feat(backend): add DELETE /users/@me endpoint

2023-03-08 10:32:18 +01:00 · 2023-03-08 10:32:18 +01:00 · ff3d612b06
commit ff3d612b06
parent c4b8b26ec7
9 changed files with 162 additions and 45 deletions
--- a/backend/routes/auth/discord.go
+++ b/backend/routes/auth/discord.go
@ -84,7 +84,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {

 		// TODO: implement user + token permissions
 		tokenID := xid.New()
-		token, err := s.Auth.CreateToken(u.ID, tokenID, false, true)
+		token, err := s.Auth.CreateToken(u.ID, tokenID, false, true, true)
 		if err != nil {
 			return err
 		}
@ -217,7 +217,7 @@ func (s *Server) discordSignup(w http.ResponseWriter, r *http.Request) error {
 	// create token
 	// TODO: implement user + token permissions
 	tokenID := xid.New()
-	token, err := s.Auth.CreateToken(u.ID, tokenID, false, true)
+	token, err := s.Auth.CreateToken(u.ID, tokenID, false, true, true)
 	if err != nil {
 		return errors.Wrap(err, "creating token")
 	}
--- a/backend/routes/user/delete_user.go
+++ b/backend/routes/user/delete_user.go
@ -0,0 +1,42 @@
+package user
+
+import (
+	"net/http"
+
+	"codeberg.org/u1f320/pronouns.cc/backend/server"
+	"emperror.dev/errors"
+	"github.com/go-chi/render"
+)
+
+func (s *Server) deleteUser(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+	claims, _ := server.ClaimsFromContext(ctx)
+
+	if claims.APIToken || !claims.TokenWrite {
+		return server.APIError{Code: server.ErrMissingPermissions}
+	}
+
+	tx, err := s.DB.Begin(ctx)
+	if err != nil {
+		return errors.Wrap(err, "creating transaction")
+	}
+	defer tx.Rollback(ctx)
+
+	err = s.DB.DeleteUser(ctx, tx, claims.UserID, true, "")
+	if err != nil {
+		return errors.Wrap(err, "setting user as deleted")
+	}
+
+	err = s.DB.InvalidateAllTokens(ctx, tx, claims.UserID)
+	if err != nil {
+		return errors.Wrap(err, "invalidating tokens")
+	}
+
+	err = tx.Commit(ctx)
+	if err != nil {
+		return errors.Wrap(err, "committing transaction")
+	}
+
+	render.NoContent(w, r)
+	return nil
+}
--- a/backend/routes/user/routes.go
+++ b/backend/routes/user/routes.go
@ -18,6 +18,7 @@ func Mount(srv *server.Server, r chi.Router) {
 		r.With(server.MustAuth).Group(func(r chi.Router) {
 			r.Get("/@me", server.WrapHandler(s.getMeUser))
 			r.Patch("/@me", server.WrapHandler(s.patchUser))
+			r.Delete("/@me", server.WrapHandler(s.deleteUser))
 		})
 	})
 }