ModelEngine-Group
diff --git a/‎backend/apps/user_management_app.py‎
Lines changed: 48 additions & 3 deletions b/‎backend/apps/user_management_app.py‎
Lines changed: 48 additions & 3 deletions
diff --git a/‎backend/consts/const.py‎
Lines changed: 1 addition & 0 deletions b/‎backend/consts/const.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎backend/database/conversation_db.py‎
Lines changed: 61 additions & 0 deletions b/‎backend/database/conversation_db.py‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎backend/database/memory_config_db.py‎
Lines changed: 18 additions & 0 deletions b/‎backend/database/memory_config_db.py‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎backend/database/user_tenant_db.py‎
Lines changed: 26 additions & 0 deletions b/‎backend/database/user_tenant_db.py‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎backend/services/model_management_service.py‎
Lines changed: 36 additions & 2 deletions b/‎backend/services/model_management_service.py‎
Lines changed: 36 additions & 2 deletions
diff --git a/‎backend/services/user_management_service.py‎
Lines changed: 86 additions & 2 deletions b/‎backend/services/user_management_service.py‎
Lines changed: 86 additions & 2 deletions
diff --git a/‎backend/utils/auth_utils.py‎
Lines changed: 11 additions & 2 deletions b/‎backend/utils/auth_utils.py‎
Lines changed: 11 additions & 2 deletions
@@ -11,7 +11,7 @@
 from consts.exceptions import NoInviteCodeException, IncorrectInviteCodeException, UserRegistrationException
 from services.user_management_service import get_authorized_client, validate_token, \
     check_auth_service_health, signup_user, signin_user, refresh_user_token, \
-    get_session_by_authorization
+    get_session_by_authorization, revoke_regular_user
 from consts.exceptions import UnauthorizedError
 from utils.auth_utils import get_current_user_id
 
@@ -69,7 +69,7 @@ async def signup(request: UserSignUpRequest):
                             detail="EMAIL_ALREADY_EXISTS")
     except AuthWeakPasswordError as e:
         logging.error(f"User registration failed by weak password: {str(e)}")
-        raise HTTPException(status_code=HTTPStatus.UNPROCESSABLE_ENTITY,
+        raise HTTPException(status_code=HTTPStatus.NOT_ACCEPTABLE,
                             detail="WEAK_PASSWORD")
     except Exception as e:
         logging.error(f"User registration failed, unknown error: {str(e)}")
@@ -87,7 +87,7 @@ async def signin(request: UserSignInRequest):
                             content=signin_content)
     except AuthApiError as e:
         logging.error(f"User login failed: {str(e)}")
-        raise HTTPException(status_code=HTTPStatus.UNPROCESSABLE_ENTITY,
+        raise HTTPException(status_code=HTTPStatus.UNAUTHORIZED,
                             detail="Email or password error")
     except Exception as e:
         logging.error(f"User login failed, unknown error: {str(e)}")
@@ -200,3 +200,48 @@ async def get_user_id(request: Request):
         logging.error(f"Get user ID failed: {str(e)}")
         raise HTTPException(status_code=HTTPStatus.INTERNAL_SERVER_ERROR,
                             detail="Get user ID failed")
+
+
+@router.post("/revoke")
+async def revoke_user_account(request: Request):
+    """Delete current regular user's account and purge related data.
+
+    Notes:
+    - Tenant admin (role=admin) is not allowed to be revoked via this endpoint.
+    - Idempotent: local deletions are soft deletes; Supabase deletion may already have occurred.
+    """
+    authorization = request.headers.get("Authorization")
+    if not authorization:
+        raise HTTPException(status_code=HTTPStatus.UNAUTHORIZED,
+                            detail="No authorization token provided")
+    try:
+        # Identify current user and tenant
+        user_id, tenant_id = get_current_user_id(authorization)
+
+        # Determine role via token validation
+        is_valid, user = validate_token(authorization.replace("Bearer ", ""))
+        if not is_valid or not user:
+            raise UnauthorizedError("User not logged in or session invalid")
+
+        # Extract role from user metadata
+        user_role = "user"
+        if getattr(user, "user_metadata", None) and 'role' in user.user_metadata:
+            user_role = user.user_metadata['role']
+
+        # Disallow admin revocation by this endpoint
+        if user_role == "admin":
+            raise HTTPException(status_code=HTTPStatus.FORBIDDEN,
+                                detail="Admin account cannot be deleted via this endpoint")
+
+        # Orchestrate revoke for regular user
+        await revoke_regular_user(user_id=user_id, tenant_id=tenant_id)
+
+        return JSONResponse(status_code=HTTPStatus.OK, content={"message": "User account revoked"})
+    except UnauthorizedError as e:
+        raise HTTPException(status_code=HTTPStatus.UNAUTHORIZED, detail=str(e))
+    except HTTPException:
+        raise
+    except Exception as e:
+        logging.error(f"User revoke failed: {str(e)}")
+        raise HTTPException(
+            status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail="User revoke failed")
@@ -37,6 +37,7 @@
 # Supabase Configuration
 SUPABASE_URL = os.getenv('SUPABASE_URL')
 SUPABASE_KEY = os.getenv('SUPABASE_KEY')
+SERVICE_ROLE_KEY = os.getenv('SERVICE_ROLE_KEY', SUPABASE_KEY)
 
