summaryrefslogtreecommitdiff
path: root/lib/web
diff options
context:
space:
mode:
authorSheogorath2018-05-25 15:20:38 +0200
committerSheogorath2018-05-25 15:24:47 +0200
commit4229084c6211db3d22cd9abec99b957725650b9e (patch)
tree749b093a9507f63662d5714eafbc1a902ee16b63 /lib/web
parent408ab7ae1dfa5d1c7dedb2f9fde239596520b2e6 (diff)
Add delete function for authenticated users
Allow users to delete themselbes. This is require to be GDPR compliant. See: https://gdpr-info.eu/art-17-gdpr/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
-rw-r--r--lib/web/userRouter.js24
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js
index 963961c7..b8bd9154 100644
--- a/lib/web/userRouter.js
+++ b/lib/web/userRouter.js
@@ -3,6 +3,7 @@
const Router = require('express').Router
const response = require('../response')
+const config = require('../config')
const models = require('../models')
const logger = require('../logger')
const {generateAvatar} = require('../letter-avatars')
@@ -36,6 +37,29 @@ UserRouter.get('/me', function (req, res) {
}
})
+// delete the currently authenticated user
+UserRouter.get('/me/delete', function (req, res) {
+ if (req.isAuthenticated()) {
+ models.User.findOne({
+ where: {
+ id: req.user.id
+ }
+ }).then(function (user) {
+ if (!user) { return response.errorNotFound(res) }
+ user.destroy().then(function () {
+ res.redirect(config.serverURL + '/')
+ })
+ }).catch(function (err) {
+ logger.error('delete user failed: ' + err)
+ return response.errorInternalError(res)
+ })
+ } else {
+ res.send({
+ status: 'forbidden'
+ })
+ }
+})
+
UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
res.setHeader('Content-Type', 'image/svg+xml')
res.setHeader('Cache-Control', 'public, max-age=86400')