feat: cancel user deletion

backend/routes/auth/discord.go

@@ -3,6 +3,7 @@ package auth
 import (
 	"net/http"
 	"os"
+	"time"
 
 	"codeberg.org/u1f320/pronouns.cc/backend/db"
 	"codeberg.org/u1f320/pronouns.cc/backend/log"
@@ -41,6 +42,9 @@ type discordCallbackResponse struct {
 	Discord       string `json:"discord,omitempty"` // username, for UI purposes
 	Ticket        string `json:"ticket,omitempty"`
 	RequireInvite bool   `json:"require_invite"` // require an invite for signing up
+
+	IsDeleted bool       `json:"is_deleted"`
+	DeletedAt *time.Time `json:"deleted_at,omitempty"`
 }
 
 func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
@@ -77,6 +81,25 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
 
 	u, err := s.DB.DiscordUser(ctx, du.ID)
 	if err == nil {
+		if u.DeletedAt != nil && *u.SelfDelete {
+			// store cancel delete token
+			token := undeleteToken()
+			err = s.saveUndeleteToken(ctx, u.ID, token)
+			if err != nil {
+				log.Errorf("saving undelete token: %v", err)
+				return err
+			}
+
+			render.JSON(w, r, discordCallbackResponse{
+				HasAccount: true,
+				Token:      token,
+				User:       dbUserToUserResponse(u, []db.Field{}),
+				IsDeleted:  true,
+				DeletedAt:  u.DeletedAt,
+			})
+			return nil
+		}
+
 		err = u.UpdateFromDiscord(ctx, s.DB, du)
 		if err != nil {
 			log.Errorf("updating user %v with Discord info: %v", u.ID, err)

backend/routes/auth/routes.go

@@ -78,6 +78,10 @@ func Mount(srv *server.Server, r chi.Router) {
 		r.With(server.MustAuth).Get("/tokens", server.WrapHandler(s.getTokens))
 		r.With(server.MustAuth).Post("/tokens", server.WrapHandler(s.createToken))
 		r.With(server.MustAuth).Delete("/tokens/{id}", server.WrapHandler(s.deleteToken))
+
+		// cancel user delete
+		// uses a special token, so handled in the function itself
+		r.Get("/cancel-delete", server.WrapHandler(s.cancelDelete))
 	})
 }
 

backend/routes/auth/undelete.go

@@ -0,0 +1,70 @@
+package auth
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"net/http"
+
+	"codeberg.org/u1f320/pronouns.cc/backend/log"
+	"codeberg.org/u1f320/pronouns.cc/backend/server"
+	"emperror.dev/errors"
+	"github.com/go-chi/render"
+	"github.com/mediocregopher/radix/v4"
+	"github.com/rs/xid"
+)
+
+func (s *Server) cancelDelete(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+	token := r.Header.Get("X-Delete-Token")
+	if token == "" {
+		return server.APIError{Code: server.ErrForbidden}
+	}
+
+	id, err := s.getUndeleteToken(ctx, token)
+	if err != nil {
+		log.Errorf("getting undelete token: %v", err)
+		return server.APIError{Code: server.ErrNotFound} // assume invalid token
+	}
+
+	err = s.DB.UndoDeleteUser(ctx, id)
+	if err != nil {
+		log.Errorf("executing undelete query: %v", err)
+	}
+
+	render.JSON(w, r, map[string]any{"success": true})
+	return nil
+}
+
+func undeleteToken() string {
+	b := make([]byte, 32)
+
+	_, err := rand.Read(b)
+	if err != nil {
+		panic(err)
+	}
+
+	return base64.RawURLEncoding.EncodeToString(b)
+}
+
+func (s *Server) saveUndeleteToken(ctx context.Context, userID xid.ID, token string) error {
+	err := s.DB.Redis.Do(ctx, radix.Cmd(nil, "SET", "undelete:"+token, userID.String(), "EX", "3600"))
+	if err != nil {
+		return errors.Wrap(err, "setting undelete key")
+	}
+	return nil
+}
+
+func (s *Server) getUndeleteToken(ctx context.Context, token string) (userID xid.ID, err error) {
+	var idString string
+	err = s.DB.Redis.Do(ctx, radix.Cmd(&idString, "GET", "undelete:"+token))
+	if err != nil {
+		return userID, errors.Wrap(err, "getting undelete key")
+	}
+
+	userID, err = xid.FromString(idString)
+	if err != nil {
+		return userID, errors.Wrap(err, "parsing ID")
+	}
+	return userID, nil
+}