feat(manager-core,dashboard): cascading app delete with styled confirmation modal

Deleting an app used to require zero scripts and zero domain claims — practical for empty apps, painful for anything else. Add an opt-in cascade so the operator can wipe an app in one click while keeping the safe default for the no-flag case. Backend: `DELETE /api/v1/admin/apps/{id}?force=true` runs a single transaction that removes every script in the app (routes and execution logs cascade via `script_id` FK), then deletes the app row (domains and slug-history cascade off it). Without `?force=true` the handler still returns the same `409 HasScripts { script_count }` payload it always did. Frontend: a new `ConfirmModal.svelte` replaces the bare `window.confirm` on this page. It's reusable — danger/neutral variants, optional GitHub-style "type the slug to confirm" gate, ESC/backdrop cancel, busy state, and a generic body slot — so future destructive actions can adopt the same pattern instead of growing more browser dialogs. The app delete confirmation now spells out exactly what disappears (script count, domain claim list, "all routes & logs") and only enables the red button once the slug is retyped. The domain-claim delete is also wired through the modal so this page no longer uses `window.confirm` anywhere. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 21:01:05 +02:00
parent ee0dbc428f
commit ad5492a4bd
5 changed files with 490 additions and 27 deletions
--- a/crates/manager-core/src/app_repo.rs
+++ b/crates/manager-core/src/app_repo.rs
@@ -61,6 +61,11 @@ pub trait AppRepository: Send + Sync {
        take_over_history: bool,
    ) -> Result<App, ScriptRepositoryError>;
    async fn delete(&self, id: AppId) -> Result<(), ScriptRepositoryError>;
+    /// Delete the app along with all its scripts (which in turn cascades
+    /// routes and execution logs via their `script_id` FK). Domains and
+    /// app-slug-history rows cascade off the app row itself. Runs in a
+    /// single transaction so a partial delete cannot be observed.
+    async fn delete_cascade(&self, id: AppId) -> Result<(), ScriptRepositoryError>;
    async fn count_scripts_in_app(&self, id: AppId) -> Result<i64, ScriptRepositoryError>;
 }

@@ -347,6 +352,25 @@ impl AppRepository for PostgresAppRepository {
        }
    }

+    async fn delete_cascade(&self, id: AppId) -> Result<(), ScriptRepositoryError> {
+        let mut tx = self.pool.begin().await?;
+        sqlx::query("DELETE FROM scripts WHERE app_id = $1")
+            .bind(id.into_inner())
+            .execute(&mut *tx)
+            .await?;
+        let res = sqlx::query("DELETE FROM apps WHERE id = $1")
+            .bind(id.into_inner())
+            .execute(&mut *tx)
+            .await?;
+        if res.rows_affected() == 0 {
+            return Err(ScriptRepositoryError::Conflict(format!(
+                "app {id} not found"
+            )));
+        }
+        tx.commit().await?;
+        Ok(())
+    }
+
    async fn count_scripts_in_app(&self, id: AppId) -> Result<i64, ScriptRepositoryError> {
        let count: (i64,) = sqlx::query_as("SELECT COUNT(*) FROM scripts WHERE app_id = $1")
            .bind(id.into_inner())
--- a/crates/manager-core/src/apps_api.rs
+++ b/crates/manager-core/src/apps_api.rs
@@ -11,7 +11,7 @@

 use std::sync::Arc;

-use axum::extract::{Path, State};
+use axum::extract::{Path, Query, State};
 use axum::http::StatusCode;
 use axum::response::{IntoResponse, Json, Response};
 use axum::routing::{delete, get, post};
@@ -120,6 +120,16 @@ pub struct CreateDomainRequest {
    pub pattern: String,
 }

+/// Query params for `DELETE /apps/{id_or_slug}`. `force=true` opts into
+/// a cascading delete that also removes every script in the app (and
+/// thereby their routes and execution logs). Without it the request is
+/// rejected when the app still contains scripts.
+#[derive(Debug, Default, Deserialize)]
+pub struct DeleteAppQuery {
+    #[serde(default)]
+    pub force: bool,
+}
+
 #[derive(Debug, Serialize)]
 pub struct AppLookupResponse {
    #[serde(flatten)]
@@ -231,17 +241,21 @@ async fn patch_app(
 async fn delete_app(
    State(s): State<AppsState>,
    Path(id_or_slug): Path<String>,
+    Query(q): Query<DeleteAppQuery>,
 ) -> Result<StatusCode, AppsApiError> {
    let app = resolve_app(&*s.apps, &id_or_slug).await?.app;

-    // Soft pre-check for a clean error; the DB FK is the real guard
-    // (ON DELETE RESTRICT on scripts.app_id).
-    let n_scripts = s.apps.count_scripts_in_app(app.id).await?;
-    if n_scripts > 0 {
-        return Err(AppsApiError::HasScripts(n_scripts));
+    if q.force {
+        s.apps.delete_cascade(app.id).await?;
+    } else {
+        // Soft pre-check for a clean error; the DB FK is the real guard
+        // (ON DELETE RESTRICT on scripts.app_id).
+        let n_scripts = s.apps.count_scripts_in_app(app.id).await?;
+        if n_scripts > 0 {
+            return Err(AppsApiError::HasScripts(n_scripts));
+        }
+        s.apps.delete(app.id).await?;
    }
-
-    s.apps.delete(app.id).await?;
    refresh_domain_cache(&s).await?;
    Ok(StatusCode::NO_CONTENT)
 }