yetangitu/timelimit-server
1
0
Fork 0
mirror of https://codeberg.org/timelimit/timelimit-server.git synced 2025-10-02 17:29:23 +02:00
Code Issues Projects Releases Wiki Activity

Add account deletion API

Browse source
This commit is contained in:
Jonas Lochmann 2023-04-03 02:00:00 +02:00
parent 05fac79849
commit e46f5bea3f
No known key found for this signature in database
GPG key ID: 8B8C9AEE10FA5B36
20 changed files with 705 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

24
docs/api/parent.md
View file

@ -194,3 +194,27 @@ If the ``secondPasswordHash`` is invalid: HTTP status code 401 Unauthorized
If the server does not support this request: HTTP status code 404
On success: ``{"token": "some string"}``; you should not make any assumptions about the token string
## POST /parent/delete-account
Use this to delete an account. This includes the complete family registration
with users and devices. Due to that, all parents with a linked mail address
have to authenticate this action.
## request
see [this JSON schema](../schema/deleteaccountpayload.md)
## response
On success: HTTP status code 200
On a invalid request body: HTTP status code 400 Bad Request
On unknown device auth token: HTTP status code 401 Unauthorized
On missing parent authentication: HTTP status code 401 Unauthorized
On unrelated parent authentication: HTTP status code 401 Unauthorized
If a newer endpoint must be used/the client is too old: HTTP status code 410 Gone

23
docs/schema/DeleteAccountPayload.schema.json Normal file
View file

@ -0,0 +1,23 @@
{
"type": "object",
"properties": {
"deviceAuthToken": {
"type": "string"
},
"mailAuthTokens": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"deviceAuthToken",
"mailAuthTokens"
],
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "DeleteAccountPayload",
"$id": "https://timelimit.io/DeleteAccountPayload"
}

4
docs/schema/README.md
View file

@ -14,6 +14,8 @@
* [CreateRegisterDeviceTokenRequest](./createregisterdevicetokenrequest.md) `https://timelimit.io/CreateRegisterDeviceTokenRequest`
* [DeleteAccountPayload](./deleteaccountpayload.md) `https://timelimit.io/DeleteAccountPayload`
* [FinishPurchaseByGooglePlayRequest](./finishpurchasebygoogleplayrequest.md) `https://timelimit.io/FinishPurchaseByGooglePlayRequest`
* [IdentityTokenPayload](./identitytokenpayload.md) `https://timelimit.io/IdentityTokenPayload`
@ -282,6 +284,8 @@
* [Untitled array in ClientPushChangesRequest](./clientpushchangesrequest-properties-actions.md) `https://timelimit.io/ClientPushChangesRequest#/properties/actions`
* [Untitled array in DeleteAccountPayload](./deleteaccountpayload-properties-mailauthtokens.md) `https://timelimit.io/DeleteAccountPayload#/properties/mailAuthTokens`
* [Untitled array in SerializedAppLogicAction](./serializedapplogicaction-definitions-serializedaddinstalledappsaction-properties-apps.md) `https://timelimit.io/SerializedAppLogicAction#/definitions/SerializedAddInstalledAppsAction/properties/apps`
* [Untitled array in SerializedAppLogicAction](./serializedapplogicaction-definitions-serializedaddusedtimeactionversion2-properties-i.md) `https://timelimit.io/SerializedAppLogicAction#/definitions/SerializedAddUsedTimeActionVersion2/properties/i`

15
docs/schema/deleteaccountpayload-definitions.md Normal file
View file

@ -0,0 +1,15 @@
# Untitled undefined type in DeleteAccountPayload Schema
```txt
https://timelimit.io/DeleteAccountPayload#/definitions
```
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :-------------------------------------------------------------------------------------------- |
| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [DeleteAccountPayload.schema.json\*](DeleteAccountPayload.schema.json "open original schema") |
## definitions Type
unknown

15
docs/schema/deleteaccountpayload-properties-deviceauthtoken.md Normal file
View file

@ -0,0 +1,15 @@
# Untitled string in DeleteAccountPayload Schema
```txt
https://timelimit.io/DeleteAccountPayload#/properties/deviceAuthToken
```
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :-------------------------------------------------------------------------------------------- |
| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [DeleteAccountPayload.schema.json\*](DeleteAccountPayload.schema.json "open original schema") |
## deviceAuthToken Type
`string`

