From 2cc1124dd8fc89060acc9e28bfb58342d58defba Mon Sep 17 00:00:00 2001
From: shanshanzhong <shanshanzhong147@gmail.com>
Date: Thu, 12 Mar 2026 06:23:11 -0700
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BB=BB=E4=BD=95=E4=BA=BA=E6=B3=A8?=
 =?UTF-8?q?=E9=94=80=E8=B4=A6=E5=8F=B7=E9=83=BD=E8=A7=A3=E6=95=A3=E6=95=B4?=
 =?UTF-8?q?=E4=B8=AA=E5=AE=B6=E5=BA=AD=E7=BB=84=EF=BC=8C=E5=88=A0=E9=99=A4?=
 =?UTF-8?q?=E6=89=80=E6=9C=89=E6=88=90=E5=91=98=E7=9A=84=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E6=96=B9=E5=BC=8F=E5=92=8C=E8=AE=A2=E9=98=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

统一 member/owner 注销逻辑：无论谁注销，都解散家庭、
删除所有成员的 AuthMethods + Subscribe、踢出所有设备、清除所有缓存。

Co-Authored-By: claude-flow <ruv@ruv.net>
---
 .../logic/public/user/deleteAccountLogic.go   | 138 ++++++++----------
 1 file changed, 59 insertions(+), 79 deletions(-)

diff --git a/internal/logic/public/user/deleteAccountLogic.go b/internal/logic/public/user/deleteAccountLogic.go
index 7d54d4b..71832e6 100644
--- a/internal/logic/public/user/deleteAccountLogic.go
+++ b/internal/logic/public/user/deleteAccountLogic.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/perfect-panel/server/internal/config"
 	"github.com/perfect-panel/server/internal/model/user"
@@ -44,78 +45,65 @@ func (l *DeleteAccountLogic) DeleteAccountAll() (resp *types.DeleteAccountRespon
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.InvalidAccess), "Invalid Access")
 	}
 
-	// 事务前先查出 AuthMethods，用于事务后精确清缓存
-	authMethods, _ := l.svcCtx.UserModel.FindUserAuthMethods(l.ctx, currentUser.Id)
-
-	// 事务前查出家庭关系，判断当前用户是否为 member 且 owner 是邮箱用户
-	var familyOwnerUserID int64
-	if relation, relErr := l.findActiveFamilyRelation(currentUser.Id); relErr == nil && relation.Role == user.FamilyRoleMember {
-		// 当前用户是 member，查 owner
-		var ownerMember user.UserFamilyMember
-		if ownerErr := l.svcCtx.DB.WithContext(l.ctx).
+	// 事务前：查找家庭关系，收集所有成员 ID
+	allMemberIDs := []int64{currentUser.Id}
+	var familyId int64
+	if relation, relErr := l.findActiveFamilyRelation(currentUser.Id); relErr == nil {
+		familyId = relation.FamilyId
+		var memberIDs []int64
+		if pluckErr := l.svcCtx.DB.WithContext(l.ctx).
 			Model(&user.UserFamilyMember{}).
-			Where("family_id = ? AND role = ? AND status = ?", relation.FamilyId, user.FamilyRoleOwner, user.FamilyMemberActive).
-			First(&ownerMember).Error; ownerErr == nil {
-			familyOwnerUserID = ownerMember.UserId
+			Where("family_id = ? AND status = ? AND deleted_at IS NULL", familyId, user.FamilyMemberActive).
+			Pluck("user_id", &memberIDs).Error; pluckErr == nil {
+			idSet := map[int64]struct{}{currentUser.Id: {}}
+			for _, id := range memberIDs {
+				if id > 0 {
+					if _, exists := idSet[id]; !exists {
+						idSet[id] = struct{}{}
+						allMemberIDs = append(allMemberIDs, id)
+					}
+				}
+			}
 		}
 	}
 
-	// 事务前查出 owner 的 AuthMethods（用于事务后清缓存）
-	var ownerAuthMethods []*user.AuthMethods
-	if familyOwnerUserID > 0 {
-		ownerAuthMethods, _ = l.svcCtx.UserModel.FindUserAuthMethods(l.ctx, familyOwnerUserID)
+	// 事务前：收集所有成员的 AuthMethods（事务后用于精确清缓存）
+	allAuthMethods := make([]*user.AuthMethods, 0)
+	for _, memberID := range allMemberIDs {
+		if ams, amErr := l.svcCtx.UserModel.FindUserAuthMethods(l.ctx, memberID); amErr == nil {
+			allAuthMethods = append(allAuthMethods, ams...)
+		}
 	}
 
-	affectedUserIDs := []int64{currentUser.Id}
+	// 事务内：解散家庭 + 删除所有成员的 AuthMethods + Subscribe
 	err = l.svcCtx.UserModel.Transaction(l.ctx, func(tx *gorm.DB) error {
-		familyUserIDs, collectErr := l.collectAffectedFamilyUserIDs(tx, currentUser.Id)
-		if collectErr != nil {
-			return collectErr
-		}
-		affectedUserIDs = familyUserIDs
-
-		exitHelper := newFamilyExitHelper(l.ctx, l.svcCtx)
-		if removeErr := exitHelper.removeUserFromActiveFamily(tx, currentUser.Id, true); removeErr != nil {
-			return removeErr
+		// 无论 member 还是 owner，都解散整个家庭
+		if familyId > 0 {
+			now := time.Now()
+			if txErr := tx.Model(&user.UserFamilyMember{}).
+				Where("family_id = ? AND status = ?", familyId, user.FamilyMemberActive).
+				Updates(map[string]interface{}{
+					"status":  user.FamilyMemberRemoved,
+					"left_at": now,
+				}).Error; txErr != nil {
+				return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "remove all family members failed")
+			}
+			if txErr := tx.Model(&user.UserFamily{}).
+				Where("id = ?", familyId).
+				Updates(map[string]interface{}{
+					"status": familyStatusDisabled,
+				}).Error; txErr != nil {
+				return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "disable family failed")
+			}
 		}
 
