feat: add delete-account Cloud Function for permanent user auth deletion (#758)

[Muneerali199]

Summary

Fixes #758 — Account Deletion Does Not Permanently Remove User Data.

The Appwrite client SDK has no hard-delete endpoint for auth accounts. Without a server-side call, the auth record persists indefinitely even after the user's profile data is removed, meaning the user could theoretically re-authenticate with old credentials or the account occupies space in the system.

This PR adds a new delete-account Cloud Function that calls the Appwrite Users API (users.deleteUser) server-side to permanently and irreversibly remove the auth account.

What this PR does

• Adds functions/delete-account/ with src/main.js, src/utils.js, and package.json
• Registers the function in appwrite.json with users.read + users.write scopes
• The function reads x-appwrite-user-id from the request header (set automatically by Appwrite for authenticated invocations) — ensuring a user can only delete their own account
• Returns 401 if no authenticated user is present, 500 on Appwrite error, 200 on success

Deletion flow (end-to-end)

The Flutter client (see related PR) handles:

1. Delete profile picture from user-images storage bucket
2. Delete username document from usernames collection
3. Delete user profile document from users collection
4. Invoke this Cloud Function → hard-deletes the auth account
5. Call account.deleteSessions() to invalidate any remaining tokens
6. Navigate to welcome screen

Appwrite cascade relationships automatically handle deletion of followers and friends sub-documents.

Related

• Flutter app PR: fix: implement account deletion to permanently remove user data (#758) Resonate#786
• Issue: #758

[coderabbitai]

Warning

Rate limit exceeded

@Muneerali199 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 7 minutes and 51 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0d749fee-a66e-4759-b5f3-96299566e05f

📥 Commits

Reviewing files that changed from the base of the PR and between 795f29b and f7755cb.

📒 Files selected for processing (4)

• appwrite.json
• functions/delete-account/package.json
• functions/delete-account/src/main.js
• functions/delete-account/src/utils.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}