feat: add option to delete account

Author: TimilsinaBimal

app/api/endpoints/tokens.py

@@ -159,3 +159,45 @@ async def create_token(payload: TokenRequest, request: Request) -> TokenResponse
         manifestUrl=manifest_url,
         expiresInSeconds=expires_in,
     )
+
+
+@router.post("/delete", status_code=200)
+async def delete_token(payload: TokenRequest):
+    """Delete a token based on provided credentials."""
+    username = payload.username.strip() if payload.username else None
+    password = payload.password
+    auth_key = payload.authKey.strip() if payload.authKey else None
+
+    if auth_key and auth_key.startswith('"') and auth_key.endswith('"'):
+        auth_key = auth_key[1:-1].strip()
+
+    if not auth_key and not (username and password):
+        raise HTTPException(
+            status_code=400,
+            detail="Provide either a Stremio auth key or both username and password to delete account.",
+        )
+
+    payload_to_derive = {
+        "username": username,
+        "password": password,
+        "authKey": auth_key,
+    }
+
+    try:
+        # We don't verify credentials with Stremio here, we just check if we have a token for them.
+        # If the user provides wrong credentials, we'll derive a wrong token, which won't exist in Redis.
+        # That's fine, we can just say "deleted" or "not found".
+        # However, to be nice, we might want to say "Settings deleted" even if they didn't exist.
+        # But if we want to be strict, we could check existence.
+        # Let's just try to delete.
+
+        token = token_store.derive_token(payload_to_derive)
+        await token_store.delete_token(token)
+        logger.info(f"[{redact_token(token)}] Token deleted (if existed)")
+        return {"detail": "Settings deleted successfully"}
+    except (redis_exceptions.RedisError, OSError) as exc:
+        logger.error("Token deletion failed: {}", exc)
+        raise HTTPException(
+            status_code=503,
+            detail="Token deletion is temporarily unavailable. Please try again once Redis is reachable.",
+        ) from exc

app/services/token_store.py

@@ -80,6 +80,11 @@ def _derive_token_value(self, payload: dict[str, Any]) -> str:
         secret = settings.TOKEN_SALT.encode("utf-8")
         return hmac.new(secret, serialized.encode("utf-8"), hashlib.sha256).hexdigest()
 
+    def derive_token(self, payload: dict[str, Any]) -> str:
+        """Public wrapper to derive token from payload."""
+        normalized = self._normalize_payload(payload)
+        return self._derive_token_value(normalized)
+
     async def store_payload(self, payload: dict[str, Any]) -> tuple[str, bool]:
         self._ensure_secure_salt()
         normalized = self._normalize_payload(payload)

scripts/generate_release_notes.py

@@ -3,6 +3,7 @@
 import subprocess
 import sys
 from pathlib import Path
+from traceback import print_exc
 
 from openai import OpenAI
 from pydantic import BaseModel
@@ -236,6 +237,7 @@ def generate_release_notes(commits, last_release_tag):
         return release_notes, version_name
     except Exception as e:
         print(f"Error generating release notes with LLM: {e}")
+        print_exc()
 
     try:
         commit_list = commits.split("\n")

static/index.html

@@ -268,6 +268,19 @@
                     </div>
                 </button>
 
+                <div class="text-center mt-6">
+                    <button type="button" id="deleteAccountBtn"
+                        class="w-full bg-red-500/10 hover:bg-red-500/20 text-red-400 font-medium py-3.5 rounded-xl transition border border-red-500/20 flex items-center justify-center gap-2 group">
+                        <svg class="w-5 h-5 opacity-70 group-hover:opacity-100 transition-opacity" fill="none" stroke="currentColor"
+                            viewBox="0 0 24 24">
+                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
+                                d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16">
+                            </path>
+                        </svg>
+                        Delete my settings/account
+                    </button>
+                </div>
+
             </form>
 
             <!-- Success View -->

static/script.js

@@ -532,6 +532,74 @@ function initializeSuccessActions() {
             }
         });
     }
+
+    const deleteAccountBtn = document.getElementById('deleteAccountBtn');
+    if (deleteAccountBtn) {
+        deleteAccountBtn.addEventListener('click', async () => {
+            if (!confirm('Are you sure you want to delete your settings? This will remove your credentials from the server and stop your addons from working.')) {
+                return;
+            }
+
+            const authMethodValue = authMethod.value;
+            const username = document.getElementById('username')?.value.trim();
+            const password = document.getElementById('password')?.value;
+            const authKey = document.getElementById('authKey')?.value.trim();
+
+            // Validation
+            if (authMethodValue === 'credentials') {
+                if (!username || !password) {
+                    showError('Please provide both email and password to delete your account.');
+                    return;
+                }
+            } else {
+                if (!authKey) {
+                    showError('Please provide your Stremio auth key to delete your account.');
+                    return;
+                }
+            }
+
+            const payload = {};
+            if (authMethodValue === 'credentials') {
+                payload.username = username;
+                payload.password = password;
+            } else {
+                payload.authKey = authKey;
+            }
+
+            setLoading(true);
+            hideError();
+
+            try {
+                const response = await fetch('/tokens/delete', {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                    },
+                    body: JSON.stringify(payload),
+                });
+
+                const data = await response.json();
+
+                if (!response.ok) {
+                    throw new Error(data.detail || 'Failed to delete account');
+                }
+
+                alert('Settings deleted successfully.');
+                // Clear form
+                configForm.reset();
+                if (stremioLoginBtn.getAttribute('data-action') === 'logout') {
+                    setStremioLoggedOutState();
+                }
+                catalogs = [...defaultCatalogs];
+                renderCatalogList();
+
+            } catch (err) {
+                showError(err.message || 'Failed to delete account. Please try again.');
+            } finally {
+                setLoading(false);
+            }
+        });
+    }
 }
 
 // UI Helpers