import { NextResponse } from 'next/server' import { destroySession, getUserFromRequest } from '@/lib/auth' import { logAuditEvent } from '@/lib/db' import { getMcSessionCookieName, getMcSessionCookieOptions, isRequestSecure, parseMcSessionCookieHeader } from '@/lib/session-cookie' export async function POST(request: Request) { const user = getUserFromRequest(request) const cookieHeader = request.headers.get('cookie') || '' const token = parseMcSessionCookieHeader(cookieHeader) if (token) { destroySession(token) } if (user) { const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown' logAuditEvent({ action: 'logout', actor: user.username, actor_id: user.id, ip_address: ipAddress }) } const response = NextResponse.json({ ok: true }) const isSecureRequest = isRequestSecure(request) const cookieName = getMcSessionCookieName(isSecureRequest) response.cookies.set(cookieName, '', { ...getMcSessionCookieOptions({ maxAgeSeconds: 0, isSecureRequest }), }) return response }