I guess the answer is "I should have saved the user's public key previously"?
@Edent Do you really need to validate a request to delete an user that was already deleted? What's the harm of a spoofed request? Keyspace traversal? An unnecessary database lookup leading to DOS? It's not like you're going to delete it twice.
Edited 12d ago
@hirvox How do I know that they are deleted?
I *guess* that the account 404ing is evidence, but I'm worried it might be a mistake.
@Edent Check the logs in case the original deletion was recent. If the logs might have been deleted.. 🤷
Some big event-sourced systems keep every single event to be able to go back and check, but that kind of forever storage would be illegal in right-of-erasure jurisdictions.
@hirvox as far as I can tell, the deletion was some time ago - and I don't keep longs for that long.