15
docs/schema/deleteaccountpayload-properties-mailauthtokens-items.md Normal file
View file

@ -0,0 +1,15 @@
# Untitled string in DeleteAccountPayload Schema
```txt
https://timelimit.io/DeleteAccountPayload#/properties/mailAuthTokens/items
```
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :-------------------------------------------------------------------------------------------- |
| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [DeleteAccountPayload.schema.json\*](DeleteAccountPayload.schema.json "open original schema") |
## items Type
`string`

15
docs/schema/deleteaccountpayload-properties-mailauthtokens.md Normal file
View file

@ -0,0 +1,15 @@
# Untitled array in DeleteAccountPayload Schema
```txt
https://timelimit.io/DeleteAccountPayload#/properties/mailAuthTokens
```
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :-------------------------------------------------------------------------------------------- |
| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [DeleteAccountPayload.schema.json\*](DeleteAccountPayload.schema.json "open original schema") |
## mailAuthTokens Type
`string[]`

60
docs/schema/deleteaccountpayload.md Normal file
View file

@ -0,0 +1,60 @@
# DeleteAccountPayload Schema
```txt
https://timelimit.io/DeleteAccountPayload
```
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------ |
| Can be instantiated | Yes | Unknown status | No | Forbidden | Forbidden | none | [DeleteAccountPayload.schema.json](DeleteAccountPayload.schema.json "open original schema") |
## DeleteAccountPayload Type
`object` ([DeleteAccountPayload](deleteaccountpayload.md))
# DeleteAccountPayload Properties
| Property | Type | Required | Nullable | Defined by |
| :---------------------------------- | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------- |
| [deviceAuthToken](#deviceauthtoken) | `string` | Required | cannot be null | [DeleteAccountPayload](deleteaccountpayload-properties-deviceauthtoken.md "https://timelimit.io/DeleteAccountPayload#/properties/deviceAuthToken") |
| [mailAuthTokens](#mailauthtokens) | `array` | Required | cannot be null | [DeleteAccountPayload](deleteaccountpayload-properties-mailauthtokens.md "https://timelimit.io/DeleteAccountPayload#/properties/mailAuthTokens") |
## deviceAuthToken
`deviceAuthToken`
* is required
* Type: `string`
* cannot be null
* defined in: [DeleteAccountPayload](deleteaccountpayload-properties-deviceauthtoken.md "https://timelimit.io/DeleteAccountPayload#/properties/deviceAuthToken")
### deviceAuthToken Type
`string`
## mailAuthTokens
`mailAuthTokens`
* is required
* Type: `string[]`
* cannot be null
* defined in: [DeleteAccountPayload](deleteaccountpayload-properties-mailauthtokens.md "https://timelimit.io/DeleteAccountPayload#/properties/mailAuthTokens")
### mailAuthTokens Type
`string[]`
# DeleteAccountPayload Definitions

