Add delete function for authenticated users

Allow users to delete themselbes. This is require to be GDPR compliant.

See: https://gdpr-info.eu/art-17-gdpr/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
Sheogorath 2018-05-25 15:20:38 +02:00
parent 408ab7ae1d
commit 4229084c62
No known key found for this signature in database
GPG key ID: 1F05CC3635CDDFFD

View file

@ -3,6 +3,7 @@
const Router = require('express').Router const Router = require('express').Router
const response = require('../response') const response = require('../response')
const config = require('../config')
const models = require('../models') const models = require('../models')
const logger = require('../logger') const logger = require('../logger')
const {generateAvatar} = require('../letter-avatars') const {generateAvatar} = require('../letter-avatars')
@ -36,6 +37,29 @@ UserRouter.get('/me', function (req, res) {
} }
}) })
// delete the currently authenticated user
UserRouter.get('/me/delete', function (req, res) {
if (req.isAuthenticated()) {
models.User.findOne({
where: {
id: req.user.id
}
}).then(function (user) {
if (!user) { return response.errorNotFound(res) }
user.destroy().then(function () {
res.redirect(config.serverURL + '/')
})
}).catch(function (err) {
logger.error('delete user failed: ' + err)
return response.errorInternalError(res)
})
} else {
res.send({
status: 'forbidden'
})
}
})
UserRouter.get('/user/:username/avatar.svg', function (req, res, next) { UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
res.setHeader('Content-Type', 'image/svg+xml') res.setHeader('Content-Type', 'image/svg+xml')
res.setHeader('Cache-Control', 'public, max-age=86400') res.setHeader('Cache-Control', 'public, max-age=86400')