Dateien nach "backend/src/routes" hochladen
This commit is contained in:
@@ -48,4 +48,28 @@ router.post('/change-username', authenticate, (req, res) => {
|
||||
res.json({ success: true, username: newUsername.trim() });
|
||||
});
|
||||
|
||||
// DELETE /api/auth/delete-account – eigenen Account löschen (nicht für letzte Admins)
|
||||
router.delete('/delete-account', authenticate, (req, res) => {
|
||||
const { password } = req.body || {};
|
||||
const id = req.user.id;
|
||||
const user = db.prepare('SELECT * FROM users WHERE id=?').get(id);
|
||||
if (!user) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
|
||||
if (password && !bcrypt.compareSync(password, user.password_hash))
|
||||
return res.status(400).json({ error: 'Passwort falsch' });
|
||||
if (!user) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
|
||||
// Admin darf sich nicht löschen wenn er der letzte Admin ist
|
||||
if (user.role === 'admin') {
|
||||
const adminCount = db.prepare("SELECT COUNT(*) c FROM users WHERE role='admin'").get().c;
|
||||
if (adminCount <= 1) return res.status(400).json({ error: 'Letzter Administrator kann sich nicht löschen' });
|
||||
}
|
||||
// Alle Daten löschen
|
||||
db.prepare('DELETE FROM calculations WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM orders WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM todos WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM quick_links WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM notes WHERE user_id=?').run(id);
|
||||
db.prepare('DELETE FROM users WHERE id=?').run(id);
|
||||
res.json({ success: true });
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
||||
Reference in New Issue
Block a user