Delete a user with Mongoose, Express

I am new to Express and MongoDB. I created a small web app in Node.js and am using Express.js and Mongoose. I can succesfully create a user and have a user sign in but I am having trouble with a user being able to delete their account.

I have a user.js file in my routes folder which is where I am writing the code to signup, signin, delete, etc. Here is a link to the project on GitHub ( https://github.com/NicholasGati/shopping-cart-2 ). The button to delete a user's account is in views/user/edit.hbs. I put the button in a form. When I click the button, the user is not deleted and I am redirected to '/' for some reason. Note: '/:id' in my routes/user.js file becomes '/user/:id'.

Here is the code in the routes/user.js file for the delete method:

router.delete('/:id', isLoggedIn, (req, res, next) => {
  User.findOneAndRemove({_id: req.params.id}, (err) => {
    if (err) {
      req.flash("error", err);
      return res.redirect("/user/edit");
    }

    req.flash("success", "Your account has been deleted.");
    req.logout();
    return res.redirect("/shop/coffee");
  });
});

Here is the form in views/user/edit.hbs:

<form action="/user/{{user.id}}" method="delete">
  <div class="form-group">
    <button type="submit" class="btn btn-danger">Delete Account</button>
  </div>
</form>

Also, here is the isLoggedIn function:

function isLoggedIn(req, res, next) {
  if (req.isAuthenticated()) {
    return next();
  }
  res.redirect("/");
}

Thank you so much Saeid! I thought about your first point to check the form method and tried method="post" instead of the method="delete" and changed route.delete() to route.post() in my routes/user.js file. I then added a hidden field in the form with the csrf token and it worked! Thanks for leading me in the right direction.

Your welcome @NicholasGati. I think you could use delete method also.

And if you feel that an answer help you to solve your problem it will be better to give a vote.

Thanks Shazam. Strangely, the 'delete' methods didn't work but when I changed them to 'post', it all worked fine. I am still not sure why that is, but since changing the routes/user.js file to use router.post() and method='post' in the form, the user was successfully deleted. I also had to add a csrf token in the form as a hidden field too. Thanks for your response!

I don't yet have the reputation to vote answers but when I do, I will upvote your answer. Thanks Saeid!

@NicholasGat I hope that you will get the reputations asap but you also should chose the best answer for your question :) thanks!

use package multer, npm install --save multer to support delete request.