✨ Implement account deletion

inp-net · Apr 23, 2023 · 153fb96 · 153fb96 · vercel · Apr 23, 2023
1 parent 84866a5
commit 153fb96
Show file tree

Hide file tree

Showing 2 changed files with 144 additions and 1 deletion.
diff --git a/src/routes/account/+page.server.ts b/src/routes/account/+page.server.ts
@@ -6,6 +6,10 @@ import type { Actions, PageServerLoad } from './$types';
 import { sendMail } from '$lib/server/mail';
 import { CONTACT_EMAIL } from '$lib/constants';
 import { log } from '$lib/server/logging';
+import { deletePhotosFromDisk } from '$lib/server/photos';
+import { publicPath } from '$lib/server/utils';
+import { photoURL } from '$lib/photos';
+import { rmSync } from 'fs';
 
 export const load: PageServerLoad = async ({ locals, url }) => {
 	const { user, session } = await locals.validateUser();
@@ -96,12 +100,17 @@ export const actions: Actions = {
 				template: 'password-changed'
 			});
 		} catch (error) {
-			if (!(error instanceof LuciaError)) throw error;
+			if (!(error instanceof LuciaError)) {
+				await log.fatal('change_password', user, 'unknown NON-LUCIA error', error);
+				throw error;
+			}
 
 			switch (error.message) {
 				case 'AUTH_INVALID_PASSWORD':
+					await log.error('change_password', user, 'invalid credentials');
 					throw redirect(302, '/account' + url.search + '#invalidCredentials');
 				default:
+					await log.fatal('change_password', user, 'unknown error', error);
 					throw error;
 			}
 		}
@@ -119,5 +128,78 @@ export const actions: Actions = {
 				admin: !user.admin
 			}
 		});
+	},
+
+	async deleteAccount({ locals, url, request }) {
+		const { user, session } = await locals.validateUser();
+		guards.loggedIn(user, session, url);
+
+		const { email, password } = Object.fromEntries(await request.formData()) as Record<
+			string,
+			string
+		>;
+		try {
+			await auth.validateKeyPassword('email', email, password);
+		} catch (error) {
+			if (!(error instanceof LuciaError)) {
+				await log.fatal('delete_account', user, 'unknown NON-LUCIA error', error);
+				throw error;
+			}
+
+			switch (error.message) {
+				case 'AUTH_INVALID_PASSWORD':
+				case 'AUTH_INVALID_KEY_ID':
+					await log.error('delete_account', user, 'invalid credentials');
+					throw redirect(
+						302,
+						'/account' + url.search + '#invalidCredentialsDeleteAccount'
+					);
+				default:
+					await log.fatal('delete_account', user, 'unknown error', error);
+					throw error;
+			}
+		}
+
+		const appartments = await prisma.appartment.findMany({
+			where: {
+				ownerId: user.id
+			},
+			include: {
+				photos: true,
+				history: {
+					include: {
+						photos: true
+					}
+				}
+			}
+		});
+		for (const photo of appartments.flatMap((appartment) => [
+			...appartment.photos,
+			...appartment.history.flatMap((h) => h.photos)
+		])) {
+			try {
+				rmSync(publicPath(photoURL(photo)));
+			} catch (error) {
+				if (error?.code !== 'ENOENT') {
+					await log.fatal(
+						'delete_appartment',
+						user,
+						'while deleting a photo while deleting user',
+						error,
+						'with data',
+						{
+							appartmentId: photo.appartmentId,
+							photo
+						}
+					);
+					throw error;
+				}
+			}
+		}
+		await prisma.user.delete({
+			where: { id: user.id }
+		});
+
+		await log.warn('delete_account', null, `deleted ${user.email}`);
 	}
 };
diff --git a/src/routes/account/+page.svelte b/src/routes/account/+page.svelte
@@ -7,12 +7,23 @@
 	import type { PageData } from './$types';
 	import ButtonSecondary from '$lib/ButtonSecondary.svelte';
 	import { page } from '$app/stores';
+	import { addToast, toasts } from '$lib/toasts';
+	import { onMount } from 'svelte';
 	export let data: PageData;
 	$: ({ user } = data);
 
 	let oldPassword: string = '';
 	let oldPasswordIsInvalid: boolean = $page.url.hash === '#invalidCredentials';
+	let wrongCredentialsWhenConfirmingAccountDeletion =
+		$page.url.hash === '#invalidCredentialsDeleteAccount';
 	let newPassword: string = '';
+	let confirmingDeletion = false;
+
+	onMount(() => {
+		if (wrongCredentialsWhenConfirmingAccountDeletion) {
+			addToast('error', 'E-mail ou mot de passe incorrect');
+		}
+	});
 </script>
 
 <svelte:head>
@@ -109,6 +120,41 @@
 			<ButtonSecondary submits icon="checkmark">Enregistrer</ButtonSecondary>
 		</section>
 	</form>
+
+	<form
+		action="?/deleteAccount"
+		method="post"
+		class="delete-account"
+		id="invalidCredentialsDeleteAccount"
+	>
+		<h2>Supprimer mon compte</h2>
+		<p class="explain typo-paragraph">
+			{#if confirmingDeletion}
+				Pour confirmer, saisissez de nouveau votre mot de passe et email
+			{:else}
+				Cette action est irréversible. Vos annonces seront supprimées.
+			{/if}
+		</p>
+		<section class="submit">
+			{#if confirmingDeletion}
+				<InputField required label="email" id="email">
+					<InputEmail value="" required name="email" />
+				</InputField>
+				<InputPassword label="Mot de passe" value="" required name="password" />
+				<div class="submit-button">
+					<ButtonSecondary submits dangerous
+						>Je confirme la suppression de mon compte</ButtonSecondary
+					>
+				</div>
+			{:else}
+				<div class="submit-button">
+					<ButtonSecondary on:click={() => (confirmingDeletion = true)} dangerous
+						>Supprimer mon compte</ButtonSecondary
+					>
+				</div>
+			{/if}
+		</section>
+	</form>
 </main>
 
 <style>
@@ -152,4 +198,19 @@
 		display: flex;
 		gap: 1rem;
 	}
+
+	form.delete-account {
+		padding: 2rem;
+		border-radius: 1rem;
+		--bg: var(--rose);
+		--fg: var(--blood);
+		background-color: var(--bg);
+	}
+
+	form.delete-account section.submit {
+		display: flex;
+		flex-direction: column;
+		align-items: center;
+		gap: 2rem;
+	}
 </style>