feat(otter): add working user removal route

2025-08-29 14:18:33 +02:00 · 2025-08-29 14:18:33 +02:00 · 5017bd1c5f
parent b946e1ce98
commit 5017bd1c5f
4 changed files with 35 additions and 0 deletions
--- a/gpodder/src/repository/admin.rs
+++ b/gpodder/src/repository/admin.rs
@ -14,4 +14,8 @@ impl<'a> AdminRepository<'a> {
    ) -> Result<Vec<models::User>, AuthErr> {
        self.store.paginated_users(page, filter)
    }
+
+    pub fn remove_user(&self, id: i64) -> Result<bool, AuthErr> {
+        self.store.remove_user(id)
+    }
 }
--- a/gpodder/src/store.rs
+++ b/gpodder/src/store.rs
@ -54,6 +54,9 @@ pub trait GpodderAuthStore {
    /// Update the user with the included ID with the new values
    fn update_user(&self, user: User) -> Result<User, AuthErr>;

+    /// Remove the user with the given ID
+    fn remove_user(&self, id: i64) -> Result<bool, AuthErr>;
+
    /// Create a new session for a user with the given session ID
    ///
    /// The `last_seen` timestamp's precision should be at least accurate to the second
--- a/gpodder_sqlite/src/repository/auth.rs
+++ b/gpodder_sqlite/src/repository/auth.rs
@ -81,6 +81,16 @@ impl gpodder::GpodderAuthStore for SqliteRepository {
            .map_err(DbError::from)?)
    }

+    fn remove_user(&self, id: i64) -> Result<bool, AuthErr> {
+        let conn = &mut self.pool.get().map_err(DbError::from)?;
+
+        match diesel::delete(users::table.filter(users::id.eq(id))).execute(conn) {
+            Ok(0) => Ok(false),
+            Ok(_) => Ok(true),
+            Err(err) => Err(DbError::from(err).into()),
+        }
+    }
+
    fn get_session(&self, session_id: i64) -> Result<Option<gpodder::models::Session>, AuthErr> {
        match sessions::table
            .inner_join(users::table)
--- a/otter/src/server/web/users.rs
+++ b/otter/src/server/web/users.rs
@ -17,6 +17,7 @@ use crate::{
 pub fn router(ctx: Context) -> Router<Context> {
    Router::new()
        .route("/users", get(get_users))
+        .route("/users/{id}", delete(delete_user))
        .route_layer(axum::middleware::from_fn_with_state(
            ctx.clone(),
            super::auth::auth_web_middleware,
@ -70,3 +71,20 @@ async fn get_users(
        .authenticated(true)
        .response(&ctx.tera))
 }
+
+async fn delete_user(
+    State(ctx): State<Context>,
+    Extension(session): Extension<gpodder::Session>,
+    Path(id): Path<i64>,
+) -> AppResult<()> {
+    let deleted =
+        tokio::task::spawn_blocking(move || ctx.store.admin(&session.user)?.remove_user(id))
+            .await
+            .unwrap()?;
+
+    if deleted {
+        Ok(())
+    } else {
+        Err(AppError::NotFound)
+    }
+}