From 4229084c6211db3d22cd9abec99b957725650b9e Mon Sep 17 00:00:00 2001
From: Sheogorath
Date: Fri, 25 May 2018 15:20:38 +0200
Subject: Add delete function for authenticated users

Allow users to delete themselbes. This is require to be GDPR compliant.

See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 lib/web/userRouter.js | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'lib/web/userRouter.js')

diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js
index 963961c7..b8bd9154 100644
--- a/lib/web/userRouter.js
+++ b/lib/web/userRouter.js
@@ -3,6 +3,7 @@
 const Router = require('express').Router
 
 const response = require('../response')
+const config = require('../config')
 const models = require('../models')
 const logger = require('../logger')
 const {generateAvatar} = require('../letter-avatars')
@@ -36,6 +37,29 @@ UserRouter.get('/me', function (req, res) {
   }
 })
 
+// delete the currently authenticated user
+UserRouter.get('/me/delete', function (req, res) {
+  if (req.isAuthenticated()) {
+    models.User.findOne({
+      where: {
+        id: req.user.id
+      }
+    }).then(function (user) {
+      if (!user) { return response.errorNotFound(res) }
+      user.destroy().then(function () {
+        res.redirect(config.serverURL + '/')
+      })
+    }).catch(function (err) {
+      logger.error('delete user failed: ' + err)
+      return response.errorInternalError(res)
+    })
+  } else {
+    res.send({
+      status: 'forbidden'
+    })
+  }
+})
+
 UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
   res.setHeader('Content-Type', 'image/svg+xml')
   res.setHeader('Cache-Control', 'public, max-age=86400')
-- 
cgit v1.2.3