accountdelete.go (3191B)
1 // GoToSocial 2 // Copyright (C) GoToSocial Authors admin@gotosocial.org 3 // SPDX-License-Identifier: AGPL-3.0-or-later 4 // 5 // This program is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU Affero General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // This program is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU Affero General Public License for more details. 14 // 15 // You should have received a copy of the GNU Affero General Public License 16 // along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 package accounts 19 20 import ( 21 "errors" 22 "net/http" 23 24 "github.com/gin-gonic/gin" 25 apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" 26 apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" 27 "github.com/superseriousbusiness/gotosocial/internal/gtserror" 28 "github.com/superseriousbusiness/gotosocial/internal/oauth" 29 "golang.org/x/crypto/bcrypt" 30 ) 31 32 // AccountDeletePOSTHandler swagger:operation POST /api/v1/accounts/delete accountDelete 33 // 34 // Delete your account. 35 // 36 // --- 37 // tags: 38 // - accounts 39 // 40 // consumes: 41 // - multipart/form-data 42 // 43 // parameters: 44 // - 45 // name: password 46 // in: formData 47 // description: Password of the account user, for confirmation. 48 // type: string 49 // required: true 50 // 51 // security: 52 // - OAuth2 Bearer: 53 // - write:accounts 54 // 55 // responses: 56 // '202': 57 // description: "The account deletion has been accepted and the account will be deleted." 58 // '400': 59 // description: bad request 60 // '401': 61 // description: unauthorized 62 // '404': 63 // description: not found 64 // '406': 65 // description: not acceptable 66 // '500': 67 // description: internal server error 68 func (m *Module) AccountDeletePOSTHandler(c *gin.Context) { 69 authed, err := oauth.Authed(c, true, true, true, true) 70 if err != nil { 71 apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) 72 return 73 } 74 75 form := &apimodel.AccountDeleteRequest{} 76 if err := c.ShouldBind(&form); err != nil { 77 apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) 78 return 79 } 80 81 // Self account delete requires password to ensure it's for real. 82 if form.Password == "" { 83 err = errors.New("no password provided in account delete request") 84 apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) 85 return 86 } 87 88 if err := bcrypt.CompareHashAndPassword([]byte(authed.User.EncryptedPassword), []byte(form.Password)); err != nil { 89 err = errors.New("invalid password provided in account delete request") 90 apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1) 91 return 92 } 93 94 if errWithCode := m.processor.Account().DeleteSelf(c.Request.Context(), authed.Account); errWithCode != nil { 95 apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) 96 return 97 } 98 99 c.JSON(http.StatusAccepted, gin.H{"message": "accepted"}) 100 }