From d577b9d057927e1062b5b00d886351537c236385 Mon Sep 17 00:00:00 2001 From: Uzurka <101745008+Uzurka@users.noreply.github.com> Date: Fri, 28 Apr 2023 22:33:06 +0200 Subject: [PATCH] fix(api): logout (#415) * Fixed logout Fixed users can't logout * Update logout.js * Fix ESLint --- src/routes/auth/logout.js | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/routes/auth/logout.js b/src/routes/auth/logout.js index 22fc77c..3e8b164 100644 --- a/src/routes/auth/logout.js +++ b/src/routes/auth/logout.js @@ -1,13 +1,22 @@ +const { domain } = require('../../lib/http'); + module.exports.get = fastify => ({ handler: async function (req, res) { + const { accessToken } = req.user; + await fetch('https://discord.com/api/oauth2/token/revoke', { - body: new URLSearchParams({ token: req.user.accessToken }).toString(), + body: new URLSearchParams({ token: accessToken }).toString(), headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, method: 'POST', }); - res - .clearCookie('token', '/') - .send('The token has been revoked.'); + + res.clearCookie('token', { + domain, + httpOnly: true, + path: '/', + sameSite: 'Lax', + secure: false, + }).send('The token has been revoked.'); }, onRequest: [fastify.authenticate], });