192
other/mail/account-deleted/html.ejs Normal file
View file

@ -0,0 +1,192 @@
<!doctype html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
<head>
<title>
</title>
<!--[if !mso]><!-->
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<!--<![endif]-->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type="text/css">
#outlook a {
padding: 0;
}
body {
margin: 0;
padding: 0;
-webkit-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
}
table,
td {
border-collapse: collapse;
mso-table-lspace: 0pt;
mso-table-rspace: 0pt;
}
img {
border: 0;
height: auto;
line-height: 100%;
outline: none;
text-decoration: none;
-ms-interpolation-mode: bicubic;
}
p {
display: block;
margin: 13px 0;
}
</style>
<!--[if mso]>
<noscript>
<xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml>
</noscript>
<![endif]-->
<!--[if lte mso 11]>
<style type="text/css">
.mj-outlook-group-fix { width:100% !important; }
</style>
<![endif]-->
<!--[if !mso]><!-->
<!--<![endif]-->
<style type="text/css">
@media only screen and (min-width:480px) {
.mj-column-per-100 {
width: 100% !important;
max-width: 100%;
}
}
</style>
<style media="screen and (min-width:480px)">
.moz-text-html .mj-column-per-100 {
width: 100% !important;
max-width: 100%;
}
</style>
<style type="text/css">
</style>
</head>
<body style="word-spacing:normal;">
<div style="">
<!--[if mso | IE]><table align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600" bgcolor="#009688" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]-->
<div style="background:#009688;background-color:#009688;margin:0px auto;max-width:600px;">
<table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="background:#009688;background-color:#009688;width:100%;">
<tbody>
<tr>
<td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
<!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:600px;" ><![endif]-->
<div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%">
<tbody>
<tr>
<td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:20px;line-height:1;text-align:left;color:#ffffff;">TimeLimit</div>
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]></td></tr></table><![endif]-->
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]></td></tr></table><table align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]-->
<div style="margin:0px auto;max-width:600px;">
<table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;">
<tbody>
<tr>
<td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
<!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:600px;" ><![endif]-->
<div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%">
<tbody>
<tr>
<td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:1;text-align:left;color:#000000;">
<p> Sie haben eine Löschung Ihres Benutzerkontos angefordert. Diese wurde soeben durchgeführt. </p>
<p> You requested the deletion of your account. This deletion is finished now. </p>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]></td></tr></table><![endif]-->
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]></td></tr></table><table align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]-->
<div style="margin:0px auto;max-width:600px;">
<table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;">
<tbody>
<tr>
<td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
<!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:600px;" ><![endif]-->
<div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%">
<tbody>
<tr>
<td align="center" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<p style="border-top:dashed 1px lightgrey;font-size:1px;margin:0px auto;width:100%;">
</p>
<!--[if mso | IE]><table align="center" border="0" cellpadding="0" cellspacing="0" style="border-top:dashed 1px lightgrey;font-size:1px;margin:0px auto;width:550px;" role="presentation" width="550px" ><tr><td style="height:0;line-height:0;"> &nbsp;
</td></tr></table><![endif]-->
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]></td></tr></table><![endif]-->
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]></td></tr></table><table align="center" border="0" cellpadding="0" cellspacing="0" class="" style="width:600px;" width="600" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]-->
<div style="margin:0px auto;max-width:600px;">
<table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;">
<tbody>
<tr>
<td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;">
<!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:600px;" ><![endif]-->
<div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;">
<table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%">
<tbody>
<tr>
<td align="left" style="font-size:0px;padding:10px 25px;word-break:break-word;">
<div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:1;text-align:left;color:#000000;">
<p> Sie erhalten diese Nachricht aufgrund Ihrer Anfrage. Falls Sie Fragen haben können Sie einfach auf diese E-Mail antworten. </p>
<p> You got this mail due to your request. If you have got any questions, then you can reply to this message. </p>
<p> &copy; <%= mailimprint %> </p>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]></td></tr></table><![endif]-->
</td>
</tr>
</tbody>
</table>
</div>
<!--[if mso | IE]></td></tr></table><![endif]-->
</div>
</body>
</html>

44
other/mail/account-deleted/htmltemplate-src.txt Normal file
View file

@ -0,0 +1,44 @@
<mjml>
<mj-body>
<mj-section background-color="#009688">
<mj-column>
<mj-text font-size="20px" color="#ffffff">TimeLimit</mj-text>
</mj-column>
</mj-section>
<mj-section>
<mj-column>
<mj-text>
<p>
Sie haben eine Löschung Ihres Benutzerkontos angefordert. Diese wurde soeben durchgeführt.
</p>
<p>
You requested the deletion of your account. This deletion is finished now.
</p>
</mj-text>
</mj-column>
</mj-section>
<mj-section>
<mj-column>
<mj-divider border-width="1px" border-style="dashed" border-color="lightgrey" />
</mj-column>
</mj-section>
<mj-section>
<mj-column>
<mj-text>
<p>
Sie erhalten diese Nachricht aufgrund Ihrer Anfrage.
Falls Sie Fragen haben können Sie einfach auf diese E-Mail antworten.
</p>
<p>
You got this mail due to your request.
If you have got any questions, then you can reply to this message.
</p>
<p>
&copy; <%= mailimprint %>
</p>
</mj-text>
</mj-column>
</mj-section>
</mj-body>
</mjml>

