From 4229084c6211db3d22cd9abec99b957725650b9e Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Fri, 25 May 2018 15:20:38 +0200 Subject: [PATCH] Add delete function for authenticated users Allow users to delete themselbes. This is require to be GDPR compliant. See: https://gdpr-info.eu/art-17-gdpr/ Signed-off-by: Sheogorath --- lib/web/userRouter.js | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js index 963961c..b8bd915 100644 --- a/lib/web/userRouter.js +++ b/lib/web/userRouter.js @@ -3,6 +3,7 @@ const Router = require('express').Router const response = require('../response') +const config = require('../config') const models = require('../models') const logger = require('../logger') const {generateAvatar} = require('../letter-avatars') @@ -36,6 +37,29 @@ UserRouter.get('/me', function (req, res) { } }) +// delete the currently authenticated user +UserRouter.get('/me/delete', function (req, res) { + if (req.isAuthenticated()) { + models.User.findOne({ + where: { + id: req.user.id + } + }).then(function (user) { + if (!user) { return response.errorNotFound(res) } + user.destroy().then(function () { + res.redirect(config.serverURL + '/') + }) + }).catch(function (err) { + logger.error('delete user failed: ' + err) + return response.errorInternalError(res) + }) + } else { + res.send({ + status: 'forbidden' + }) + } +}) + UserRouter.get('/user/:username/avatar.svg', function (req, res, next) { res.setHeader('Content-Type', 'image/svg+xml') res.setHeader('Cache-Control', 'public, max-age=86400')