diff --git a/docs/plans/delete-user-data-extension.md b/docs/plans/delete-user-data-extension.md new file mode 100644 index 0000000..cda46ea --- /dev/null +++ b/docs/plans/delete-user-data-extension.md @@ -0,0 +1,55 @@ +# Plan — GDPR "Delete User Data" Firebase Extension + +- **Status:** Proposed +- **Effort:** Small +- **Firebase services:** Extensions (`firebase/delete-user-data`), Auth, Firestore, Storage, RTDB + +## Overview + +Installing the official "Delete User Data" extension gives the project a compliant, auditable path for "right to be forgotten" requests. It deletes all of a user's data across Firestore, Storage, and RTDB when the user deletes their Firebase Auth account. + +## Configuration + +- **Firestore paths to delete** (use `{UID}` substitution): + - `users/{UID}` + - `users/{UID}/friends/{DOC}` (if migrated to a subcollection; currently an array on the user doc — no extra config needed) + - `fcmTokens/{UID}` + - `claims` — **do not hard-delete**; anonymise instead (see below). + - `recaps/{UID}/periods/{DOC}` +- **Storage paths to delete:** + - `claims-photos/{UID}/` + - `james-audio/` — not user data, do not touch. +- **RTDB paths:** + - `/status/{UID}` (presence plan). + +## Claim anonymisation (extra Function) + +Hard-deleting claims would corrupt leaderboards historically. Instead: + +- Add a Firestore-triggered Function `onUserDeleted` that rewrites the user's claims to `{ uid: "deleted", displayName: "Deleted user" }` before the extension runs. Triggered by `onAuthUserDeleted` and completes within the retry window. + +## In-app path + +- Add "Delete my account" button in Settings. +- Confirmation dialog + re-authentication (Firebase requires recent sign-in for `User.delete()`). +- Call `FirebaseAuth.instance.currentUser!.delete()`. The extension + Function fan-out does the rest. + +## Audit trail + +- Extension writes an audit log by default — keep it. +- Add a simple Firestore doc `deletions/{YYYY-MM-DD}` with counts for internal visibility. + +## Rollout + +- Install extension in a staging project first. +- Manually trigger an account deletion; verify every listed path is cleared. +- Promote to production. + +## Risks + +- Paths misconfigured → partial deletions leaving dangling references. Mitigated by staging dry-run. +- Re-auth failures — document a manual admin path for edge cases. + +## Testing + +- Integration test in staging: create test user with claims, photos, friends; delete; assert no residuals. diff --git a/lib/claim.dart b/lib/claim.dart index 952c5d2..f14cf7e 100644 --- a/lib/claim.dart +++ b/lib/claim.dart @@ -125,11 +125,14 @@ class _ClaimState extends State with TickerProviderStateMixin { postboxes[entry.key as String] = Map.from(entry.value as Map); } + // Cloud Functions serialise JS numbers as either int or double; + // assigning a double to a typed int field throws, so normalise via num. + int asInt(dynamic v) => (v as num?)?.toInt() ?? 0; setState(() { - _count = counts['total'] ?? 0; - _maxPoints = points['max'] ?? 0; - _minPoints = points['min'] ?? 0; - _claimedToday = counts['claimedToday'] ?? 0; + _count = asInt(counts['total']); + _maxPoints = asInt(points['max']); + _minPoints = asInt(points['min']); + _claimedToday = asInt(counts['claimedToday']); _postboxes = postboxes; currentStage = _count > 0 ? ClaimStage.results : ClaimStage.empty; }); diff --git a/lib/nearby.dart b/lib/nearby.dart index 4f743cb..a047335 100644 --- a/lib/nearby.dart +++ b/lib/nearby.dart @@ -113,23 +113,26 @@ class _NearbyState extends State { final claimedCompass = data['claimedCompass'] != null ? Map.from(data['claimedCompass'] as Map) : {}; + // Cloud Functions serialise JS numbers as either int or double; assigning + // a double to a typed int field throws, so normalise every count via num. + int asInt(dynamic v) => (v as num?)?.toInt() ?? 0; setState(() { - _count = counts['total'] ?? 0; - _maxPoints = pts['max'] ?? 0; - _minPoints = pts['min'] ?? 