keligrubb/kestrelos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
main
kestrelos/server/api/users/[id].delete.js
Madison Grubb b7046dc0e6 initial commit
2026-02-10 23:32:26 -05:00

25 lines
940 B
JavaScript
Raw Permalink Blame History

import { getDb } from '../../utils/db.js'
import { requireAuth } from '../../utils/authHelpers.js'
export default defineEventHandler(async (event) => {
const currentUser = requireAuth(event, { role: 'admin' })
const id = event.context.params?.id
if (!id) throw createError({ statusCode: 400, message: 'id required' })
if (id === currentUser.id) {
throw createError({ statusCode: 400, message: 'Cannot delete your own account' })
}
const { run, get } = await getDb()
const user = await get('SELECT id, auth_provider FROM users WHERE id = ?', [id])
if (!user) throw createError({ statusCode: 404, message: 'User not found' })
if (user.auth_provider !== 'local') {
throw createError({ statusCode: 403, message: 'Only local users can be deleted' })
}
await run('DELETE FROM sessions WHERE user_id = ?', [id])
await run('DELETE FROM users WHERE id = ?', [id])
setResponseStatus(event, 204)
return null
})
Reference in New Issue View Git Blame Copy Permalink