owltide/server/api/auth/account.delete.ts

/*
	SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
	SPDX-License-Identifier: AGPL-3.0-or-later
*/
import {
	readUsers, readSessions, readSubscriptions,
	writeUsers, writeSessions, writeSubscriptions,
	nextEventId,
} from "~/server/database";
import { broadcastEvent, cancelAccountStreams } from "~/server/streams";

export default defineEventHandler(async (event) => {
	const serverSession = await requireServerSessionWithUser(event);
	let users = await readUsers();

	// Expire sessions for this user
	const expiredSessionIds = new Set<number>();
	let sessions = await readSessions();
	const nowMs = Date.now();
	for (const session of sessions) {
		if (
			session.successor !== undefined
			&& (session.expiresAtMs === undefined || session.expiresAtMs < nowMs)
			&& session.accountId === serverSession.accountId
		) {
			session.expiresAtMs = nowMs;
			broadcastEvent({
				id: await nextEventId(),
				type: "session-expired",
				sessionId: session.id,
			});
			expiredSessionIds.add(session.id);
		}
	}
	cancelAccountStreams(serverSession.accountId);
	await writeSessions(sessions);
	await deleteCookie(event, "session");

	// Remove subscriptions for this user
	let subscriptions = await readSubscriptions();
	subscriptions = subscriptions.filter(
		subscription => !expiredSessionIds.has(subscription.sessionId)
	);
	await writeSubscriptions(subscriptions);

	// Remove the user
	const account = users.find(user => user.id === serverSession.accountId)!;
	const now = new Date(nowMs).toISOString();
	account.deleted = true;
	account.updatedAt = now;
	await writeUsers(users);
	await broadcastEvent({
		id: await nextEventId(),
		type: "user-update",
		data: {
			id: account.id,
			updatedAt: now,
			deleted: true,
		}
	});

	// Update Schedule counts.
	await updateScheduleInterestedCounts(users);
})