Path: blob/master/src/packages/next/pages/api/v2/accounts/sign-out.ts
1452 views
/*1Sign out of the current session or all sessions.23This invalidates 1 or more remember me cookies for4the account that is making the API request.5*/67import getAccountId from "lib/account/get-account";8import { getRememberMeHash } from "@cocalc/server/auth/remember-me";9import {10deleteRememberMe,11deleteAllRememberMe,12} from "@cocalc/server/auth/remember-me";13import getParams from "lib/api/get-params";14import { apiRoute, apiRouteOperation } from "lib/api";15import { SuccessStatus } from "lib/api/status";16import {17AccountSignOutInputSchema,18AccountSignOutOutputSchema,19} from "lib/api/schema/accounts/sign-out";20import {21ACCOUNT_ID_COOKIE_NAME,22REMEMBER_ME_COOKIE_NAME,23} from "@cocalc/backend/auth/cookie-names";2425async function handle(req, res) {26try {27await signOut(req, res);28res.json(SuccessStatus);29} catch (err) {30res.json({ error: err.message });31}32}3334async function signOut(req, res): Promise<void> {35const { all } = getParams(req);36if (all) {37// invalidate all remember me cookies for this account.38const account_id = await getAccountId(req);39if (!account_id) return; // not signed in40await deleteAllRememberMe(account_id);41} else {42const hash = getRememberMeHash(req);43if (!hash) return; // not signed in44await deleteRememberMe(hash);45}46// also delete any security relevant cookies for safety and to avoid confusion.47res.clearCookie(REMEMBER_ME_COOKIE_NAME);48res.clearCookie(ACCOUNT_ID_COOKIE_NAME);49}5051export default apiRoute({52signOut: apiRouteOperation({53method: "POST",54openApiOperation: {55tags: ["Accounts"],56},57})58.input({59contentType: "application/json",60body: AccountSignOutInputSchema,61})62.outputs([63{64status: 200,65contentType: "application/json",66body: AccountSignOutOutputSchema,67},68])69.handler(handle),70});717273