 
 # ===== To be migrated to frontend configuration =====
 
@@ -411,6 +411,67 @@ def delete_conversation(conversation_id: int, user_id: Optional[str] = None) ->
         return conversation_result.rowcount > 0
 
 
+def soft_delete_all_conversations_by_user(user_id: str) -> int:
+    """
+    Soft-delete all conversations and related records created by a user.
+
+    Returns the number of conversations marked as deleted.
+    """
+    with get_db_session() as session:
+        update_data = {
+            "delete_flag": 'Y',
+            "update_time": func.current_timestamp()
+        }
+
+        # 1) Find all conversation ids created by the user
+        conv_ids = session.scalars(
+            select(ConversationRecord.conversation_id).where(
+                ConversationRecord.delete_flag == 'N',
+                ConversationRecord.created_by == user_id,
+            )
+        ).all()
+
+        if not conv_ids:
+            return 0
+
+        # 2) Mark conversations as deleted
+        session.execute(
+            update(ConversationRecord)
+            .where(ConversationRecord.conversation_id.in_(conv_ids), ConversationRecord.delete_flag == 'N')
+            .values(update_data)
+        )
+
+        # 3) Mark messages as deleted
+        session.execute(
+            update(ConversationMessage)
+            .where(ConversationMessage.conversation_id.in_(conv_ids), ConversationMessage.delete_flag == 'N')
+            .values(update_data)
+        )
+
+        # 4) Mark message units as deleted
+        session.execute(
+            update(ConversationMessageUnit)
+            .where(ConversationMessageUnit.conversation_id.in_(conv_ids), ConversationMessageUnit.delete_flag == 'N')
+            .values(update_data)
+        )
+
+        # 5) Mark search sources as deleted
+        session.execute(
+            update(ConversationSourceSearch)
+            .where(ConversationSourceSearch.conversation_id.in_(conv_ids), ConversationSourceSearch.delete_flag == 'N')
+            .values(update_data)
+        )
+
+        # 6) Mark image sources as deleted
+        session.execute(
+            update(ConversationSourceImage)
+            .where(ConversationSourceImage.conversation_id.in_(conv_ids), ConversationSourceImage.delete_flag == 'N')
+            .values(update_data)
+        )
+
+        return len(conv_ids)
+
+
 def update_message_opinion(message_id: int, opinion: str, user_id: Optional[str] = None) -> bool:
     """
     Update message like/dislike status
 
@@ -88,3 +88,21 @@ def update_config_by_id(config_id: int, update_data: Dict[str, Any]) -> bool:
         except Exception:
             session.rollback()
             return False
+
+
+def soft_delete_all_configs_by_user_id(user_id: str, actor: str) -> bool:
+    """Soft-delete all memory user config records for a user."""
+    with get_db_session() as session:
+        try:
+            session.query(MemoryUserConfig).filter(
+                MemoryUserConfig.user_id == user_id,
+                MemoryUserConfig.delete_flag == "N",
+            ).update({
+                "delete_flag": "Y",
+                "updated_by": actor,
+            })
+            session.commit()
+            return True
+        except Exception:
+            session.rollback()
+            return False
@@ -66,3 +66,29 @@ def insert_user_tenant(user_id: str, tenant_id: str):
             updated_by=user_id
         )
         session.add(user_tenant)
+
+
+def soft_delete_user_tenant_by_user_id(user_id: str, actor: Optional[str] = None) -> bool:
+    """
+    Soft delete user-tenant relationship(s) for the specified user.
+
+    Args:
+        user_id: User ID
+        actor: Updated_by field value
+
+    Returns:
+        bool: Whether any rows were affected
+    """
+    with get_db_session() as session:
+        # Build soft-delete update
+        update_data: Dict[str, Any] = {"delete_flag": "Y"}
+        if actor:
+            update_data["updated_by"] = actor
+
+        result = (
+            session.query(UserTenant)
+            .filter(UserTenant.user_id == user_id, UserTenant.delete_flag == "N")
+            .update(update_data, synchronize_session=False)
+        )
+
+        return result > 0
@@ -25,6 +25,9 @@
     split_repo_name,
     sort_models_by_id,
 )
+from utils.memory_utils import build_memory_config as build_memory_config_for_tenant
+from services.elasticsearch_service import get_es_core
+from nexent.memory.memory_service import clear_model_memories
 
