From b291f49d2dab4d26f0e0d3583863032eef9a97b7 Mon Sep 17 00:00:00 2001
From: Backend IM Bot <bot@backend.im>
Date: Fri, 21 Mar 2025 09:08:47 +0100
Subject: [PATCH] Update code in endpoints/logout.post.py

---
 endpoints/logout.post.py | 34 +++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/endpoints/logout.post.py b/endpoints/logout.post.py
index 5275863..948ec52 100644
--- a/endpoints/logout.post.py
+++ b/endpoints/logout.post.py
@@ -5,21 +5,25 @@ router = APIRouter()
 
 @router.post("/logout")
 async def logout_handler(
-    user_id: str = Depends(get_current_user_id)
+    session_id: str,
+    access_token: str = Depends(...),
+    refresh_token: str = Depends(...),
+    db: Session = Depends(get_db)
 ):
     """Demo logout endpoint"""
-    if user_id not in fake_users_db:
-        raise HTTPException(status_code=404, detail="User not found")
+    user = fake_users_db.get(session_id)
+    if not user:
+        raise HTTPException(status_code=400, detail="Invalid session")
     
-    # Clear access token, refresh token and session
-    fake_users_db[user_id]["access_token"] = None
-    fake_users_db[user_id]["refresh_token"] = None
-    fake_users_db[user_id]["session"] = None
-    
-    return {
-        "message": "Logout successful",
-        "next_steps": [
-            "Clear client-side session data",
-            "Redirect to login page"
-        ]
-    }
\ No newline at end of file
+    # Clear session data
+    user["session_id"] = None
+    user["access_token"] = None 
+    user["refresh_token"] = None
+
+    # Clear cookies
+    response = JSONResponse(content={"message": "Logout successful"})
+    response.delete_cookie("access_token")
+    response.delete_cookie("refresh_token")
+    response.delete_cookie("session_id")
+
+    return response
\ No newline at end of file