diff --git a/src/api/account/handlers.rs b/src/api/account/handlers.rs
index 018b61b..1869d9a 100644
--- a/src/api/account/handlers.rs
+++ b/src/api/account/handlers.rs
@@ -33,7 +33,9 @@ pub async fn register(
         return Ok(data::RegisterResponse::Blocked);
     }
 
-    let email_regex = regex::Regex::new(r"^([a-z0-9_+]([a-z0-9_+.]*[a-z0-9_+])?)@([a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,6})")?;
+    let email_regex = regex::Regex::new(
+        r"^([a-z0-9_+]([a-z0-9_+.]*[a-z0-9_+])?)@([a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,6})",
+    )?;
 
     if !email_regex.is_match(&request.email) {
         return Ok(data::RegisterResponse::MalformedEmail);
@@ -133,7 +135,18 @@ pub async fn delete(pool: &MySqlPool, token: String) -> Result<data::DeleteRespo
         return Ok(data::DeleteResponse::Blocked);
     }
 
+    let token = match AuthToken::check(pool, token).await? {
+        Some(t) => t,
+        None => return Ok(data::DeleteResponse::Unauthorized),
+    };
 
+    sqlx::query!(r#"DELETE FROM AuthTokens WHERE account = ?;"#, token.account)
+        .execute(pool)
+        .await?;
+
+    sqlx::query!(r#"DELETE FROM Accounts WHERE id = ?;"#, token.account)
+        .execute(pool)
+        .await?;
 
     Ok(data::DeleteResponse::Success)
 }