Implement user account deletion flow

POST /user/delete (auth required) verifies the password via pass1 and
transactionally removes the user's sessions, votes, entries and the user
row, then clears the session cookie. Associated media files are removed
best effort after commit. This was only a stub in the Flask original.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
2026-06-01 10:19:29 +02:00
parent cb237c248e
commit c904e3e2db
3 changed files with 79 additions and 5 deletions
+1 -1
View File
@@ -32,13 +32,13 @@ func main() {
// --- User (öffentlich) ---
r.Get("/u/{username}", handleUserPage)
r.Get("/user/delete", handleUserDelete)
// --- Geschützt (Session erforderlich) ---
r.Group(func(r chi.Router) {
r.Use(requireAuth)
r.Post("/entry/create", handleCreateEntry)
r.Get("/user/info", handleUserInfo)
r.Post("/user/delete", handleUserDelete)
})
// Hochgeladene Medien + alte statische Assets