x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(auth): check password when deleting account #175
All checks were successful
Build and Push Docker Image / Explore-Gitea-Actions (push) Successful in 54s
Details
Build Docker Image / Explore-Gitea-Actions (push) Successful in 45s
Details

Browse Source
This commit was merged in pull request #177.
This commit is contained in:
Tim Wundenberg
2024-09-13 12:02:06 +02:00
parent 6a656b15f0
commit 6c1edcd0a8
2 changed files with 43 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
service/auth.go
View File

@@ -328,7 +328,31 @@ func HandleDeleteAccountComp(db *sql.DB) http.HandlerFunc {
return
}
_, err := db.Exec("DELETE FROM workout WHERE user_id = ?", user.Id)
password := r.FormValue("password")
if password == "" {
utils.TriggerToast(w, r, "error", "Password is required")
return
}
var (
storedHash []byte
salt []byte
)
err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
if err != nil {
utils.LogError("Could not get password", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")
return
}
currHash := getHashPassword(password, salt)
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
utils.TriggerToast(w, r, "error", "Password is not correct")
return
}
_, err = db.Exec("DELETE FROM workout WHERE user_id = ?", user.Id)
if err != nil {
utils.LogError("Could not delete workouts", err)
utils.TriggerToast(w, r, "error", "Internal Server Error")

30
template/auth/delete_account.templ
View File

@@ -1,16 +1,22 @@
package auth
templ DeleteAccountComp() {
<main class="h-full flex items-center justify-center">
<div class="card bg-neutral text-neutral-content w-96">
<div class="card-body items-center text-center">
<h2 class="card-title">Delete Account</h2>
<p>Do you really want to delete all your data? This cannot be undone!</p>
<div class="card-actions justify-end mt-4">
<a href="/" class="btn btn-ghost">Cancel</a>
<button hx-get="/api/auth/delete-account" class="btn btn-primary">Delete Account</button>
</div>
</div>
</div>
</main>
<form
class="max-w-xl px-2 mx-auto flex flex-col gap-4 h-full justify-center"
hx-post="/api/auth/delete-account"
hx-swap="none"
>
<h2 class="text-6xl mb-6">
Delete Account
</h2>
<p class="text-xl text-red-500 mb-4">
Are you sure you want to delete your account? This action is irreversible.
</p>
<label class="input input-bordered flex items-center gap-2">
<input type="password" class="grow" placeholder="Password" name="password"/>
</label>
<button class="btn btn-error self-end">
Delete Account
</button>
</form>
}