fix: cascade-delete all vault child tables to prevent PostgreSQL FK violations

DeleteVault only deleted UserVault, Contact, and Vault — missing 30+
related tables (seed data, contact children, pivot tables). SQLite
silently ignored the orphan references, but PostgreSQL enforced FK
constraints and rejected the deletion.

Now deleteVaultCascade properly cleans up everything in FK-safe order.
Also fixed AccountCancelService.Cancel which had the same bug.

Closes Discussion #68

Co-authored-by: naiba/CloudCode <hi+cloudcode@nai.ba>

Author: naiba

server/internal/services/account_cancel.go

@@ -37,16 +37,12 @@ func (s *AccountCancelService) Cancel(userID, accountID, password string) error
 		if err := tx.Where("account_id = ?", accountID).Find(&vaults).Error; err != nil {
 			return err
 		}
+		// Reuse deleteVaultCascade (same package) to properly clean up all
+		// vault child tables — fixes the same incomplete-deletion bug as DeleteVault.
 		for _, v := range vaults {
-			if err := tx.Where("vault_id = ?", v.ID).Delete(&models.UserVault{}).Error; err != nil {
+			if err := deleteVaultCascade(tx, v.ID); err != nil {
 				return err
 			}
-			if err := tx.Where("vault_id = ?", v.ID).Delete(&models.Contact{}).Error; err != nil {
-				return err
-			}
-		}
-		if err := tx.Where("account_id = ?", accountID).Delete(&models.Vault{}).Error; err != nil {
-			return err
 		}
 		if err := tx.Where("account_id = ?", accountID).Delete(&models.User{}).Error; err != nil {
 			return err

server/internal/services/vault.go

@@ -141,14 +141,203 @@ func (s *VaultService) DeleteVault(vaultID string) error {
 	}
 
