Add delete-own-user

This commit is contained in:
KernelDeimos 2024-04-14 21:25:37 -04:00
parent ef0da306a8
commit 3b7be8a719
2 changed files with 44 additions and 0 deletions

View File

@ -0,0 +1,43 @@
const eggspress = require("../api/eggspress");
const { deleteUser, invalidate_cached_user } = require("../helpers");
const config = require("../config");
module.exports = eggspress("/delete-own-user", {
subdomain: "api",
auth: true,
allowedMethods: ["POST"],
}, async (req, res, next) => {
const bcrypt = require('bcrypt');
const validate_request = async () => {
const user = req.user;
// `user` should always have a value, but this is checked
// any way in case the auth middleware is broken.
if ( ! user ) return false;
// temporary users don't require password verification
if ( ! user.email && ! user.password ) {
return true;
}
if ( ! req.body.password ) return false;
if ( ! user || ! user.password ) return false;
if ( ! await bcrypt.compare(req.body.password, req.user.password) ) {
return false;
}
return true;
}
if ( ! await validate_request() ) {
return res.status(400).send({ success: false });
}
res.clearCookie(config.cookie_name);
await deleteUser(req.user.id);
invalidate_cached_user(req.user);
return res.send({ success: true });
});

View File

@ -37,6 +37,7 @@ class PuterAPIService extends BaseService {
app.use(require('../routers/auth/check-app')) app.use(require('../routers/auth/check-app'))
app.use(require('../routers/auth/app-uid-from-origin')) app.use(require('../routers/auth/app-uid-from-origin'))
app.use(require('../routers/auth/create-access-token')) app.use(require('../routers/auth/create-access-token'))
app.use(require('../routers/auth/delete-own-user'))
app.use(require('../routers/drivers/call')) app.use(require('../routers/drivers/call'))
app.use(require('../routers/drivers/list-interfaces')) app.use(require('../routers/drivers/list-interfaces'))
app.use(require('../routers/drivers/usage')) app.use(require('../routers/drivers/usage'))