1.9+

backend/app/routers/friends.py

@@ -56,21 +56,6 @@ async def send_friend_request(
         raise HTTPException(status_code=400, detail=str(e))
 
 
-@router.post("/add-direct")
-async def add_friend_direct(
-    req: FriendRequestCreate,
-    user: User = Depends(get_current_user),
-    db: AsyncSession = Depends(get_db),
-):
-    """直接添加好友（跳过验证）"""
-    service = FriendService(db)
-    try:
-        await service.add_direct(user.id, req.to_user_id)
-        return {"success": True, "message": "已添加好友"}
-    except ValueError as e:
-        raise HTTPException(status_code=400, detail=str(e))
-
-
 @router.put("/{friend_user_id}/remark")
 async def update_friend_remark(
     friend_user_id: str,

backend/app/routers/users.py

@@ -25,6 +25,10 @@ class StatusUpdate(BaseModel):
     expires_hours: int | None = None
 
 
+class DeleteAccountRequest(BaseModel):
+    password: str
+
+
 @router.get("/me", response_model=UserRead)
 async def get_me(user: User = Depends(get_current_user)):
     """获取当前用户信息"""
@@ -58,6 +62,21 @@ async def change_password(
         raise HTTPException(status_code=400, detail=str(e))
 
 
+@router.delete("/me")
+async def delete_account(
+    req: DeleteAccountRequest,
+    user: User = Depends(get_current_user),
+    db: AsyncSession = Depends(get_db),
+):
+    """注销账号（需验证密码，级联清理数据）"""
+    service = UserService(db)
+    try:
+        await service.delete_account(user.id, req.password)
+        return {"success": True, "message": "账号已注销"}
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+
+
 @router.put("/me/email")
 async def change_email(
     req: EmailChange,

backend/app/services/user_service.py

@@ -61,6 +61,16 @@ class UserService:
         user.password_hash = hash_password(new_password)
         user.updated_at = datetime.utcnow()
 
+    async def delete_account(self, user_id: str, password: str):
+        """注销账号：验证密码后删除用户（FK CASCADE 级联清理相关数据）"""
+        from sqlalchemy import delete
+        user = await self.get_by_id(user_id)
+        if not user:
+            raise ValueError("用户不存在")
+        if not verify_password(password, user.password_hash):
+            raise ValueError("密码错误，无法注销")
+        await self.db.execute(delete(User).where(User.id == user_id))
+
     async def change_email(self, user_id: str, new_email: str, password: str):
         """更换绑定邮箱"""
         user = await self.get_by_id(user_id)