 logger = logging.getLogger("model_management_service")
 
@@ -227,11 +230,42 @@ async def delete_model_for_tenant(user_id: str, tenant_id: str, display_name: st
 
         deleted_types: List[str] = []
         if model.get("model_type") in ["embedding", "multi_embedding"]:
+            # Fetch both variants once to avoid repeated lookups
+            models_by_type: Dict[str, Dict[str, Any]] = {}
             for t in ["embedding", "multi_embedding"]:
                 m = get_model_by_display_name(display_name, tenant_id)
                 if m and m.get("model_type") == t:
-                    delete_model_record(m["model_id"], user_id, tenant_id)
-                    deleted_types.append(t)
+                    models_by_type[t] = m
+
+            # Best-effort memory cleanup using the fetched variants
+            try:
+                es_core = get_es_core()
+                base_memory_config = build_memory_config_for_tenant(tenant_id)
+                for t, m in models_by_type.items():
+                    try:
+                        await clear_model_memories(
+                            es_core=es_core,
+                            model_repo=m.get("model_repo", ""),
+                            model_name=m.get("model_name", ""),
+                            embedding_dims=int(m.get("max_tokens") or 0),
+                            base_memory_config=base_memory_config,
+                        )
+                    except Exception as cleanup_exc:
+                        logger.warning(
+                            "Best-effort clear_model_memories failed for %s/%s dims=%s: %s",
+                            m.get("model_repo", ""),
+                            m.get("model_name", ""),
+                            m.get("max_tokens"),
+                            cleanup_exc,
+                        )
+            except Exception as outer_cleanup_exc:
+                logger.warning(
+                    "Memory cleanup preparation failed: %s", outer_cleanup_exc)
+
+            # Delete the fetched variants
+            for t, m in models_by_type.items():
+                delete_model_record(m["model_id"], user_id, tenant_id)
+                deleted_types.append(t)
         else:
             delete_model_record(model["model_id"], user_id, tenant_id)
             deleted_types.append(model.get("model_type", "unknown"))
 
@@ -6,12 +6,24 @@
 from supabase import Client
 from pydantic import EmailStr
 
-from utils.auth_utils import get_supabase_client, calculate_expires_at, get_jwt_expiry_seconds
+from utils.auth_utils import (
+    get_supabase_client,
+    get_supabase_admin_client,
+    calculate_expires_at,
+    get_jwt_expiry_seconds,
+)
 from consts.const import INVITE_CODE, SUPABASE_URL, SUPABASE_KEY
 from consts.exceptions import NoInviteCodeException, IncorrectInviteCodeException, UserRegistrationException, UnauthorizedError
 
 from database.model_management_db import create_model_record
-from database.user_tenant_db import insert_user_tenant
+from database.user_tenant_db import insert_user_tenant, soft_delete_user_tenant_by_user_id
+from database.memory_config_db import soft_delete_all_configs_by_user_id
+from database.conversation_db import soft_delete_all_conversations_by_user
+from utils.memory_utils import build_memory_config
+from nexent.memory.memory_service import clear_memory
+
+
+logging.getLogger("user_management_service").setLevel(logging.DEBUG)
 
