feature: Implement user deletion.

2024-04-21 18:14:16 -04:00 · 2024-04-21 18:14:16 -04:00 · 0db9e69b1b
commit 0db9e69b1b
parent 37886c769d
7 changed files with 95 additions and 23 deletions
--- a/src/index.ts
+++ b/src/index.ts
@ -11,6 +11,7 @@ import { route as backendCreate } from "./routes/backends/create.js";

 import { route as forwardCreate } from "./routes/forward/create.js";

+import { route as userRemove } from "./routes/user/remove.js";
 import { route as userCreate } from "./routes/user/create.js";
 import { route as userLogin } from "./routes/user/login.js";

@ -39,11 +40,12 @@ const fastify = Fastify({
 });

 getPermissions(fastify, prisma, sessionTokens, serverOptions);
-
+ 
 backendCreate(fastify, prisma, sessionTokens, serverOptions);

 forwardCreate(fastify, prisma, sessionTokens, serverOptions);

+userRemove(fastify, prisma, sessionTokens, serverOptions);
 userCreate(fastify, prisma, sessionTokens, serverOptions);
 userLogin(fastify, prisma, sessionTokens, serverOptions);

--- a/src/routes/user/remove.ts
+++ b/src/routes/user/remove.ts
@ -0,0 +1,58 @@
+import type { PrismaClient } from "@prisma/client";
+import type { FastifyInstance } from "fastify";
+
+import { ServerOptions, SessionToken } from "../../libs/types.js";
+import { hasPermissionByToken } from "../../libs/permissions.js";
+
+export function route(fastify: FastifyInstance, prisma: PrismaClient, tokens: Record<number, SessionToken[]>, options: ServerOptions) {
+  function hasPermission(token: string, permissionList: string[]): Promise<boolean> {
+    return hasPermissionByToken(permissionList, token, tokens, prisma);
+  };
+  
+  /**
+   * Creates a new backend to use
+   */
+  fastify.post("/api/v1/users/remove", {
+    schema: {
+      body: {
+        type: "object",
+        required: ["token", "uid"],
+
+        properties: {
+          token:             { type: "string" },
+          uid:               { type: "number" }
+        }
+      }
+    }
+  }, async(req, res) => {
+    // @ts-ignore
+    const body: {
+      token: string,
+      uid: number
+    } = req.body;
+
+    if (!await hasPermission(body.token, [
+      "users.remove"
+    ])) {
+      return res.status(403).send({
+        error: "Unauthorized"
+      });
+    };
+
+    await prisma.permission.deleteMany({
+      where: {
+        userID: body.uid
+      }
+    });
+
+    await prisma.user.delete({
+      where: {
+        id: body.uid
+      }
+    });
+
+    return {
+      success: true
+    }
+  });
+};