Update storage/data_routers.py

storage/data_routers.py

@@ -135,4 +135,60 @@ def create_data_item(
         "status": "ok",
         "created": str(target),
         "type": item_type
+    }
+
+@router.delete("/delete_path", tags=["Data Manager"])
+def delete_path(
+    target: str = Query(..., description="Ruta absoluta dentro de /data a borrar"),
+    token: str = Query(..., description="Token requerido para autorización")
+):
+    """
+    Delete a file or directory recursively inside /data, except protected folders.
+
+    Behavior:
+    - Validate token.
+    - Validate path starts with /data/.
+    - Deny deletion of /data/db and /data/media (and anything inside them).
+    - If target is a file → delete file.
+    - If target is a directory → delete recursively.
+    """
+
+    validate_token(token)
+
+    # Normalizar ruta
+    path = Path(target).resolve()
+
+    # Debe estar dentro de /data/
+    if not str(path).startswith(str(DATA_ROOT)):
+        raise HTTPException(status_code=400, detail="Path must be inside /data/")
+
+    # Carpetas protegidas
+    protected = [
+        DATA_ROOT / "db",
+        DATA_ROOT / "media",
+    ]
+
+    for p in protected:
+        if path == p or str(path).startswith(str(p) + "/"):
+            raise HTTPException(
+                status_code=403,
+                detail=f"Deletion forbidden: {p} is protected"
+            )
+
+    # Verificar existencia
+    if not path.exists():
+        raise HTTPException(status_code=404, detail="Target path does not exist")
+
+    try:
+        if path.is_file():
+            path.unlink()
+        else:
+            shutil.rmtree(path)
+
+    except Exception as exc:
+        raise HTTPException(status_code=500, detail=f"Failed to delete: {exc}")
+
+    return {
+        "status": "ok",
+        "deleted": str(path)
     }