[Data Loss] Note deletion not recoverable — permanently deleted without trash/recovery period

[anshul23102]

Executive Summary

When users delete notes, they're immediately and permanently removed. No trash folder or recovery window exists. Accidental deletions cannot be undone.

Proposed Solution

// Schema: soft delete with recovery period
const NoteSchema = new Schema({
  userId: String,
  title: String,
  content: String,
  createdAt: Date,
  updatedAt: Date,
  deletedAt: Date,  // null if not deleted
  isDeleted: Boolean,  // soft delete flag
});

// Delete endpoint: soft delete
app.delete('/api/notes/:id', authenticateUser, async (req, res) => {
  const note = await Note.findOne({ _id: req.params.id, userId: req.user.id });
  
  if (!note) return res.status(404).json({ error: 'Note not found' });
  
  note.isDeleted = true;
  note.deletedAt = new Date();
  await note.save();
  
  res.json({ message: 'Note deleted. Recover within 30 days.' });
});

// Get notes: exclude soft-deleted
app.get('/api/notes', authenticateUser, async (req, res) => {
  const notes = await Note.find({
    userId: req.user.id,
    isDeleted: false,
  });
  res.json(notes);
});

// Trash/recovery endpoint
app.get('/api/notes/trash', authenticateUser, async (req, res) => {
  const trash = await Note.find({
    userId: req.user.id,
    isDeleted: true,
    deletedAt: { $gt: new Date(Date.now() - 30 * 24 * 60 * 60 * 1000) },  // Last 30 days
  });
  res.json(trash);
});

// Restore endpoint
app.post('/api/notes/:id/restore', authenticateUser, async (req, res) => {
  const note = await Note.findOne({ _id: req.params.id, userId: req.user.id });
  
  if (!note || !note.isDeleted) {
    return res.status(400).json({ error: 'Cannot restore' });
  }
  
  note.isDeleted = false;
  note.deletedAt = null;
  await note.save();
  
  res.json({ message: 'Note restored', note });
});

// Cleanup job: permanently delete after 30 days
setInterval(async () => {
  const thirtyDaysAgo = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000);
  await Note.deleteMany({
    isDeleted: true,
    deletedAt: { $lt: thirtyDaysAgo },
  });
}, 24 * 60 * 60 * 1000);  // Daily cleanup

Checklist

• I have searched existing issues and confirmed this is not a duplicate
• I have read the CONTRIBUTING.md guidelines
• I have provided clear steps to reproduce the issue
• I have described expected vs. actual behavior clearly
• This issue title is clear and specific
• This repository has been verified as NSOC on https://www.nsoc.in/projects

@HarshYadav152 Could you please /assign this issue to me? I would like to implement soft-delete with recovery window under NSOC '26.

/assign

[anshul23102]

Hi @HarshYadav152 👋

I am the author of this issue and would like to work on the fix. This contribution is being made under NSoC 2026 (Nexus Spring of Code).

I have reviewed the issue and am ready to implement the solution. Could you please assign this to me?

Thank you!

[HarshYadav152]

@anshul23102 Go for it.