feat(account): GDPR self-service account + data deletion (5d)
Add DELETE /api/me/account: permanently erases the signed-in account and all its personal data — OAuth tokens, subscriptions, tags, video states, playlists, notifications all cascade on the users row (FK ON DELETE CASCADE); quota-audit events are kept but anonymised (SET NULL); the email's invite/whitelist row is removed too. Guards: the shared demo account can't be deleted, and the last remaining admin can't delete itself. Frontend: a Danger zone in Settings -> Account (non-demo) with a danger-confirm; on success the session clears and the app lands on the welcome page. EN/HU/DE. Verified via curl: self-delete + session clear + demo 403.
This commit is contained in:
parent
68af2c8bdd
commit
17cbe38102
6 changed files with 90 additions and 3 deletions
|
|
@ -480,6 +480,8 @@ export interface AdminUserRow {
|
|||
export const api = {
|
||||
me: (): Promise<Me> => req("/api/me"),
|
||||
accounts: (): Promise<Account[]> => req("/api/me/accounts"),
|
||||
deleteAccount: (): Promise<{ deleted: boolean }> =>
|
||||
req("/api/me/account", { method: "DELETE" }),
|
||||
switchAccount: (userId: number): Promise<{ ok: boolean; user_id: number }> =>
|
||||
req("/api/me/switch", { method: "POST", body: JSON.stringify({ user_id: userId }) }),
|
||||
version: (): Promise<VersionInfo> => req("/api/version"),
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue