feat: add account deletion feature (#85)
* feat: add account deletion feature - Add DELETE /auth/me endpoint to delete user account and all data - Add deleteAccount() method to AuthContext - Add Delete Account button with confirmation modal in UserProfile - Add danger zone styling (.btn-danger, .profile-danger-zone) - Add i18n translations for EN and DE - Add backend tests for account deletion endpoint - Add timeout settings to frontend vitest.config.ts - Reduce CI timeout for frontend tests (10min -> 5min) * fix: improve delete account section layout - Make profile modal scrollable with max-height - Add proper horizontal margin to danger zone - Align delete section with form content * fix: use ConfirmModal component for delete account dialog - Replace inline modal with existing ConfirmModal component - Ensures consistent button styling across all modals - Add UI consistency rule to AGENTS.md and copilot-instructions.md * fix: consistent styling for delete account section - Remove warning text (users know what delete means) - Remove border-bottom from danger zone title (section has border-top) - Update copilot-instructions and AGENTS.md with stricter UI consistency rules - Remove unused deleteAccountHint i18n keys * chore: remove pre-push test hook (CI handles tests) Tests were running twice - in pre-push hook and GitHub CI. Removing local pre-push tests since CI provides authoritative test results. Use 'npm test' manually before pushing if you want local feedback.
This commit is contained in:
Daniel Volz
GitHub
@@ -534,4 +534,44 @@ export async function authRoutes(app: FastifyInstance) {
|
||||
return { ok: true };
|
||||
}
|
||||
);
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// DELETE /auth/me - Delete user account and all data
|
||||
// ---------------------------------------------------------------------------
|
||||
app.delete(
|
||||
"/auth/me",
|
||||
{
|
||||
preHandler: requireAuth,
|
||||
config: { rateLimit: sensitiveRateLimitConfig },
|
||||
},
|
||||
async (request, reply) => {
|
||||
const authUser = request.user as unknown as AuthUser | null;
|
||||
if (!authUser) {
|
||||
return reply.status(401).send({ error: "Not authenticated" });
|
||||
}
|
||||
|
||||
// Delete avatar file if exists
|
||||
const [user] = await db.select().from(users).where(eq(users.id, authUser.id));
|
||||
if (user?.avatarUrl) {
|
||||
const fs = await import("node:fs/promises");
|
||||
const path = await import("node:path");
|
||||
try {
|
||||
await fs.unlink(path.join(process.cwd(), "data", "images", user.avatarUrl));
|
||||
} catch {
|
||||
// Ignore if file doesn't exist
|
||||
}
|
||||
}
|
||||
|
||||
// Delete user - cascade delete handles all related data
|
||||
await db.delete(users).where(eq(users.id, authUser.id));
|
||||
|
||||
app.log.info(`User deleted account: ${authUser.username} (ID: ${authUser.id})`);
|
||||
|
||||
// Clear auth cookies
|
||||
return reply
|
||||
.clearCookie("access_token", app.config.cookieOptions)
|
||||
.clearCookie("refresh_token", app.config.refreshCookieOptions)
|
||||
.send({ ok: true, message: "Account deleted" });
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user