From 46b460f5118c95a6ab33682df7b71f91acef6577 Mon Sep 17 00:00:00 2001 From: multipleof4 Date: Fri, 10 Oct 2025 11:06:18 -0700 Subject: [PATCH] Feat: Add endpoint to delete links --- functions/api/links/delete.js | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 functions/api/links/delete.js diff --git a/functions/api/links/delete.js b/functions/api/links/delete.js new file mode 100644 index 0000000..f638c96 --- /dev/null +++ b/functions/api/links/delete.js @@ -0,0 +1,27 @@ +export async function onRequestPost({ request, env }) { + try { + const { 'g-recaptcha-response': token, ...body } = await request.json(); + const vR = await fetch("https://www.google.com/recaptcha/api/siteverify", { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded" }, body: `secret=${env.RECAPCHA_KEY}&response=${token}` }); + if (!(await vR.json()).success) return new Response("CAPTCHA verification failed.", { status: 403 }); + + const { slug, username, pass_hash } = body; + if (!slug || !username || !pass_hash) return new Response("Missing fields", { status: 400 }); + + const user = await env.D1_EV.prepare("SELECT pass_hash, custom_slugs FROM users WHERE username = ?").bind(username).first(); + if (user?.pass_hash !== pass_hash) return new Response("Invalid credentials", { status: 401 }); + + let slugs = []; + try { slugs = JSON.parse(user.custom_slugs) } catch {} + if (!Array.isArray(slugs) || !slugs.includes(slug)) return new Response("Unauthorized", { status: 403 }); + + const newSlugs = slugs.filter(s => s !== slug); + await Promise.all([ + env.KV_EV.delete(slug), + env.D1_EV.prepare("UPDATE users SET custom_slugs = ? WHERE username = ?").bind(JSON.stringify(newSlugs), username).run() + ]); + + return Response.json({ success: true }); + } catch (e) { + return new Response(e.message, { status: 500 }); + } +}