harheimertc/server/api/auth/logout.post.js

import { deleteSession, revokeRefreshSession } from '../../utils/auth.js'

export default defineEventHandler(async (event) => {
  try {
    const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
    const body = await readBody(event)
    const refreshToken = body?.refreshToken

    if (token) {
      await deleteSession(token)
    }
    if (refreshToken) {
      await revokeRefreshSession(refreshToken)
    }

    // Delete cookie
    deleteCookie(event, 'auth_token')

    return {
      success: true,
      message: 'Erfolgreich abgemeldet'
    }
  } catch (error) {
    console.error('Logout-Fehler:', error)
    throw createError({
      statusCode: 500,
      message: 'Abmeldung fehlgeschlagen'
    })
  }
})