1
other/mail/account-deleted/subject.ejs Normal file
View file

@ -0,0 +1 @@
Konto gelöscht/Account deleted

13
other/mail/account-deleted/text.ejs Normal file
View file

@ -0,0 +1,13 @@
Sie haben eine Löschung Ihres Benutzerkontos angefordert. Diese wurde soeben durchgeführt.
You requested the deletion of your account. This deletion is finished now.
----------------------
Sie erhalten diese Nachricht aufgrund Ihrer Anfrage.
Falls Sie Fragen haben können Sie einfach auf diese E-Mail antworten.
You got this mail due to your request.
If you have got any questions, then you can reply to this message.
<C> <%- mailimprint %>

5
scripts/build-schemas.js
View file

@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
* Copyright (C) 2019 - 2022 Jonas Lochmann
* Copyright (C) 2019 - 2023 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@ -43,7 +43,8 @@ const types = [
'RequestWithAuthToken',
'SendMailLoginCodeRequest',
'SignInByMailCodeRequest',
'IdentityTokenPayload'
'IdentityTokenPayload',
'DeleteAccountPayload',
]
const docOnlyTypes = [

20
src/api/parent.ts
View file

@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
* Copyright (C) 2019 - 2022 Jonas Lochmann
* Copyright (C) 2019 - 2023 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@ -21,6 +21,7 @@ import { Router } from 'express'
import { BadRequest, Forbidden, Unauthorized } from 'http-errors'
import { config } from '../config'
import { Database, Transaction } from '../database'
import { deleteAccount } from '../function/cleanup/account-deletion'
import { removeDevice } from '../function/device/remove-device'
import { createAddDeviceToken } from '../function/parent/create-add-device-token'
import { createFamily } from '../function/parent/create-family'
@ -36,7 +37,8 @@ import {
isCreateFamilyByMailTokenRequest,
isCreateRegisterDeviceTokenRequest, isLinkParentMailAddressRequest,
isMailAuthTokenRequestBody, isRecoverParentPasswordRequest,
isRemoveDeviceRequest, isSignIntoFamilyRequest, isRequestIdentityTokenRequest
isRemoveDeviceRequest, isSignIntoFamilyRequest, isRequestIdentityTokenRequest,
isDeleteAccountPayload
} from './validator'
export const createParentRouter = ({
@ -356,5 +358,19 @@ export const createParentRouter = ({
}
})
router.post('/delete-account', json(), async (req, res, next) => {
try {
if (!isDeleteAccountPayload(req.body)) {
throw new BadRequest()
}
await deleteAccount({ database, request: req.body, websocket })
res.sendStatus(200)
} catch (ex) {
next(ex)
}
})
return router
}

7
src/api/schema.ts
View file

@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
* Copyright (C) 2019 - 2022 Jonas Lochmann
* Copyright (C) 2019 - 2023 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@ -176,5 +176,10 @@ export type IdentityTokenPayload = IdentityTokenCreatePayload & {
exp: number
}
export interface DeleteAccountPayload {
deviceAuthToken: string
mailAuthTokens: Array<string>
}
export { SerializedParentAction, SerializedChildAction, SerializedAppLogicAction } from '../action/serialization'
export { ServerDataStatus } from '../object/serverdatastatus'

