don't delete yourself

api/kiwi_vpn_api/routers/_common.py

@@ -52,6 +52,10 @@ class Responses:
         "description": "Entry does not exist in database",
         "content": None,
     }
+    CANT_TARGET_SELF = {
+        "description": "Operation can't target yourself",
+        "content": None,
+    }
 
 
 async def get_current_user(

api/kiwi_vpn_api/routers/user.py

@@ -109,6 +109,7 @@ async def add_user(
         status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
         status.HTTP_403_FORBIDDEN: Responses.NEEDS_ADMIN,
         status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST,
+        status.HTTP_406_NOT_ACCEPTABLE: Responses.CANT_TARGET_SELF,
     },
     response_model=User,
 )
@@ -120,6 +121,10 @@ async def remove_user(
     DELETE ./{user_name}: Remove a user from the database.
     """
 
+    # stop inting
+    if current_user.name == user.name:
+        raise HTTPException(status_code=status.HTTP_406_NOT_ACCEPTABLE)
+
     # delete user
     user.delete()