Update code in endpoints/logout.post.py

2025-03-21 09:08:47 +01:00 · 2025-03-21 09:08:47 +01:00 · b291f49d2d
commit b291f49d2d
parent a1752eca21
1 changed files with 19 additions and 15 deletions
--- a/endpoints/logout.post.py
+++ b/endpoints/logout.post.py
@ -5,21 +5,25 @@ router = APIRouter()

@router.post("/logout")
 async def logout_handler(
-    user_id: str = Depends(get_current_user_id)
+    session_id: str,
+    access_token: str = Depends(...),
+    refresh_token: str = Depends(...),
+    db: Session = Depends(get_db)
 ):
    """Demo logout endpoint"""
-    if user_id not in fake_users_db:
-        raise HTTPException(status_code=404, detail="User not found")
+    user = fake_users_db.get(session_id)
+    if not user:
+        raise HTTPException(status_code=400, detail="Invalid session")
    
-    # Clear access token, refresh token and session
-    fake_users_db[user_id]["access_token"] = None
-    fake_users_db[user_id]["refresh_token"] = None
-    fake_users_db[user_id]["session"] = None
-    
-    return {
-        "message": "Logout successful",
-        "next_steps": [
-            "Clear client-side session data",
-            "Redirect to login page"
-        ]
-    }
+    # Clear session data
+    user["session_id"] = None
+    user["access_token"] = None 
+    user["refresh_token"] = None
+
+    # Clear cookies
+    response = JSONResponse(content={"message": "Logout successful"})
+    response.delete_cookie("access_token")
+    response.delete_cookie("refresh_token")
+    response.delete_cookie("session_id")
+
+    return response