23
src/api/validator.ts
View file

@ -1,5 +1,5 @@
// tslint:disable
import { ClientPushChangesRequest, ClientPullChangesRequest, MailAuthTokenRequestBody, CreateFamilyByMailTokenRequest, SignIntoFamilyRequest, RecoverParentPasswordRequest, RegisterChildDeviceRequest, SerializedParentAction, SerializedAppLogicAction, SerializedChildAction, CreateRegisterDeviceTokenRequest, CanDoPurchaseRequest, FinishPurchaseByGooglePlayRequest, LinkParentMailAddressRequest, UpdatePrimaryDeviceRequest, RemoveDeviceRequest, RequestIdentityTokenRequest, RequestWithAuthToken, SendMailLoginCodeRequest, SignInByMailCodeRequest, IdentityTokenPayload } from './schema'
import { ClientPushChangesRequest, ClientPullChangesRequest, MailAuthTokenRequestBody, CreateFamilyByMailTokenRequest, SignIntoFamilyRequest, RecoverParentPasswordRequest, RegisterChildDeviceRequest, SerializedParentAction, SerializedAppLogicAction, SerializedChildAction, CreateRegisterDeviceTokenRequest, CanDoPurchaseRequest, FinishPurchaseByGooglePlayRequest, LinkParentMailAddressRequest, UpdatePrimaryDeviceRequest, RemoveDeviceRequest, RequestIdentityTokenRequest, RequestWithAuthToken, SendMailLoginCodeRequest, SignInByMailCodeRequest, IdentityTokenPayload, DeleteAccountPayload } from './schema'
import Ajv from 'ajv'
const ajv = new Ajv()
@ -3493,3 +3493,24 @@ export const isIdentityTokenPayload: (value: unknown) => value is IdentityTokenP
"definitions": definitions,
"$schema": "http://json-schema.org/draft-07/schema#"
})
export const isDeleteAccountPayload: (value: unknown) => value is DeleteAccountPayload = ajv.compile({
"type": "object",
"properties": {
"deviceAuthToken": {
"type": "string"
},
"mailAuthTokens": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": false,
"required": [
"deviceAuthToken",
"mailAuthTokens"
],
"definitions": definitions,
"$schema": "http://json-schema.org/draft-07/schema#"
})

107
src/function/cleanup/account-deletion.ts Normal file
View file

@ -0,0 +1,107 @@
/*
* server component for the TimeLimit App
* Copyright (C) 2019 - 2023 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { Unauthorized } from 'http-errors'
import { DeleteAccountPayload } from '../../api/schema'
import { Database } from '../../database'
import { sendAccountDeletedMail } from '../../util/mail'
import { WebsocketApi } from '../../websocket'
import { requireMailAndLocaleByAuthToken } from '../authentication'
import { deleteFamilies } from './delete-families'
export async function deleteAccount({ request, database, websocket }: {
request: DeleteAccountPayload
database: Database
websocket: WebsocketApi
}) {
await database.transaction(async (transaction) => {
const deviceEntryUnsafe = await database.device.findOne({
where: { deviceAuthToken: request.deviceAuthToken },
attributes: ['familyId'],
transaction
})
if (!deviceEntryUnsafe) {
throw new Unauthorized()
}
const deviceEntry = {
familyId: deviceEntryUnsafe.familyId
}
const userEntries = (await database.user.findAll({
where: {
familyId: deviceEntry.familyId,
type: 'parent'
},
attributes: ['mail'],
transaction
})).map((item) => ({ mail: item.mail }))
const registeredMailAddresses = new Set<string>()
userEntries.forEach((item) => {
if (item.mail !== '') registeredMailAddresses.add(item.mail)
})
const authenticatedMailAddresses = new Set<string>()
for (const mailAuthToken of request.mailAuthTokens) {
const info = await requireMailAndLocaleByAuthToken({
mailAuthToken,
database,
transaction,
invalidate: true
})
if (!registeredMailAddresses.has(info.mail)) throw new Unauthorized()
authenticatedMailAddresses.add(info.mail)
}
if (registeredMailAddresses.size !== authenticatedMailAddresses.size) throw new Unauthorized()
registeredMailAddresses.forEach((mail) => {
if (!authenticatedMailAddresses.has(mail)) throw new Unauthorized()
})
const deviceEntries = (await database.device.findAll({
where: {
familyId: deviceEntry.familyId
},
transaction,
attributes: ['deviceAuthToken']
})).map((item) => ({ deviceAuthToken: item.deviceAuthToken }))
await deleteFamilies({ database, transaction, familiyIds: [deviceEntry.familyId] })
transaction.afterCommit(() => {
for (const device of deviceEntries) {
websocket.triggerSyncByDeviceAuthToken({
deviceAuthToken: device.deviceAuthToken,
isImportant: true
})
}
registeredMailAddresses.forEach((receiver) => {
sendAccountDeletedMail({ receiver }).catch((ex) => {
console.warn('failure while sending account deletion confirmation', ex)
})
})
})
})
}

