Added missing user delete route.

src/app/api/teams/route.ts

@@ -29,7 +29,7 @@ export async function POST(request: Request) {
       name,
       accessCode: `team_${getRandomChars(16)}`,
     },
-    auth.user.userId,
+    auth.user.id,
   );
 
   return json(team);

src/app/api/users/[userId]/route.ts

@@ -1,7 +1,7 @@
 import { z } from 'zod';
-import { canUpdateUser, canViewUser } from 'lib/auth';
+import { canUpdateUser, canViewUser, canDeleteUser } from 'lib/auth';
-import { getUser, getUserByUsername, updateUser } from 'queries';
+import { getUser, getUserByUsername, updateUser, deleteUser } from 'queries';
-import { json, unauthorized, badRequest } from 'lib/response';
+import { json, unauthorized, badRequest, ok } from 'lib/response';
 import { hashPassword } from 'next-basics';
 import { parseRequest } from 'lib/request';
 
@@ -74,3 +74,28 @@ export async function POST(request: Request, { params }: { params: Promise<{ use
 
   return json(updated);
 }
+
+export async function DELETE(
+  request: Request,
+  { params }: { params: Promise<{ userId: string }> },
+) {
+  const { auth, error } = await parseRequest(request);
+
+  if (error) {
+    return error();
+  }
+
+  const { userId } = await params;
+
+  if (!(await canDeleteUser(auth))) {
+    return unauthorized();
+  }
+
+  if (userId === auth.user.id) {
+    return badRequest('You cannot delete yourself.');
+  }
+
+  await deleteUser(userId);
+
+  return ok();
+}

src/app/api/websites/route.ts

@@ -15,7 +15,7 @@ export async function GET(request: Request) {
     return error();
   }
 
-  const websites = await getUserWebsites(auth.user.userId, query);
+  const websites = await getUserWebsites(auth.user.id, query);
 
   return json(websites);
 }
@@ -24,8 +24,8 @@ export async function POST(request: Request) {
   const schema = z.object({
     name: z.string().max(100),
     domain: z.string().max(500),
-    shareId: z.string().max(50).nullable(),
+    shareId: z.string().max(50).nullable().optional(),
-    teamId: z.string().nullable(),
+    teamId: z.string().nullable().optional(),
   });
 
   const { auth, body, error } = await parseRequest(request, schema);
@@ -42,7 +42,7 @@ export async function POST(request: Request) {
 
   const data: any = {
     id: uuid(),
-    createdBy: auth.user.userId,
+    createdBy: auth.user.id,
     name,
     domain,
     shareId,
@@ -50,7 +50,7 @@ export async function POST(request: Request) {
   };
 
   if (!teamId) {
-    data.userId = auth.user.userId;
+    data.userId = auth.user.id;
   }
 
   const website = await createWebsite(data);

src/lib/response.ts

@@ -17,13 +17,13 @@ export function unauthorized(message?: any) {
 }
 
 export function forbidden(message?: any) {
-  return Response.json({ error: 'Forbidden', message, status: 403 });
+  return Response.json({ error: 'Forbidden', message }, { status: 403 });
 }
 
 export function notFound(message?: any) {
-  return Response.json({ error: 'Not found', message, status: 404 });
+  return Response.json({ error: 'Not found', message }, { status: 404 });
 }
 
 export function serverError(error?: any) {
-  return Response.json({ error: 'Server error', message: serializeError(error), status: 500 });
+  return Response.json({ error: 'Server error', message: serializeError(error) }, { status: 500 });
 }