diff --git a/veza-backend-api/internal/handlers/account_deletion_handler.go b/veza-backend-api/internal/handlers/account_deletion_handler.go index 15bce457b..d442720af 100644 --- a/veza-backend-api/internal/handlers/account_deletion_handler.go +++ b/veza-backend-api/internal/handlers/account_deletion_handler.go @@ -22,6 +22,17 @@ type DeleteAccountRequest struct { } // DeleteAccountHandler returns a handler for DELETE /users/me (v0.803 SEC2-05) +// +// @Summary Delete account +// @Description Permanently delete user account with anonymization, session revocation, audit log +// @Tags Users +// @Security BearerAuth +// @Param body body DeleteAccountRequest true "Password, reason, confirm_text (must be DELETE)" +// @Success 200 {object} map[string]interface{} +// @Failure 400 {object} map[string]interface{} +// @Failure 401 {object} map[string]interface{} +// @Failure 500 {object} map[string]interface{} +// @Router /users/me [delete] func DeleteAccountHandler( db *gorm.DB, sessionService *services.SessionService, diff --git a/veza-backend-api/internal/handlers/privacy_handler.go b/veza-backend-api/internal/handlers/privacy_handler.go index a182f7851..1b3f7f21b 100644 --- a/veza-backend-api/internal/handlers/privacy_handler.go +++ b/veza-backend-api/internal/handlers/privacy_handler.go @@ -10,6 +10,15 @@ import ( // PrivacyOptOut sets the CCPA "Do Not Sell" preference for the authenticated user. // v0.803 SEC2-06: CCPA compliance - honors user opt-out request. +// +// @Summary CCPA Do Not Sell opt-out +// @Description Saves the user's Do Not Sell preference (CCPA compliance) +// @Tags Users +// @Security BearerAuth +// @Success 200 {object} map[string]interface{} +// @Failure 401 {object} map[string]interface{} +// @Failure 500 {object} map[string]interface{} +// @Router /users/me/privacy/opt-out [post] func PrivacyOptOut(db *gorm.DB) gin.HandlerFunc { return func(c *gin.Context) { userID, ok := GetUserIDUUID(c)