217
src/function/cleanup/delete-families.ts
View file

@ -17,10 +17,11 @@
import { difference } from 'lodash'
import * as Sequelize from 'sequelize'
import { Database } from '../../database'
import { Database, Transaction } from '../../database'
export async function deleteFamilies ({ database, familiyIds }: {
export async function deleteFamilies ({ database, transaction, familiyIds }: {
database: Database
transaction: Transaction
familiyIds: Array<string>
// no transaction here because this should run isolated
}) {
@ -28,128 +29,126 @@ export async function deleteFamilies ({ database, familiyIds }: {
return
}
await database.transaction(async (transaction) => {
// category
await database.category.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// category
await database.category.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// categoryapp
await database.categoryApp.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// categoryapp
await database.categoryApp.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// purchase
await database.purchase.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// purchase
await database.purchase.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// timelimitrule
await database.timelimitRule.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// timelimitrule
await database.timelimitRule.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// usedtime
await database.usedTime.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// usedtime
await database.usedTime.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// session durations
await database.sessionDuration.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// session durations
await database.sessionDuration.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// user
await database.user.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// user
await database.user.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// device
const oldDeviceAuthTokens = (await database.device.findAll({
// device
const oldDeviceAuthTokens = (await database.device.findAll({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
attributes: ['deviceAuthToken'],
transaction
})).map((item) => item.deviceAuthToken)
await database.device.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// olddevice
if (oldDeviceAuthTokens.length > 0) {
const knownOldDeviceAuthTokens = (await database.oldDevice.findAll({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
deviceAuthToken: {
[Sequelize.Op.in]: oldDeviceAuthTokens
}
},
attributes: ['deviceAuthToken'],
transaction
})).map((item) => item.deviceAuthToken)
await database.device.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
const oldDeviceAuthTokensToAdd = difference(oldDeviceAuthTokens, knownOldDeviceAuthTokens)
// olddevice
if (oldDeviceAuthTokens.length > 0) {
const knownOldDeviceAuthTokens = (await database.oldDevice.findAll({
where: {
deviceAuthToken: {
[Sequelize.Op.in]: oldDeviceAuthTokens
}
},
transaction
})).map((item) => item.deviceAuthToken)
const oldDeviceAuthTokensToAdd = difference(oldDeviceAuthTokens, knownOldDeviceAuthTokens)
if (oldDeviceAuthTokensToAdd.length > 0) {
await database.oldDevice.bulkCreate(
oldDeviceAuthTokensToAdd.map((item) => ({
deviceAuthToken: item
})),
{ transaction }
)
}
if (oldDeviceAuthTokensToAdd.length > 0) {
await database.oldDevice.bulkCreate(
oldDeviceAuthTokensToAdd.map((item) => ({
deviceAuthToken: item
})),
{ transaction }
)
}
}
// family
await database.family.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
// family
await database.family.destroy({
where: {
familyId: {
[Sequelize.Op.in]: familiyIds
}
},
transaction
})
}

11
src/function/cleanup/delete-old-families.ts
View file

@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
* Copyright (C) 2019 - 2020 Jonas Lochmann
* Copyright (C) 2019 - 2023 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@ -26,9 +26,12 @@ export async function deleteOldFamilies (database: Database) {
if (oldFamilyIds.length > 0) {
const familyIdsToDelete = oldFamilyIds.slice(0, 256) /* limit to 256 families per execution */
await deleteFamilies({
database,
familiyIds: familyIdsToDelete
await database.transaction(async (transaction) => {
await deleteFamilies({
database,
transaction,
familiyIds: familyIdsToDelete
})
})
}
}

13
src/util/mail.ts
View file

@ -193,6 +193,19 @@ export const sendPasswordRecoveryUsedMail = async ({ receiver, locale }: {
})
}
const accountDeletedMailSender = createMailTemplateSender('account-deleted')
export const sendAccountDeletedMail = async ({ receiver }: {
receiver: string
}) => {
await accountDeletedMailSender.sendMail({
receiver,
params: {
mailimprint
}
})
}
function getMailSecurityText (locale: string) {
if (locale === 'de') {
return 'Achten Sie darauf, dass Ihr Kind/Ihre Kinder keinen Zugang zu der E-Mail-Adresse hat/haben, die Sie bei TimeLimit angegeben haben.'