file (aka the "alias") is the server filename of the uploaded image
delete_token is the token needed to delete the image
Of course, if you didn't capture this image's delete_token at upload-time, then you must fetch it from the postgres DB.
First, open a shell on your running postgres container. If you installed Lemmy with docker compose, use docker compose ps to get the "SERVICE" name of your postgres host, and then enter it with docker exec
ⓘ Note: If you get an incorrect_login error, then try [a] logging into the instance in your web browser and then [b] pasting the "https://<instance_domain>/pictrs/image/delete/<pictrs_delete_token>/<image_filename>" URL into your web browser.
The image should be deleted.
Method Two: /internal/purge?alias={alias}
Alternatively, you could execute the deletion directly inside the pictrs container. This eliminates the need to fetch the delete_token.
First, open a shell on your running pictrs container. If you installed Lemmy with docker compose, use docker compose ps to get the "SERVICE" name of your postgres host, and then enter it with docker exec
<span style="color:#323232;">~ $ wget --server-response --post-data "" --header "X-Api-Token: ${PICTRS__SERVER__API_KEY}" "http://127.0.0.1:8080/internal/purge?alias=001665df-3b25-415f-8a59-3d836bb68dd1.webp"
</span><span style="color:#323232;">Connecting to 127.0.0.1:8080 (127.0.0.1:8080)
</span><span style="color:#323232;">HTTP/1.1 200 OK
</span><span style="color:#323232;">content-length: 67
</span><span style="color:#323232;">connection: close
</span><span style="color:#323232;">content-type: application/json
</span><span style="color:#323232;">date: Wed, 14 Feb 2024 12:56:24 GMT
</span><span style="color:#323232;">
</span><span style="color:#323232;">saving to 'purge?alias=001665df-3b25-415f-8a59-3d836bb68dd1.webp'
</span><span style="color:#323232;">purge?alias=001665df 100% |*****************************************************************************************************************************************************************************************************************************| 67 0:00:00 ETA
</span><span style="color:#323232;">'purge?alias=001665df-3b25-415f-8a59-3d836bb68dd1.webp' saved
</span><span style="color:#323232;">
</span><span style="color:#323232;">~ $
</span>
ⓘ Note: There's an error in the pict-rs reference documentation. It says you can POST to /internal/delete, but that just returns 404 Not Found.
The image should be deleted
Further Reading
Unfortunately, it seems that the Lemmy develoeprs are not taking these moral and legal (GDPR) risks seriously (they saidit may take years before they address them), and they threatened to ban me for trying to highlight the severity of this risk, get them to tag GDPR-related bugs, and to prioritize them.
lemmy #4433: Deleted Account should delete uploaded media (pictures) too
lemmy #4441: Users unable to delete their images (pictrs API)
lemmy #4434: Unapproved users cannot delete their accounts/data
lemmy #3973: Banned users cannot delete their accounts/data
lemmy #4445: Create an interface for local users to view and remove images
lemmy-ui #2359: Allow users to delete images they uploaded
lemmy-ui #2360: Allow admins to view & delete uploaded images
lemmy-ui #2361: private_message_disclaimer to include user's matrix handle