0; + _count = asInt(counts['total']); + _maxPoints = asInt(pts['max']); + _minPoints = asInt(pts['min']); currentStage = NearbyStage.results; for (final dir in const [ 'N', 'NNE', 'NE', 'ENE', 'E', 'ESE', 'SE', 'SSE', 'S', 'SSW', 'SW', 'WSW', 'W', 'WNW', 'NW', 'NNW', ]) { - _compassCounts[dir] = compass[dir] ?? 0; - _claimedCompassCounts[dir] = claimedCompass[dir] ?? 0; + _compassCounts[dir] = asInt(compass[dir]); + _claimedCompassCounts[dir] = asInt(claimedCompass[dir]); } - _claimedToday = counts['claimedToday'] ?? 0; + _claimedToday = asInt(counts['claimedToday']); for (final cipher in MonarchInfo.all) { - _cipherTotals[cipher] = counts[cipher] ?? 0; - _cipherClaimed[cipher] = counts['${cipher}_claimed'] ?? 0; + _cipherTotals[cipher] = asInt(counts[cipher]); + _cipherClaimed[cipher] = asInt(counts['${cipher}_claimed']); } _lastScanned = DateTime.now(); }); diff --git a/lib/wear/wear_claim_page.dart b/lib/wear/wear_claim_page.dart index 32e1baf..b8f2445 100644 --- a/lib/wear/wear_claim_page.dart +++ b/lib/wear/wear_claim_page.dart @@ -52,8 +52,10 @@ class _WearClaimPageState extends State { }); if (!mounted) return; final counts = result.data['counts'] ?? {}; - final total = (counts['total'] as int?) ?? 0; - final claimed = (counts['claimedToday'] as int?) ?? 0; + // Cloud Functions serialise JS numbers as either int or double; `as int?` + // would throw on a double, so normalise via num. + final total = (counts['total'] as num?)?.toInt() ?? 0; + final claimed = (counts['claimedToday'] as num?)?.toInt() ?? 0; _postboxes = Map.from(result.data['postboxes'] ?? {}); setState(() { _count = total; diff --git a/lib/wear/wear_compass_page.dart b/lib/wear/wear_compass_page.dart index 8ab96c3..48174e2 100644 --- a/lib/wear/wear_compass_page.dart +++ b/lib/wear/wear_compass_page.dart @@ -75,8 +75,13 @@ class _WearCompassPageState extends State { final counts = result.data['counts'] ?? {}; final compassRaw = result.data['compass'] ?? {}; setState(() { - _totalCount = (counts['total'] as int?) ?? 0; - _compassCounts = Map.from(compassRaw); + // Cloud Functions serialise JS numbers as either int or double; + // `as int?` would throw on a double, so normalise via num. + _totalCount = (counts['total'] as num?)?.toInt() ?? 0; + _compassCounts = { + for (final e in (compassRaw as Map).entries) + e.key as String: (e.value as num).toInt(), + }; _stage = _CompassStage.results; }); // Haptic pulse to signal scan complete. @@ -206,7 +211,13 @@ class _WearCompassPageState extends State { angle: -rotation, child: CustomPaint( size: Size(size, size), - painter: FuzzyCompassPainter(sectors: sectorValues), + // Pass rotation so the painter counter-rotates the 'N' label; + // otherwise it spins with the canvas and is unreadable whenever + // the watch is not pointing north. + painter: FuzzyCompassPainter( + sectors: sectorValues, + rotation: rotation, + ), ), ), // Centre count overlay (doesn't rotate) diff --git a/lib/wear/wear_status_page.dart b/lib/wear/wear_status_page.dart index 6a2147a..093233d 100644 --- a/lib/wear/wear_status_page.dart +++ b/lib/wear/wear_status_page.dart @@ -18,10 +18,14 @@ class WearStatusPage extends StatefulWidget { class _WearStatusPageState extends State { final StreakService _streakService = StreakService(); late final Stream _streakStream = _streakService.streakStream(); + // Cache so the StreamBuilder doesn't re-subscribe (and briefly show empty + // stats) on every rebuild. Computed once in initState from the uid at mount. + late final Stream>>? _userDocStream = + _buildUserDocStream(); String? get _displayName => FirebaseAuth.instance.currentUser?.displayName; - Stream>>? _userDocStream() { + Stream>>? _buildUserDocStream() { final uid = FirebaseAuth.instance.currentUser?.uid; if (uid == null) return null; return FirebaseFirestore.instance.collection('users').doc(uid).snapshots(); @@ -71,7 +75,7 @@ class _WearStatusPageState extends State { // Lifetime points StreamBuilder>>( - stream: _userDocStream(), + stream: _userDocStream, builder: (context, snap) { final data = snap.data?.data(); final lifetimePoints =