feat: add idempotent GDPR erasure that safely handles repeated invocations.

[dot-enny]

Closes #847

This PR implements idempotent GDPR user data erasure. Repeated invocations of eraseUserData will now exit cleanly and safely without attempting redundant database writes or creating duplicate audit logs.

Changes Made

• GDPR Service (src/modules/gdpr/gdpr.service.ts):

  • Checks if deletedAt is already set on the user object, and returns { success: true, alreadyErased: true } early if true.
  • Wraps database write operations in a TypeORM database transaction.
  • Employs upsert/orUpdate semantics using a transactional query builder to ensure safe, idempotent updates.

• GDPR Unit Tests (src/modules/gdpr/tests/gdpr.service.spec.ts):

  • Mocked the transaction manager and transactional query builder.
  • Added unit tests verifying that invoking eraseUserData a second time succeeds safely without executing duplicate writes or audit logs.

Verification

Ran GDPR service test suite:

npx jest src/modules/gdpr/tests/gdpr.service.spec.ts


PASS src/modules/gdpr/tests/gdpr.service.spec.ts
  GdprService
    ✓ exports user data and excludes sensitive credential fields (60 ms)
    ✓ erases user data (6 ms)
    ✓ supports idempotent erasure on repeated calls (11 ms)
    ✓ stores consent changes (4 ms)

Test Suites: 1 passed, 1 total
Tests:       4 passed, 4 total

[drips-wave]

@dot-enny Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits