diff options
| author | Tor Andersson <tor@ccxvii.net> | 2022-09-30 18:36:19 +0200 |
|---|---|---|
| committer | Tor Andersson <tor@ccxvii.net> | 2022-10-05 17:36:50 +0200 |
| commit | 2f0ba65a7b21fe6ef0c6131f73c28a823bcb0b0d (patch) | |
| tree | 266ad66c4f6ec473a25e0530d1f40d6e7e55a15c /server.js | |
| parent | f968d091d6c3f313054b88a048c63280dd73fd31 (diff) | |
| download | server-2f0ba65a7b21fe6ef0c6131f73c28a823bcb0b0d.tar.gz | |
Add "delete account" screen.
Diffstat (limited to 'server.js')
| -rw-r--r-- | server.js | 19 |
1 files changed, 18 insertions, 1 deletions
@@ -264,7 +264,9 @@ const SQL_EXISTS_USER_NAME = SQL("SELECT EXISTS ( SELECT 1 FROM users WHERE name const SQL_EXISTS_USER_MAIL = SQL("SELECT EXISTS ( SELECT 1 FROM users WHERE mail=? )").pluck() const SQL_INSERT_USER = SQL("INSERT INTO users (name,mail,password,salt,notify) VALUES (?,?,?,?,?) RETURNING user_id,name,mail,notify") +const SQL_DELETE_USER = SQL("DELETE FROM users WHERE user_id = ?") +const SQL_SELECT_LOGIN = SQL("SELECT * FROM user_login_view WHERE user_id=?") const SQL_SELECT_USER_BY_NAME = SQL("SELECT * FROM user_view WHERE name=?") const SQL_SELECT_LOGIN_BY_MAIL = SQL("SELECT * FROM user_login_view WHERE mail=?") const SQL_SELECT_LOGIN_BY_NAME = SQL("SELECT * FROM user_login_view WHERE name=?") @@ -544,7 +546,7 @@ app.post('/change-password', must_be_logged_in, function (req, res) { let oldpass = req.body.password let newpass = req.body.newpass // Get full user record including password and salt - let user = SQL_SELECT_LOGIN_BY_MAIL.get(req.user.mail) + let user = SQL_SELECT_LOGIN.get(req.user.user_id) if (newpass.length < 4) return res.render('change_password.pug', { user: req.user, flash: "Password is too short!" }) if (newpass.length > 100) @@ -557,6 +559,21 @@ app.post('/change-password', must_be_logged_in, function (req, res) { return res.redirect('/profile') }) +app.get('/delete-account', must_be_logged_in, function (req, res) { + res.render('delete_account.pug', { user: req.user }) +}) + +app.post('/delete-account', must_be_logged_in, function (req, res) { + let password = req.body.password + // Get full user record including password and salt + let user = SQL_SELECT_LOGIN.get(req.user.user_id) + let hash = hash_password(password, user.salt) + if (hash !== user.password) + return res.render('delete_account.pug', { user: req.user, flash: "Wrong password!" }) + SQL_DELETE_USER.run(req.user.user_id) + return res.send("Goodbye!") +}) + app.get('/admin/ban-user/:who', must_be_administrator, function (req, res) { let who = req.params.who SQL_UPDATE_USER_IS_BANNED.run(1, who) |