owltide/server/api/auth/account.delete.ts

/*
	SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
	SPDX-License-Identifier: AGPL-3.0-or-later
*/
import {
	readUsers, readSessions, readSubscriptions,
	writeUsers, writeSessions, writeSubscriptions,
} from "~/server/database";
import { broadcastEvent, cancelAccountStreams } from "~/server/streams";

export default defineEventHandler(async (event) => {
	const serverSession = await requireServerSessionWithUser(event);
	let users = await readUsers();

	// Remove sessions for this user
	const removedSessionIds = new Set<number>();
	let sessions = await readSessions();
	sessions = sessions.filter(session => {
		if (session.accountId === serverSession.accountId) {
			removedSessionIds.add(session.id);
			return false;
		}
		return true;
	});
	cancelAccountStreams(serverSession.accountId);
	await writeSessions(sessions);
	await deleteCookie(event, "session");

	// Remove subscriptions for this user
	let subscriptions = await readSubscriptions();
	subscriptions = subscriptions.filter(
		subscription => !removedSessionIds.has(subscription.sessionId)
	);
	await writeSubscriptions(subscriptions);

	// Remove the user
	const account = users.find(user => user.id === serverSession.accountId)!;
	const now = new Date().toISOString();
	account.deleted = true;
	account.updatedAt = now;
	await writeUsers(users);
	await broadcastEvent({
		type: "user-update",
		data: {
			id: account.id,
			updatedAt: now,
			deleted: true,
		}
	});

	// Update Schedule counts.
	await updateScheduleInterestedCounts(users);
})