From d577b9d057927e1062b5b00d886351537c236385 Mon Sep 17 00:00:00 2001
From: Uzurka <101745008+Uzurka@users.noreply.github.com>
Date: Fri, 28 Apr 2023 22:33:06 +0200
Subject: [PATCH] fix(api): logout (#415)

* Fixed logout

Fixed users can't logout

* Update logout.js

* Fix ESLint
---
 src/routes/auth/logout.js | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/routes/auth/logout.js b/src/routes/auth/logout.js
index 22fc77c..3e8b164 100644
--- a/src/routes/auth/logout.js
+++ b/src/routes/auth/logout.js
@@ -1,13 +1,22 @@
+const { domain } = require('../../lib/http');
+
 module.exports.get = fastify => ({
 	handler: async function (req, res) {
+		const { accessToken } = req.user;
+
 		await fetch('https://discord.com/api/oauth2/token/revoke', {
-			body: new URLSearchParams({ token: req.user.accessToken }).toString(),
+			body: new URLSearchParams({ token: accessToken }).toString(),
 			headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
 			method: 'POST',
 		});
-		res
-			.clearCookie('token', '/')
-			.send('The token has been revoked.');
+
+		res.clearCookie('token', {
+			domain,
+			httpOnly: true,
+			path: '/',
+			sameSite: 'Lax',
+			secure: false,
+		}).send('The token has been revoked.');
 	},
 	onRequest: [fastify.authenticate],
 });