add some user delete functionalty

2026-03-20 12:33:15 -04:00
parent 953c836cce
commit 051e35c581
5 changed files with 56 additions and 1 deletions
@@ -136,6 +136,22 @@ router.post('/player/:username/password', requireAuth, (req, res) => {
  res.redirect(`/player/${user.username}`);
 });

+// ─── Delete own account ───────────────────────────────────
+router.post('/player/:username/delete', requireAuth, (req, res) => {
+  const user = Users.findByUsername(req.params.username);
+  if (!user || user.id !== req.session.userId) {
+    return res.status(403).render('error', { title: 'Forbidden', message: 'You can only delete your own account.' });
+  }
+  if (user.is_admin) {
+    req.session.flash = { type: 'danger', message: 'Admin accounts cannot be deleted.' };
+    return res.redirect(`/player/${user.username}`);
+  }
+
+  Users.deleteUser(user.id);
+  req.session.destroy();
+  res.redirect('/');
+});
+
 // ─── Browse all hunts ─────────────────────────────────────
 router.get('/hunts', (req, res) => {
  const allHunts = Hunts.getAll();