From 864c7283c1bc3e60395e1a47c4415e079135625b Mon Sep 17 00:00:00 2001
From: CyberL1 <cyber.hf18@gmail.com>
Date: Wed, 22 Oct 2025 07:44:20 +0200
Subject: [PATCH] fix: delete bot user when application is deleted

---
 .../applications/#application_id/index.ts     | 52 +++++--------------
 1 file changed, 14 insertions(+), 38 deletions(-)

diff --git a/src/api/routes/applications/#application_id/index.ts b/src/api/routes/applications/#application_id/index.ts
index 6701f867..f7d741cc 100644
--- a/src/api/routes/applications/#application_id/index.ts
+++ b/src/api/routes/applications/#application_id/index.ts
@@ -17,16 +17,11 @@
 */
 
 import { route } from "@spacebar/api";
-import {
-	Application,
-	DiscordApiErrors,
-	Guild,
-	handleFile,
-} from "@spacebar/util";
+import { Application, DiscordApiErrors, Guild, handleFile, User } from "@spacebar/util";
 import { Request, Response, Router } from "express";
 import { HTTPError } from "lambert-server";
 import { verifyToken } from "node-2fa";
-import { ApplicationModifySchema } from "@spacebar/schemas"
+import { ApplicationModifySchema } from "@spacebar/schemas";
 
 const router: Router = Router({ mergeParams: true });
 
@@ -47,8 +42,7 @@ router.get(
 			where: { id: req.params.application_id },
 			relations: ["owner", "bot"],
 		});
-		if (app.owner.id != req.user_id)
-			throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+		if (app.owner.id != req.user_id) throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
 
 		return res.json(app);
 	},
@@ -75,27 +69,15 @@ router.patch(
 			relations: ["owner", "bot"],
 		});
 
-		if (app.owner.id != req.user_id)
-			throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+		if (app.owner.id != req.user_id) throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
 
-		if (
-			app.owner.totp_secret &&
-			(!req.body.code ||
-				verifyToken(app.owner.totp_secret, req.body.code))
-		)
-			throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
+		if (app.owner.totp_secret && (!req.body.code || verifyToken(app.owner.totp_secret, req.body.code))) throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
 
 		if (body.icon) {
-			body.icon = await handleFile(
-				`/app-icons/${app.id}`,
-				body.icon as string,
-			);
+			body.icon = await handleFile(`/app-icons/${app.id}`, body.icon as string);
 		}
 		if (body.cover_image) {
-			body.cover_image = await handleFile(
-				`/app-icons/${app.id}`,
-				body.cover_image as string,
-			);
+			body.cover_image = await handleFile(`/app-icons/${app.id}`, body.cover_image as string);
 		}
 
 		if (body.guild_id) {
@@ -103,11 +85,7 @@ router.patch(
 				where: { id: body.guild_id },
 				select: ["owner_id"],
 			});
-			if (guild.owner_id != req.user_id)
-				throw new HTTPError(
-					"You must be the owner of the guild to link it to an application",
-					400,
-				);
+			if (guild.owner_id != req.user_id) throw new HTTPError("You must be the owner of the guild to link it to an application", 400);
 		}
 
 		if (app.bot) {
@@ -138,18 +116,16 @@ router.post(
 			where: { id: req.params.application_id },
 			relations: ["bot", "owner"],
 		});
-		if (app.owner.id != req.user_id)
-			throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+		if (app.owner.id != req.user_id) throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
 
-		if (
-			app.owner.totp_secret &&
-			(!req.body.code ||
-				verifyToken(app.owner.totp_secret, req.body.code))
-		)
-			throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
+		if (app.owner.totp_secret && (!req.body.code || verifyToken(app.owner.totp_secret, req.body.code))) throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
 
 		await Application.delete({ id: app.id });
 
+		if (app.bot) {
+			await User.delete({ id: app.id });
+		}
+
 		res.send().status(200);
 	},
 );