LibreChat/api/server/middleware/canDeleteAccount.js

const { isEnabled } = require('~/server/utils');
const { logger } = require('~/config');

/**
 * Checks if the user can delete their account
 *
 * @async
 * @function
 * @param {Object} req - Express request object
 * @param {Object} res - Express response object
 * @param {Function} next - Next middleware function
 *
 * @returns {Promise<function|Object>} - Returns a Promise which when resolved calls next middleware if the user can delete their account
 */

const canDeleteAccount = async (req, res, next = () => {}) => {
  const { user } = req;
  const { ALLOW_ACCOUNT_DELETION = true } = process.env;
  if (user?.role === 'ADMIN' || isEnabled(ALLOW_ACCOUNT_DELETION)) {
    return next();
  } else {
    logger.error(`[User] [Delete Account] [User cannot delete account] [User: ${user?.id}]`);
    return res.status(403).send({ message: 'You do not have permission to delete this account' });
  }
};

module.exports = canDeleteAccount;
🚫👤feat: delete user from UI (#1526) * initial commit * fix: UserController bugs; fix: lint errors * fix: delete files * language support * style(DeleteAccount): update to the latest style * style: fix after merge main * chore: Add canDeleteAccount middleware for user deletion endpoint * chore: renamed to ALLOW_ACCOUNT_DELETION * fix(canDeleteAccount): use uppercase admin role * chore: imports order * chore: Enable account deletion by default if omitted/commented out * chore: Add logging for user account deletion * chore: Bump data-provider package version to 0.6.6 * chore: Import Transaction model in UserController * chore: Update CONFIG_VERSION to 1.1.4 * chore: Update user account deletion logging * chore: Refactor user account deletion logic --------- Co-authored-by: Berry-13 <root@Berry> Co-authored-by: Danny Avila <messagedaniel@protonmail.com> Co-authored-by: Danny Avila <danny@librechat.ai> 2024-06-06 01:35:12 +02:00			`const { isEnabled } = require('~/server/utils');`
			`const { logger } = require('~/config');`

			`/**`
			`* Checks if the user can delete their account`
			`*`
			`* @async`
			`* @function`
			`* @param {Object} req - Express request object`
			`* @param {Object} res - Express response object`
			`* @param {Function} next - Next middleware function`
			`*`
			`* @returns {Promise<function\|Object>} - Returns a Promise which when resolved calls next middleware if the user can delete their account`
			`*/`

			`const canDeleteAccount = async (req, res, next = () => {}) => {`
			`const { user } = req;`
			`const { ALLOW_ACCOUNT_DELETION = true } = process.env;`
			`if (user?.role === 'ADMIN' \|\| isEnabled(ALLOW_ACCOUNT_DELETION)) {`
			`return next();`
			`} else {`
			logger.error(`[User] [Delete Account] [User cannot delete account] [User: ${user?.id}]`);
			`return res.status(403).send({ message: 'You do not have permission to delete this account' });`
			`}`
			`};`

			`module.exports = canDeleteAccount;`