From 40c54524a7dba3dc2cc1f04a08f22a570a0751f6 Mon Sep 17 00:00:00 2001
From: Andrew Zhu <me@andrew-zhu.com>
Date: Tue, 5 Feb 2019 15:46:06 -0800
Subject: [PATCH] add delete character endpoint

---
 app/Routes/API.js | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/app/Routes/API.js b/app/Routes/API.js
index 373f2f83..2f3deaa7 100644
--- a/app/Routes/API.js
+++ b/app/Routes/API.js
@@ -127,6 +127,37 @@ Router.map(function () {
         }
     );
 
+    this.route("deleteCharacter", { // DELETE /api/character/:_id
+        path: "/api/character/:_id",
+        where: "server"
+    }).delete(
+        function () {
+            this.response.setHeader("Content-Type", "application/json");
+            const header = this.request.headers;
+            const key = header && header['authorization'];
+            const charId = this.params._id;
+            ifKeyValid(key, this.response, "deleteCharacter", () => {
+                if (isOwner(charId, userIdFromKey(key))) {
+                    let error;
+                    Characters.remove({_id: charId}, (err) => {
+                        if (err)
+                            error = err.message;
+                    });
+
+                    if (error) {
+                        this.response.writeHead(400, "Failed to delete character");
+                        this.response.end(JSON.stringify({err: error}));
+                    } else {
+                        this.response.end(JSON.stringify({success: true}));
+                    }
+                } else {
+                    this.response.writeHead(403, "You do not have permission to delete this character");
+                    this.response.end();
+                }
+            });
+        }
+    );
+
     this.route("transferCharacterOwnership", { // PUT /api/character/:_id/owner
         path: "/api/character/:_id/owner",
         where: "server"