 	return s.db.Transaction(func(tx *gorm.DB) error {
-		if err := tx.Where("vault_id = ?", vaultID).Delete(&models.UserVault{}).Error; err != nil {
+		return deleteVaultCascade(tx, vaultID)
+	})
+}
+
+// deleteVaultCascade deletes ALL data associated with a vault in the correct order
+// to respect foreign key constraints. Discussion #68.
+//
+// Deletion order rationale:
+//  1. Collect all contact IDs in the vault (including soft-deleted contacts)
+//  2. Delete deepest children first: ContactReminderScheduled, Streaks, LifeEvents,
+//     PostMetrics, PostSections, PostTags, etc.
+//  3. Delete contact-level children: reminders, goals, notes, tasks, pivots, etc.
+//  4. Delete vault-level children: journals, timeline events, labels, etc.
+//  5. Delete contacts themselves
+//  6. Delete the vault
+func deleteVaultCascade(tx *gorm.DB, vaultID string) error {
+	// Step 1: Collect ALL contact IDs in this vault (including soft-deleted ones,
+	// since child tables still reference them).
+	var contactIDs []string
+	if err := tx.Model(&models.Contact{}).Unscoped().
+		Where("vault_id = ?", vaultID).
+		Pluck("id", &contactIDs).Error; err != nil {
+		return err
+	}
+
+	// Step 2: Delete contact-level children (deepest grandchildren first).
+	if len(contactIDs) > 0 {
+		// --- Grandchildren (depend on contact children) ---
+
+		// ContactReminderScheduled → depends on ContactReminder
+		if err := tx.Where("contact_reminder_id IN (?)",
+			tx.Model(&models.ContactReminder{}).Select("id").Where("contact_id IN ?", contactIDs),
+		).Delete(&models.ContactReminderScheduled{}).Error; err != nil {
 			return err
 		}
-		if err := tx.Where("vault_id = ?", vaultID).Delete(&models.Contact{}).Error; err != nil {
+
+		// Streak → depends on Goal
+		if err := tx.Where("goal_id IN (?)",
+			tx.Model(&models.Goal{}).Select("id").Where("contact_id IN ?", contactIDs),
+		).Delete(&models.Streak{}).Error; err != nil {
 			return err
 		}
-		return tx.Delete(&vault).Error
-	})
+
+		// --- Contact-level children (direct FK to contact_id) ---
+
+		contactChildModels := []interface{}{
+			&models.ContactInformation{},
+			&models.ContactImportantDate{},
+			&models.ContactReminder{},
+			&models.ContactTask{},
+			&models.ContactFeedItem{},
+			&models.Call{},
+			&models.Pet{},
+			&models.Goal{},
+			&models.Gift{},
+			&models.Relationship{},
+			&models.MoodTrackingEvent{},
+			&models.QuickFact{},
+			&models.Note{}, // Note has both contact_id and vault_id; delete by contact_id here
+		}
+		for _, m := range contactChildModels {
+			if err := tx.Where("contact_id IN ?", contactIDs).Delete(m).Error; err != nil {
+				return err
+			}
+		}
+
+		// Also delete Relationships where this vault's contacts are the "related" side
+		if err := tx.Where("related_contact_id IN ?", contactIDs).Delete(&models.Relationship{}).Error; err != nil {
+			return err
+		}
+
+		// --- Pivot tables (contact_id FK) ---
+
+		contactPivotModels := []interface{}{
+			&models.ContactLabel{},
+			&models.ContactGroup{},
+			&models.ContactAddress{},
+			&models.ContactPost{},
+			&models.ContactCompany{},
+			&models.ContactLifeMetric{},
+			&models.LifeEventParticipant{},
+			&models.TimelineEventParticipant{},
+			&models.ContactSubscriptionState{},
+		}
+		for _, m := range contactPivotModels {
+			if err := tx.Where("contact_id IN ?", contactIDs).Delete(m).Error; err != nil {
+				return err
+			}
+		}
+
+		// ContactLoan pivot uses loaner_id / loanee_id instead of contact_id
+		if err := tx.Where("loaner_id IN ? OR loanee_id IN ?", contactIDs, contactIDs).
+			Delete(&models.ContactLoan{}).Error; err != nil {
+			return err
+		}
+
+		// ContactGift pivot uses loaner_id / loanee_id (same pattern as ContactLoan)
+		if err := tx.Where("loaner_id IN ? OR loanee_id IN ?", contactIDs, contactIDs).
+			Delete(&models.ContactGift{}).Error; err != nil {
+			return err
+		}
+
+		// DavSyncLog has nullable contact_id
