyxDQUFDLHFCQUFxQixJQUFJLEdBQUcsQ0FDcEUsQ0FBQTtJQUNILENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQUMsRUFBVTtRQUM1QixNQUFNLElBQUksQ0FBQyw2QkFBNkIsQ0FBQztZQUN2QyxRQUFRLEVBQUUsRUFBRSxFQUFFLEVBQUU7WUFDaEIsSUFBSSxFQUFFLEVBQUUsTUFBTSxFQUFFLFdBQStDLEVBQUU7U0FDbEUsQ0FBQyxDQUFBO0lBQ0osQ0FBQztDQUNGO0FBbklELGdEQW1JQyJ9