feat: allow unlinking auth providers

2023-03-18 16:54:31 +01:00 · 2023-03-18 16:54:31 +01:00 · b2bc608ec8
commit b2bc608ec8
parent 8f6e280367
7 changed files with 201 additions and 4 deletions
--- a/backend/routes/auth/discord.go
+++ b/backend/routes/auth/discord.go
@ -203,6 +203,39 @@ func (s *Server) discordLink(w http.ResponseWriter, r *http.Request) error {
 	return nil
 }

+func (s *Server) discordUnlink(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+
+	claims, _ := server.ClaimsFromContext(ctx)
+
+	// only site tokens can be used for this endpoint
+	if claims.APIToken || !claims.TokenWrite {
+		return server.APIError{Code: server.ErrInvalidToken}
+	}
+
+	u, err := s.DB.User(ctx, claims.UserID)
+	if err != nil {
+		return errors.Wrap(err, "getting user")
+	}
+
+	if u.Discord == nil {
+		return server.APIError{Code: server.ErrNotLinked}
+	}
+
+	err = u.UnlinkDiscord(ctx, s.DB)
+	if err != nil {
+		return errors.Wrap(err, "updating user in db")
+	}
+
+	fields, err := s.DB.UserFields(ctx, u.ID)
+	if err != nil {
+		return errors.Wrap(err, "getting user fields")
+	}
+
+	render.JSON(w, r, dbUserToUserResponse(u, fields))
+	return nil
+}
+
 type discordSignupRequest struct {
 	Ticket     string `json:"ticket"`
 	Username   string `json:"username"`
--- a/backend/routes/auth/fedi_mastodon.go
+++ b/backend/routes/auth/fedi_mastodon.go
@ -230,6 +230,39 @@ func (s *Server) mastodonLink(w http.ResponseWriter, r *http.Request) error {
 	return nil
 }

+func (s *Server) mastodonUnlink(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+
+	claims, _ := server.ClaimsFromContext(ctx)
+
+	// only site tokens can be used for this endpoint
+	if claims.APIToken || !claims.TokenWrite {
+		return server.APIError{Code: server.ErrInvalidToken}
+	}
+
+	u, err := s.DB.User(ctx, claims.UserID)
+	if err != nil {
+		return errors.Wrap(err, "getting user")
+	}
+
+	if u.Fediverse == nil {
+		return server.APIError{Code: server.ErrNotLinked}
+	}
+
+	err = u.UnlinkFedi(ctx, s.DB)
+	if err != nil {
+		return errors.Wrap(err, "updating user in db")
+	}
+
+	fields, err := s.DB.UserFields(ctx, u.ID)
+	if err != nil {
+		return errors.Wrap(err, "getting user fields")
+	}
+
+	render.JSON(w, r, dbUserToUserResponse(u, fields))
+	return nil
+}
+
 type fediSignupRequest struct {
 	Instance   string `json:"instance"`
 	Ticket     string `json:"ticket"`
--- a/backend/routes/auth/routes.go
+++ b/backend/routes/auth/routes.go
@ -80,12 +80,15 @@ func Mount(srv *server.Server, r chi.Router) {
 			r.Post("/signup", server.WrapHandler(s.discordSignup))
 			// takes discord signup ticket to link to existing account
 			r.With(server.MustAuth).Post("/add-provider", server.WrapHandler(s.discordLink))
+			// removes discord link from existing account
+			r.With(server.MustAuth).Post("/remove-provider", server.WrapHandler(s.discordUnlink))
 		})

 		r.Route("/mastodon", func(r chi.Router) {
 			r.Post("/callback", server.WrapHandler(s.mastodonCallback))
 			r.Post("/signup", server.WrapHandler(s.mastodonSignup))
 			r.With(server.MustAuth).Post("/add-provider", server.WrapHandler(s.mastodonLink))
+			r.With(server.MustAuth).Post("/remove-provider", server.WrapHandler(s.mastodonUnlink))
 		})

 		// invite routes