diff options
| author | Sheogorath | 2018-05-25 15:20:38 +0200 |
|---|---|---|
| committer | Sheogorath | 2018-05-25 15:24:47 +0200 |
| commit | 4229084c6211db3d22cd9abec99b957725650b9e (patch) | |
| tree | 749b093a9507f63662d5714eafbc1a902ee16b63 /lib/web | |
| parent | 408ab7ae1dfa5d1c7dedb2f9fde239596520b2e6 (diff) | |
Add delete function for authenticated users
Allow users to delete themselbes. This is require to be GDPR compliant.
See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to 'lib/web')
| -rw-r--r-- | lib/web/userRouter.js | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js index 963961c7..b8bd9154 100644 --- a/lib/web/userRouter.js +++ b/lib/web/userRouter.js @@ -3,6 +3,7 @@ const Router = require('express').Router const response = require('../response') +const config = require('../config') const models = require('../models') const logger = require('../logger') const {generateAvatar} = require('../letter-avatars') @@ -36,6 +37,29 @@ UserRouter.get('/me', function (req, res) { } }) +// delete the currently authenticated user +UserRouter.get('/me/delete', function (req, res) { + if (req.isAuthenticated()) { + models.User.findOne({ + where: { + id: req.user.id + } + }).then(function (user) { + if (!user) { return response.errorNotFound(res) } + user.destroy().then(function () { + res.redirect(config.serverURL + '/') + }) + }).catch(function (err) { + logger.error('delete user failed: ' + err) + return response.errorInternalError(res) + }) + } else { + res.send({ + status: 'forbidden' + }) + } +}) + UserRouter.get('/user/:username/avatar.svg', function (req, res, next) { res.setHeader('Content-Type', 'image/svg+xml') res.setHeader('Cache-Control', 'public, max-age=86400') |