diff --git a/api/auth/auth.go b/api/auth/auth.go index 836a976..0e066cc 100644 --- a/api/auth/auth.go +++ b/api/auth/auth.go @@ -108,3 +108,18 @@ func SetSessionCookie(w http.ResponseWriter, sessionID string, expiresAt time.Ti Path: "/", }) } + +func (s *Service) Logout(ctx context.Context, sessionID string) error { + return s.db.DeleteSession(ctx, sessionID) +} + +func ClearSessionCookie(w http.ResponseWriter) { + http.SetCookie(w, &http.Cookie{ + Name: "session_id", + Value: "", + Expires: time.Unix(0, 0), + MaxAge: -1, + HttpOnly: true, + Path: "/", + }) +} diff --git a/api/auth/handler.go b/api/auth/handler.go index a16cfa2..557e04b 100644 --- a/api/auth/handler.go +++ b/api/auth/handler.go @@ -68,3 +68,13 @@ func (h *Handler) HandleLogin(w http.ResponseWriter, r *http.Request) { http.Redirect(w, r, "/", http.StatusSeeOther) } + +func (h *Handler) HandleLogout(w http.ResponseWriter, r *http.Request) { + cookie, err := r.Cookie("session_id") + if err == nil { + _ = h.authService.Logout(r.Context(), cookie.Value) + } + + ClearSessionCookie(w) + http.Redirect(w, r, "/", http.StatusSeeOther) +} diff --git a/internal/server/routes.go b/internal/server/routes.go index e355367..7c5b3f9 100644 --- a/internal/server/routes.go +++ b/internal/server/routes.go @@ -96,6 +96,7 @@ func NewRouter(cfg Config) http.Handler { pkgmiddleware.RateLimitAuth(pkgmiddleware.VerifyOrigin(http.HandlerFunc(authHandler.HandleLogin))).ServeHTTP(w, r) } }) + mux.HandleFunc("/logout", authHandler.HandleLogout) // Watchlist Endpoints mux.HandleFunc("/api/watchlist/card", watchlistHandler.HandleCardWatchlist)