From 91750a5086944cf0944c058f34adb22d10e5f964 Mon Sep 17 00:00:00 2001
From: mrjvs <jellevs@gmail.com>
Date: Sun, 29 Oct 2023 16:34:50 +0100
Subject: [PATCH] update delete user to actually delete all data

---
 README.md                  |  4 ++--
 src/routes/users/delete.ts | 29 ++++++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 91be1ae..9522915 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ Backend for movie-web
   - [X] GET progress items
   - [X] DELETE progress items
   - [ ] consume provider metrics
-  - [ ] DELETE user - should delete all associated data
+  - [X] DELETE user - should delete all associated data
  - [ ] prometheus metrics
   - [X] requests
   - [X] user count
@@ -30,7 +30,7 @@ Backend for movie-web
  - [X] global namespacing (accounts are stored on a namespace)
  - [ ] cleanup jobs
   - [ ] cleanup expired sessions
-  - [ ] cleanup old metrics
+  - [ ] cleanup old provider metrics
 
 ## Second todo list
  - [ ] think of privacy centric method of auth
diff --git a/src/routes/users/delete.ts b/src/routes/users/delete.ts
index 969b755..a9b99bb 100644
--- a/src/routes/users/delete.ts
+++ b/src/routes/users/delete.ts
@@ -1,5 +1,8 @@
+import { Bookmark } from '@/db/models/Bookmark';
+import { ProgressItem } from '@/db/models/ProgressItem';
 import { Session } from '@/db/models/Session';
 import { User } from '@/db/models/User';
+import { UserSettings } from '@/db/models/UserSettings';
 import { StatusError } from '@/services/error';
 import { handle } from '@/services/handler';
 import { makeRouter } from '@/services/router';
@@ -24,10 +27,34 @@ export const userDeleteRouter = makeRouter((app) => {
       if (auth.user.id !== user.id)
         throw new StatusError('Cannot delete user other than yourself', 403);
 
-      const sessions = await em.find(Session, { user: user.id });
+      // delete data
+      await em
+        .createQueryBuilder(Bookmark)
+        .delete()
+        .where({
+          userId: user.id,
+        })
+        .execute();
+      await em
+        .createQueryBuilder(ProgressItem)
+        .delete()
+        .where({
+          userId: user.id,
+        })
+        .execute();
+      await em
+        .createQueryBuilder(UserSettings)
+        .delete()
+        .where({
+          id: user.id,
+        })
+        .execute();
 
+      // delete account & login sessions
+      const sessions = await em.find(Session, { user: user.id });
       await em.remove([user, ...sessions]);
       await em.flush();
+
       return {
         id: user.id,
       };