From 7bbe321d3c30415a5f05ed3740810a63496d3cb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mike=20Schw=C3=B6rer?= <pubgit@mikescher.com>
Date: Sun, 4 May 2025 04:57:27 +0200
Subject: [PATCH] =?UTF-8?q?Add=20confirm=3D=3F=20quer-param=20to=20delete-?=
 =?UTF-8?q?user=20route=20[skip-tests]?=

---
 flutter/lib/pages/account/account.dart |  2 ++
 scnserver/api/apierr/enums.go          |  1 +
 scnserver/api/handler/apiUser.go       | 12 ++++++++++--
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/flutter/lib/pages/account/account.dart b/flutter/lib/pages/account/account.dart
index 6802b60..4234b55 100644
--- a/flutter/lib/pages/account/account.dart
+++ b/flutter/lib/pages/account/account.dart
@@ -528,6 +528,8 @@ class _AccountRootPageState extends State<AccountRootPage> {
     if (!acc.isAuth()) return;
 
     try {
+      TODO ASK BEFORE DELETING TEH FUCKING USER !!!!!!!
+
       await APIClient.deleteUser(acc, acc.userID!);
 
       Toaster.info('Logout', 'Successfully logged out');
diff --git a/scnserver/api/apierr/enums.go b/scnserver/api/apierr/enums.go
index a6ebe80..6c3d118 100644
--- a/scnserver/api/apierr/enums.go
+++ b/scnserver/api/apierr/enums.go
@@ -20,6 +20,7 @@ const (
 	BINDFAIL_URI_PARAM    APIError = 1153
 	BINDFAIL_HEADER_PARAM APIError = 1152
 	INVALID_BODY_PARAM    APIError = 1161
+	INVALID_QUERY_PARAM   APIError = 1162
 	INVALID_ENUM_VALUE    APIError = 1171
 
 	NO_TITLE                     APIError = 1201
diff --git a/scnserver/api/handler/apiUser.go b/scnserver/api/handler/apiUser.go
index 855d9a3..53f974d 100644
--- a/scnserver/api/handler/apiUser.go
+++ b/scnserver/api/handler/apiUser.go
@@ -290,14 +290,18 @@ func (h APIHandler) UpdateUser(pctx ginext.PreContext) ginext.HTTPResponse {
 //	@Failure	404	{object}	ginresp.apiError	"user not found"
 //	@Failure	500	{object}	ginresp.apiError	"internal server error"
 //
-//	@Router		/api/v2/users/{uid} [PATCH]
+//	@Router		/api/v2/users/{uid} [DELETE]
 func (h APIHandler) DeleteUser(pctx ginext.PreContext) ginext.HTTPResponse {
 	type uri struct {
 		UserID models.UserID `uri:"uid" binding:"entityid"`
 	}
+	type query struct {
+		Confirm *bool `json:"confirm" form:"confirm"`
+	}
 
 	var u uri
-	ctx, g, errResp := pctx.URI(&u).Start()
+	var q query
+	ctx, g, errResp := pctx.URI(&u).Query(&q).Start()
 	if errResp != nil {
 		return *errResp
 	}
@@ -309,6 +313,10 @@ func (h APIHandler) DeleteUser(pctx ginext.PreContext) ginext.HTTPResponse {
 			return *permResp
 		}
 
+		if q.Confirm == nil || !*q.Confirm {
+			return ginresp.APIError(g, 400, apierr.INVALID_QUERY_PARAM, "Must send confirm=true to delete an account", nil)
+		}
+
 		user, err := h.database.GetUser(ctx, u.UserID)
 		if errors.Is(err, sql.ErrNoRows) {
 			return ginresp.APIError(g, 404, apierr.USER_NOT_FOUND, "User not found", err)