+		if err := tx.Where("contact_id IN ?", contactIDs).Delete(&models.DavSyncLog{}).Error; err != nil {
+			return err
+		}
+	}
+
+	// Step 3: Delete vault-level children (grandchildren of vault-scoped tables first).
+
+	// Journal cascade: PostMetric → PostSection → PostTag → ContactPost → Post → SliceOfLife → JournalMetric → Journal
+	var journalIDs []uint
+	tx.Model(&models.Journal{}).Where("vault_id = ?", vaultID).Pluck("id", &journalIDs)
+	if len(journalIDs) > 0 {
+		var postIDs []uint
+		tx.Model(&models.Post{}).Where("journal_id IN ?", journalIDs).Pluck("id", &postIDs)
+		if len(postIDs) > 0 {
+			tx.Where("post_id IN ?", postIDs).Delete(&models.PostMetric{})
+			tx.Where("post_id IN ?", postIDs).Delete(&models.PostSection{})
+			tx.Where("post_id IN ?", postIDs).Delete(&models.PostTag{})
+			tx.Where("post_id IN ?", postIDs).Delete(&models.ContactPost{})
+			tx.Where("id IN ?", postIDs).Delete(&models.Post{})
+		}
+
+		var journalMetricIDs []uint
+		tx.Model(&models.JournalMetric{}).Where("journal_id IN ?", journalIDs).Pluck("id", &journalMetricIDs)
+		if len(journalMetricIDs) > 0 {
+			// PostMetric references JournalMetricID — already deleted above via postIDs
+			tx.Where("id IN ?", journalMetricIDs).Delete(&models.JournalMetric{})
+		}
+
+		tx.Where("journal_id IN ?", journalIDs).Delete(&models.SliceOfLife{})
+		tx.Where("id IN ?", journalIDs).Delete(&models.Journal{})
+	}
+
+	// LifeEventCategory cascade: LifeEvent → LifeEventType → LifeEventCategory
+	var categoryIDs []uint
+	tx.Model(&models.LifeEventCategory{}).Where("vault_id = ?", vaultID).Pluck("id", &categoryIDs)
+	if len(categoryIDs) > 0 {
+		var typeIDs []uint
+		tx.Model(&models.LifeEventType{}).Where("life_event_category_id IN ?", categoryIDs).Pluck("id", &typeIDs)
+		if len(typeIDs) > 0 {
+			tx.Where("life_event_type_id IN ?", typeIDs).Delete(&models.LifeEvent{})
+			tx.Where("id IN ?", typeIDs).Delete(&models.LifeEventType{})
+		}
+		tx.Where("id IN ?", categoryIDs).Delete(&models.LifeEventCategory{})
+	}
+
+	// TimelineEvent cascade: LifeEvent (by timeline_event_id) → TimelineEventParticipant → TimelineEvent
+	var timelineIDs []uint
+	tx.Model(&models.TimelineEvent{}).Where("vault_id = ?", vaultID).Pluck("id", &timelineIDs)
+	if len(timelineIDs) > 0 {
+		tx.Where("timeline_event_id IN ?", timelineIDs).Delete(&models.LifeEvent{})
+		tx.Where("timeline_event_id IN ?", timelineIDs).Delete(&models.TimelineEventParticipant{})
+		tx.Where("id IN ?", timelineIDs).Delete(&models.TimelineEvent{})
+	}
+
+	// AddressBookSubscription cascade: DavSyncLog + ContactSubscriptionState → AddressBookSubscription
+	var subIDs []string
+	tx.Model(&models.AddressBookSubscription{}).Where("vault_id = ?", vaultID).Pluck("id", &subIDs)
+	if len(subIDs) > 0 {
+		tx.Where("address_book_subscription_id IN ?", subIDs).Delete(&models.DavSyncLog{})
+		tx.Where("address_book_subscription_id IN ?", subIDs).Delete(&models.ContactSubscriptionState{})
+		tx.Where("id IN ?", subIDs).Delete(&models.AddressBookSubscription{})
+	}
+
+	// --- Simple vault-level tables (no children of their own, or children already deleted) ---
+
+	vaultChildModels := []interface{}{
+		&models.ContactImportantDateType{},
+		&models.MoodTrackingParameter{},
+		&models.VaultQuickFactsTemplate{},
+		&models.Label{},
+		&models.Company{},
+		&models.Group{},
+		&models.Tag{},
+		&models.Loan{},
+		&models.File{},
+		&models.Address{},
+		&models.LifeMetric{},
+		&models.Note{}, // Notes with vault_id but no contact (edge case safety)
+		&models.ContactVaultUser{},
+		&models.UserVault{},
+	}
+	for _, m := range vaultChildModels {
+		if err := tx.Where("vault_id = ?", vaultID).Delete(m).Error; err != nil {
+			return err
+		}
+	}
+
+	// Step 4: Delete contacts (including soft-deleted ones via Unscoped).
+	if err := tx.Unscoped().Where("vault_id = ?", vaultID).Delete(&models.Contact{}).Error; err != nil {
+		return err
+	}
+
+	// Step 5: Delete the vault itself.
+	return tx.Where("id = ?", vaultID).Delete(&models.Vault{}).Error
 }
 
