apps/web/app/api/account/route.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

import { NextResponse } from "next/server"
import { createSupabaseServerClient } from "@/lib/supabase/server"
import { createSupabaseAdminClient } from "@/lib/supabase/admin"
import { rateLimit } from "@/lib/rate-limit"
import { checkBotId } from "botid/server"

export async function DELETE() {
  const botVerification = await checkBotId()
  if (botVerification.isBot) {
    return NextResponse.json({ error: "access denied" }, { status: 403 })
  }

  const supabaseClient = await createSupabaseServerClient()
  const {
    data: { user },
  } = await supabaseClient.auth.getUser()

  if (!user) {
    return NextResponse.json({ error: "not authenticated" }, { status: 401 })
  }

  const rateLimitResult = await rateLimit(`account-delete:${user.id}`, 3, 60_000)
  if (!rateLimitResult.success) {
    return NextResponse.json({ error: "too many requests" }, { status: 429 })
  }

  const adminClient = createSupabaseAdminClient()

  const { error } = await adminClient.auth.admin.deleteUser(user.id)

  if (error) {
    return NextResponse.json(
      { error: "failed to delete account" },
      { status: 500 }
    )
  }

  return new Response(null, { status: 204 })
}