🗑️ fix: Remove All User Metadata on Deletion (#10534)

* remove all user metadata on deletion

* chore: import order

* fix: Update JSDoc types for deleteMessages function parameters and return value

* fix: Enhance user deletion process by removing associated data and updating group memberships

* fix: Add missing config middleware to user deletion route

* fix: Refactor agent and prompt deletion processes to bulk delete and remove associated ACL entries

* fix: Add deletion of OAuth tokens and ACL entries in user deletion process

---------

Co-authored-by: Danny Avila <danny@librechat.ai>

api/models/Agent.js

@@ -12,8 +12,8 @@ const {
 } = require('./Project');
 const { removeAllPermissions } = require('~/server/services/PermissionService');
 const { getMCPServerTools } = require('~/server/services/Config');
+const { Agent, AclEntry } = require('~/db/models');
 const { getActions } = require('./Action');
-const { Agent } = require('~/db/models');
 
 /**
  * Create an agent with the provided data.
@@ -539,6 +539,37 @@ const deleteAgent = async (searchParameter) => {
   return agent;
 };
 
+/**
+ * Deletes all agents created by a specific user.
+ * @param {string} userId - The ID of the user whose agents should be deleted.
+ * @returns {Promise<void>} A promise that resolves when all user agents have been deleted.
+ */
+const deleteUserAgents = async (userId) => {
+  try {
+    const userAgents = await getAgents({ author: userId });
+
+    if (userAgents.length === 0) {
+      return;
+    }
+
+    const agentIds = userAgents.map((agent) => agent.id);
+    const agentObjectIds = userAgents.map((agent) => agent._id);
+
+    for (const agentId of agentIds) {
+      await removeAgentFromAllProjects(agentId);
+    }
+
+    await AclEntry.deleteMany({
+      resourceType: ResourceType.AGENT,
+      resourceId: { $in: agentObjectIds },
+    });
+
+    await Agent.deleteMany({ author: userId });
+  } catch (error) {
+    logger.error('[deleteUserAgents] General error:', error);
+  }
+};
+
 /**
  * Get agents by accessible IDs with optional cursor-based pagination.
  * @param {Object} params - The parameters for getting accessible agents.
@@ -856,6 +887,7 @@ module.exports = {
   createAgent,
   updateAgent,
   deleteAgent,
+  deleteUserAgents,
   getListAgents,
   revertAgentVersion,
   updateAgentProjects,

api/models/Message.js

@@ -346,8 +346,8 @@ async function getMessage({ user, messageId }) {
  *
  * @async
  * @function deleteMessages
- * @param {Object} filter - The filter criteria to find messages to delete.
- * @returns {Promise<Object>} The metadata with count of deleted messages.
+ * @param {import('mongoose').FilterQuery<import('mongoose').Document>} filter - The filter criteria to find messages to delete.
+ * @returns {Promise<import('mongoose').DeleteResult>} The metadata with count of deleted messages.
  * @throws {Error} If there is an error in deleting messages.
  */
 async function deleteMessages(filter) {

api/models/Prompt.js

@@ -13,7 +13,7 @@ const {
   getProjectByName,
 } = require('./Project');
 const { removeAllPermissions } = require('~/server/services/PermissionService');
-const { PromptGroup, Prompt } = require('~/db/models');
+const { PromptGroup, Prompt, AclEntry } = require('~/db/models');
 const { escapeRegExp } = require('~/server/utils');
 
 /**
@@ -591,6 +591,36 @@ module.exports = {
       return { prompt: 'Prompt deleted successfully' };
     }
   },
+  /**
+   * Delete all prompts and prompt groups created by a specific user.
+   * @param {ServerRequest} req - The server request object.
+   * @param {string} userId - The ID of the user whose prompts and prompt groups are to be deleted.
+   */
+  deleteUserPrompts: async (req, userId) => {
+    try {
+      const promptGroups = await getAllPromptGroups(req, { author: new ObjectId(userId) });
+
+      if (promptGroups.length === 0) {
+        return;
+      }
+
+      const groupIds = promptGroups.map((group) => group._id);
+
+      for (const groupId of groupIds) {
+        await removeGroupFromAllProjects(groupId);
+      }
+
+      await AclEntry.deleteMany({
+        resourceType: ResourceType.PROMPTGROUP,
+        resourceId: { $in: groupIds },
+      });
+
+      await PromptGroup.deleteMany({ author: new ObjectId(userId) });
+      await Prompt.deleteMany({ author: new ObjectId(userId) });
+    } catch (error) {
+      logger.error('[deleteUserPrompts] General error:', error);
+    }
+  },
   /**
    * Update prompt group
    * @param {Partial<MongoPromptGroup>} filter - Filter to find prompt group