Spaces:
Runtime error
Runtime error
HonzysClawdbot
fix(session-cookie): migrate to __Host- prefix for secure contexts (#294)
c9c4e2a unverified | import { NextResponse } from 'next/server' | |
| import { destroySession, getUserFromRequest } from '@/lib/auth' | |
| import { logAuditEvent } from '@/lib/db' | |
| import { getMcSessionCookieName, getMcSessionCookieOptions, isRequestSecure, parseMcSessionCookieHeader } from '@/lib/session-cookie' | |
| export async function POST(request: Request) { | |
| const user = getUserFromRequest(request) | |
| const cookieHeader = request.headers.get('cookie') || '' | |
| const token = parseMcSessionCookieHeader(cookieHeader) | |
| if (token) { | |
| destroySession(token) | |
| } | |
| if (user) { | |
| const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown' | |
| logAuditEvent({ action: 'logout', actor: user.username, actor_id: user.id, ip_address: ipAddress }) | |
| } | |
| const response = NextResponse.json({ ok: true }) | |
| const isSecureRequest = isRequestSecure(request) | |
| const cookieName = getMcSessionCookieName(isSecureRequest) | |
| response.cookies.set(cookieName, '', { | |
| ...getMcSessionCookieOptions({ maxAgeSeconds: 0, isSecureRequest }), | |
| }) | |
| return response | |
| } | |