 func (s *VaultService) CheckUserVaultAccess(userID, vaultID string, requiredPerm int) error {

server/internal/services/vault_test.go

@@ -315,3 +315,104 @@ func TestCheckUserVaultAccess(t *testing.T) {
 		}
 	})
 }
+
+func TestDeleteVault_CleanupCompleteness(t *testing.T) {
+	svc, accountID, userID := setupVaultTest(t)
+
+	vault, err := svc.CreateVault(accountID, userID, dto.CreateVaultRequest{
+		Name:        "Cleanup Test",
+		Description: "vault to be fully cleaned",
+	}, "en")
+	if err != nil {
+		t.Fatalf("CreateVault failed: %v", err)
+	}
+	vaultID := vault.ID
+	db := svc.db
+
+	if err := svc.DeleteVault(vaultID); err != nil {
+		t.Fatalf("DeleteVault failed: %v", err)
+	}
+
+	type tableCheck struct {
+		name  string
+		model interface{}
+	}
+	vaultTables := []tableCheck{
+		{"ContactImportantDateType", &models.ContactImportantDateType{}},
+		{"MoodTrackingParameter", &models.MoodTrackingParameter{}},
+		{"LifeEventCategory", &models.LifeEventCategory{}},
+		{"VaultQuickFactsTemplate", &models.VaultQuickFactsTemplate{}},
+		{"Label", &models.Label{}},
+		{"Company", &models.Company{}},
+		{"Group", &models.Group{}},
+		{"Tag", &models.Tag{}},
+		{"Loan", &models.Loan{}},
+		{"File", &models.File{}},
+		{"Address", &models.Address{}},
+		{"LifeMetric", &models.LifeMetric{}},
+		{"Note", &models.Note{}},
+		{"Journal", &models.Journal{}},
+		{"TimelineEvent", &models.TimelineEvent{}},
+		{"ContactVaultUser", &models.ContactVaultUser{}},
+		{"UserVault", &models.UserVault{}},
+	}
+	for _, tc := range vaultTables {
+		var count int64
+		db.Model(tc.model).Where("vault_id = ?", vaultID).Count(&count)
+		if count != 0 {
+			t.Errorf("%s: expected 0 records for vault_id=%s, got %d", tc.name, vaultID, count)
+		}
+	}
+
+	var contactCount int64
+	db.Model(&models.Contact{}).Unscoped().Where("vault_id = ?", vaultID).Count(&contactCount)
+	if contactCount != 0 {
+		t.Errorf("Contact: expected 0 records for vault_id=%s, got %d", vaultID, contactCount)
+	}
+
+	var vaultCount int64
+	db.Model(&models.Vault{}).Where("id = ?", vaultID).Count(&vaultCount)
+	if vaultCount != 0 {
+		t.Errorf("Vault: expected 0 records for id=%s, got %d", vaultID, vaultCount)
+	}
+}
+
+func TestDeleteVault_WithForeignKeysEnabled(t *testing.T) {
+	db := testutil.SetupTestDB(t)
+	// Enable foreign key enforcement to simulate PostgreSQL behavior.
+	// With the old incomplete deletion, this would fail due to dangling references.
+	if err := db.Exec("PRAGMA foreign_keys = ON").Error; err != nil {
+		t.Fatalf("Failed to enable foreign keys: %v", err)
+	}
+
+	cfg := testutil.TestJWTConfig()
+	authSvc := NewAuthService(db, cfg)
+
+	regReq := dto.RegisterRequest{
+		FirstName: "FK",
+		LastName:  "Test",
+		Email:     "fk-test@example.com",
+		Password:  "password123",
+	}
+	resp, err := authSvc.Register(regReq, "en")
+	if err != nil {
+		t.Fatalf("Register failed: %v", err)
+	}
+
+	vaultSvc := NewVaultService(db)
+	vault, err := vaultSvc.CreateVault(resp.User.AccountID, resp.User.ID, dto.CreateVaultRequest{
+		Name: "FK Vault",
+	}, "en")
+	if err != nil {
+		t.Fatalf("CreateVault failed: %v", err)
+	}
+
+	if err := vaultSvc.DeleteVault(vault.ID); err != nil {
+		t.Fatalf("DeleteVault with foreign_keys=ON failed: %v", err)
+	}
+
+	_, err = vaultSvc.GetVault(vault.ID, resp.User.ID)
+	if err != ErrVaultNotFound {
+		t.Errorf("Expected ErrVaultNotFound after deletion, got %v", err)
+	}
+}