 
 def set_auth_token_to_client(client: Client, token: str) -> None:
@@ -295,3 +307,75 @@ async def get_session_by_authorization(authorization):
     else:
         # Use domain-specific exception for invalid/expired token
         raise UnauthorizedError("Session is invalid or expired")
+
+
+async def revoke_regular_user(user_id: str, tenant_id: str) -> None:
+    """Revoke a regular user's account and purge related data.
+
+    Steps:
+    1) Soft-delete user-tenant relation rows and memory user configs, and all conversations for the user in PostgreSQL.
+    2) Clear user-level memories in memory store (levels: "user" and "user_agent").
+    3) Permanently delete the user from Supabase using service role key (admin API).
+    """
+    try:
+        logging.debug(f"Start deleting user {user_id} related data...")
+        # 1) PostgreSQL soft-deletes
+        try:
+            soft_delete_user_tenant_by_user_id(user_id, actor=user_id)
+            logging.debug("\tTenant relationship deleted.")
+        except Exception as e:
+            logging.error(
+                f"Failed soft-deleting user-tenant for user {user_id}: {e}")
+
+        try:
+            soft_delete_all_configs_by_user_id(user_id, actor=user_id)
+            logging.debug("\tMemory user configs deleted.")
+        except Exception as e:
+            logging.error(
+                f"Failed soft-deleting memory user configs for user {user_id}: {e}")
+
+        try:
+            deleted_convs = soft_delete_all_conversations_by_user(user_id)
+            logging.debug(f"\t{deleted_convs} conversations deleted")
+        except Exception as e:
+            logging.error(
+                f"Failed soft-deleting conversations for user {user_id}: {e}")
+
+        # 2) Clear memory records
+        try:
+            memory_config = build_memory_config(tenant_id)
+            # Clear user-level memory
+            await clear_memory(
+                memory_level="user",
+                memory_config=memory_config,
+                tenant_id=tenant_id,
+                user_id=user_id,
+            )
+            # Also clear user_agent-level memory for all agents (API clears by user + any agent)
+            await clear_memory(
+                memory_level="user_agent",
+                memory_config=memory_config,
+                tenant_id=tenant_id,
+                user_id=user_id,
+            )
+            logging.debug(
+                "\tMemories under current embedding configuration deleted")
+        except Exception as e:
+            logging.error(f"Failed clearing memory for user {user_id}: {e}")
+
+        # 3) Delete Supabase user using admin API
+        try:
+            admin_client = get_supabase_admin_client()
+            if admin_client and hasattr(admin_client.auth, "admin"):
+                admin_client.auth.admin.delete_user(user_id)
+            else:
+                raise RuntimeError("Supabase admin client not available")
+            logging.debug("\tUser account deleted.")
+        except Exception as e:
+            logging.error(f"Failed deleting supabase user {user_id}: {e}")
+            # prior steps already purged local data
+        logging.info(f"Account {user_id} has been successfully deleted")
+    except Exception as e:
+        logging.error(
+            f"Unexpected error in revoke_regular_user for {user_id}: {e}")
+        # swallow to keep idempotent behavior
@@ -9,7 +9,7 @@
 from fastapi import Request
 from supabase import create_client
 
-from consts.const import DEFAULT_TENANT_ID, DEFAULT_USER_ID, IS_SPEED_MODE, SUPABASE_URL, SUPABASE_KEY, DEBUG_JWT_EXPIRE_SECONDS, LANGUAGE
+from consts.const import DEFAULT_TENANT_ID, DEFAULT_USER_ID, IS_SPEED_MODE, SUPABASE_URL, SUPABASE_KEY, SERVICE_ROLE_KEY, DEBUG_JWT_EXPIRE_SECONDS, LANGUAGE
 from consts.exceptions import LimitExceededError, SignatureValidationError, UnauthorizedError
 from database.user_tenant_db import get_user_tenant_by_user_id
 
@@ -196,14 +196,23 @@ def validate_aksk_authentication(headers: dict, request_body: str = "") -> bool:
 
 
 def get_supabase_client():
-    """Get Supabase client instance with service key for admin operations"""
+    """Get Supabase client instance with regular key (user-context operations)."""
     try:
         return create_client(SUPABASE_URL, SUPABASE_KEY)
     except Exception as e:
         logging.error(f"Failed to create Supabase client: {str(e)}")
         return None
 
 
+def get_supabase_admin_client():
+    """Get Supabase client instance with service role key for admin operations."""
+    try:
+        return create_client(SUPABASE_URL, SERVICE_ROLE_KEY)
+    except Exception as e:
+        logging.error(f"Failed to create Supabase admin client: {str(e)}")
+        return None
+
+
 def get_jwt_expiry_seconds(token: str) -> int:
     """
     Get expiration time from JWT token (seconds)