-		// 解绑所有登录方式（邮箱、手机等）
-		if err := tx.Where("user_id = ?", currentUser.Id).Delete(&user.AuthMethods{}).Error; err != nil {
-			return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "delete user auth methods failed")
-		}
-
-		// 删除该用户的所有订阅
-		if err := tx.Where("user_id = ?", currentUser.Id).Delete(&user.Subscribe{}).Error; err != nil {
-			return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseUpdateError), "delete user subscribes failed")
-		}
-
-		// 如果 owner（邮箱用户）没有其他活跃成员了，也清理 owner 的数据
-		if familyOwnerUserID > 0 {
-			var remainingMembers int64
-			if err := tx.Model(&user.UserFamilyMember{}).
-				Where("family_id IN (SELECT id FROM user_family WHERE owner_user_id = ? AND deleted_at IS NULL) AND status = ? AND deleted_at IS NULL",
-					familyOwnerUserID, user.FamilyMemberActive).
-				Count(&remainingMembers).Error; err == nil && remainingMembers <= 1 {
-				// 只剩 owner 自己（或没人了），清理 owner 数据
-				// 删除 owner 的 auth_methods
-				if err := tx.Where("user_id = ?", familyOwnerUserID).Delete(&user.AuthMethods{}).Error; err != nil {
-					l.Errorw("delete owner auth methods failed", logger.Field("owner_id", familyOwnerUserID), logger.Field("error", err.Error()))
-				}
-				// 删除 owner 的订阅
-				if err := tx.Where("user_id = ?", familyOwnerUserID).Delete(&user.Subscribe{}).Error; err != nil {
-					l.Errorw("delete owner subscribes failed", logger.Field("owner_id", familyOwnerUserID), logger.Field("error", err.Error()))
-				}
-				// 解散 owner 的家庭
-				exitHelper2 := newFamilyExitHelper(l.ctx, l.svcCtx)
-				if removeErr := exitHelper2.removeUserFromActiveFamily(tx, familyOwnerUserID, true); removeErr != nil {
-					l.Errorw("remove owner from family failed", logger.Field("owner_id", familyOwnerUserID), logger.Field("error", removeErr.Error()))
-				}
-				// 将 owner 加入 affectedUserIDs 以便清缓存
-				affectedUserIDs = append(affectedUserIDs, familyOwnerUserID)
-				l.Infow("cleaned up family owner (email user) on device account deletion",
-					logger.Field("device_user_id", currentUser.Id),
-					logger.Field("owner_user_id", familyOwnerUserID),
-				)
+		// 删除所有成员的 AuthMethods 和 Subscribe
+		for _, memberID := range allMemberIDs {
+			if txErr := tx.Where("user_id = ?", memberID).Delete(&user.AuthMethods{}).Error; txErr != nil {
+				l.Errorw("delete auth methods failed", logger.Field("user_id", memberID), logger.Field("error", txErr.Error()))
+			}
+			if txErr := tx.Where("user_id = ?", memberID).Delete(&user.Subscribe{}).Error; txErr != nil {
+				l.Errorw("delete subscribes failed", logger.Field("user_id", memberID), logger.Field("error", txErr.Error()))
 			}
 		}
 
@@ -125,29 +113,20 @@ func (l *DeleteAccountLogic) DeleteAccountAll() (resp *types.DeleteAccountRespon
 		return nil, err
 	}
 
-	l.clearAllSessions(currentUser.Id)
-
-	// Kick all affected family member devices + clear their sessions
-	for _, memberUserID := range affectedUserIDs {
-		if memberUserID == currentUser.Id {
-			continue
-		}
+	// 事务后：清除所有成员的 Session + 踢设备
+	for _, memberID := range allMemberIDs {
+		l.clearAllSessions(memberID)
 		var memberDevices []user.Device
 		l.svcCtx.DB.WithContext(l.ctx).
 			Model(&user.Device{}).
-			Where("user_id = ?", memberUserID).
+			Where("user_id = ?", memberID).
 			Find(&memberDevices)
-
 		for _, d := range memberDevices {
 			l.svcCtx.DeviceManager.KickDevice(d.UserId, d.Identifier)
 		}
-		l.clearAllSessions(memberUserID)
 	}
 
-	// 主动清 auth method 相关缓存（含 email/mobile 等 key），避免缓存未命中时无法生成正确 key
-	allAuthMethods := make([]*user.AuthMethods, 0)
-	allAuthMethods = append(allAuthMethods, authMethods...)
-	allAuthMethods = append(allAuthMethods, ownerAuthMethods...)
+	// 清除 auth method 相关缓存（email key 等）
 	if len(allAuthMethods) > 0 {
 		var authCacheKeys []string
 		for _, am := range allAuthMethods {
@@ -165,10 +144,11 @@ func (l *DeleteAccountLogic) DeleteAccountAll() (resp *types.DeleteAccountRespon
 		}
 	}
 
-	if cacheErr := l.clearUserAndSubscribeCaches(affectedUserIDs); cacheErr != nil {
+	// 清除所有成员的 user + subscribe 缓存
+	if cacheErr := l.clearUserAndSubscribeCaches(allMemberIDs); cacheErr != nil {
 		l.Errorw("clear user related cache failed",
 			logger.Field("user_id", currentUser.Id),
-			logger.Field("affected_user_ids", affectedUserIDs),
+			logger.Field("affected_user_ids", allMemberIDs),
 			logger.Field("error", cacheErr.Error()),
 		)
 	}