publisher-dashboard/apps/api-server/src/procedures/auth/logout.ts

/**
 * Logout procedure - revokes the current session and clears the session cookie
 */

import type { AuthenticatedContext } from "../../context.js";
import { implement } from "@orpc/server";
import { contract } from "@reviq/api-contract";
import { COOKIE_NAMES, deleteCookie } from "../../utils/cookies.js";

const os = implement(contract);

/**
 * Logout handler
 * - Requires authentication (user must be logged in)
 * - Revokes the current session by setting revoked_at to now()
 * - Clears the session cookie from the response
 */
export const logout = os.auth.logout.handler(
  async ({ context }: { context: unknown }) => {
    const ctx = context as AuthenticatedContext;

    // Revoke the current session
    await ctx.db
      .updateTable("sessions")
      .set({ revoked_at: new Date() })
      .where("id", "=", String(ctx.session.id))
      .execute();

    // Clear the session cookie
    deleteCookie(ctx.resHeaders, COOKIE_NAMES.SESSION_TOKEN);
  },
);