hailey.at / cocoon
An atproto PDS written in Go
fork atom
cocoon / server / handle_server_delete_account.go
at v0.7.0 4.1 kB view raw
1package server 2 3import ( 4 "context" 5 "time" 6 7 "github.com/Azure/go-autorest/autorest/to" 8 "github.com/bluesky-social/indigo/api/atproto" 9 "github.com/bluesky-social/indigo/events" 10 "github.com/bluesky-social/indigo/util" 11 "github.com/haileyok/cocoon/internal/helpers" 12 "github.com/labstack/echo/v4" 13 "golang.org/x/crypto/bcrypt" 14) 15 16type ComAtprotoServerDeleteAccountRequest struct { 17 Did string `json:"did" validate:"required"` 18 Password string `json:"password" validate:"required"` 19 Token string `json:"token" validate:"required"` 20} 21 22func (s *Server) handleServerDeleteAccount(e echo.Context) error { 23 var req ComAtprotoServerDeleteAccountRequest 24 if err := e.Bind(&req); err != nil { 25 s.logger.Error("error binding", "error", err) 26 return helpers.ServerError(e, nil) 27 } 28 29 if err := e.Validate(&req); err != nil { 30 s.logger.Error("error validating", "error", err) 31 return helpers.ServerError(e, nil) 32 } 33 34 urepo, err := s.getRepoActorByDid(req.Did) 35 if err != nil { 36 s.logger.Error("error getting repo", "error", err) 37 return echo.NewHTTPError(400, "account not found") 38 } 39 40 if err := bcrypt.CompareHashAndPassword([]byte(urepo.Repo.Password), []byte(req.Password)); err != nil { 41 s.logger.Error("password mismatch", "error", err) 42 return echo.NewHTTPError(401, "Invalid did or password") 43 } 44 45 if urepo.Repo.AccountDeleteCode == nil || urepo.Repo.AccountDeleteCodeExpiresAt == nil { 46 s.logger.Error("no deletion token found for account") 47 return echo.NewHTTPError(400, map[string]interface{}{ 48 "error": "InvalidToken", 49 "message": "Token is invalid", 50 }) 51 } 52 53 if *urepo.Repo.AccountDeleteCode != req.Token { 54 s.logger.Error("deletion token mismatch") 55 return echo.NewHTTPError(400, map[string]interface{}{ 56 "error": "InvalidToken", 57 "message": "Token is invalid", 58 }) 59 } 60 61 if time.Now().UTC().After(*urepo.Repo.AccountDeleteCodeExpiresAt) { 62 s.logger.Error("deletion token expired") 63 return echo.NewHTTPError(400, map[string]interface{}{ 64 "error": "ExpiredToken", 65 "message": "Token is expired", 66 }) 67 } 68 69 if err := s.db.Exec("DELETE FROM blocks WHERE did = ?", nil, req.Did).Error; err != nil { 70 s.logger.Error("error deleting blocks", "error", err) 71 return helpers.ServerError(e, nil) 72 } 73 74 if err := s.db.Exec("DELETE FROM records WHERE did = ?", nil, req.Did).Error; err != nil { 75 s.logger.Error("error deleting records", "error", err) 76 return helpers.ServerError(e, nil) 77 } 78 79 if err := s.db.Exec("DELETE FROM blobs WHERE did = ?", nil, req.Did).Error; err != nil { 80 s.logger.Error("error deleting blobs", "error", err) 81 return helpers.ServerError(e, nil) 82 } 83 84 if err := s.db.Exec("DELETE FROM tokens WHERE did = ?", nil, req.Did).Error; err != nil { 85 s.logger.Error("error deleting tokens", "error", err) 86 return helpers.ServerError(e, nil) 87 } 88 89 if err := s.db.Exec("DELETE FROM refresh_tokens WHERE did = ?", nil, req.Did).Error; err != nil { 90 s.logger.Error("error deleting refresh tokens", "error", err) 91 return helpers.ServerError(e, nil) 92 } 93 94 if err := s.db.Exec("DELETE FROM reserved_keys WHERE did = ?", nil, req.Did).Error; err != nil { 95 s.logger.Error("error deleting reserved keys", "error", err) 96 return helpers.ServerError(e, nil) 97 } 98 99 if err := s.db.Exec("DELETE FROM invite_codes WHERE did = ?", nil, req.Did).Error; err != nil { 100 s.logger.Error("error deleting invite codes", "error", err) 101 return helpers.ServerError(e, nil) 102 } 103 104 if err := s.db.Exec("DELETE FROM actors WHERE did = ?", nil, req.Did).Error; err != nil { 105 s.logger.Error("error deleting actor", "error", err) 106 return helpers.ServerError(e, nil) 107 } 108 109 if err := s.db.Exec("DELETE FROM repos WHERE did = ?", nil, req.Did).Error; err != nil { 110 s.logger.Error("error deleting repo", "error", err) 111 return helpers.ServerError(e, nil) 112 } 113 114 s.evtman.AddEvent(context.TODO(), &events.XRPCStreamEvent{ 115 RepoAccount: &atproto.SyncSubscribeRepos_Account{ 116 Active: false, 117 Did: req.Did, 118 Status: to.StringPtr("deleted"), 119 Seq: time.Now().UnixMicro(), 120 Time: time.Now().Format(util.ISO8601), 121 }, 122 }) 123 124 return e.NoContent(200) 125}