38 lines
1009 B
TypeScript
38 lines
1009 B
TypeScript
import { Elysia, t } from "elysia";
|
|
import { deactivateSession } from "@backend/lib/auth";
|
|
import requireAuth from "@backend/middlewares/auth";
|
|
|
|
export const logoutHandler = new Elysia({ prefix: "/auth" }).use(requireAuth).delete(
|
|
"/session",
|
|
async ({ set, session, cookie }) => {
|
|
const sessionId = session.sessionId;
|
|
|
|
if (!sessionId) {
|
|
set.status = 401;
|
|
return { message: "Not authenticated." };
|
|
}
|
|
|
|
await deactivateSession(sessionId as string);
|
|
cookie.sessionId.remove();
|
|
|
|
return { message: "Successfully logged out." };
|
|
},
|
|
{
|
|
response: {
|
|
200: t.Object({
|
|
message: t.String()
|
|
}),
|
|
401: t.Object({
|
|
message: t.String()
|
|
})
|
|
},
|
|
detail: {
|
|
summary: "Logout current session",
|
|
description:
|
|
"This endpoint logs out the current user by deactivating their session and removing the session cookie. \
|
|
It requires an active session cookie to be present in the request. After successful logout, the session \
|
|
is invalidated and cannot be used again."
|
|
}
|
|
}
|
|
);
|