feat(api): POST /api/auth/logout

Deletes the session row keyed by the cookie/bearer token and
clears the cookie on the client. Best-effort DB delete — logout
still succeeds for the client if the row's already gone.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
2026-04-20 22:07:16 -04:00
parent 2f2dfa86df
commit 8537821d29
4 changed files with 91 additions and 5 deletions
+1 -5
View File
@@ -35,11 +35,7 @@ type handlers struct {
}
// Stub handlers so Mount() compiles. Real implementations in later tasks
// replace these in place (Task 7 logout, Task 8 me).
func (h *handlers) handleLogout(w http.ResponseWriter, r *http.Request) {
writeErr(w, http.StatusNotImplemented, "not_implemented", "logout not wired")
}
// replace these in place (Task 8 me).
func (h *handlers) handleGetMe(w http.ResponseWriter, r *http.Request) {
writeErr(w, http.StatusNotImplemented, "not_implemented", "me not wired")