feat(api): POST /api/auth/logout
Deletes the session row keyed by the cookie/bearer token and clears the cookie on the client. Best-effort DB delete — logout still succeeds for the client if the row's already gone. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -107,6 +107,11 @@ func RequireUser(pool *pgxpool.Pool) func(http.Handler) http.Handler {
|
||||
}
|
||||
}
|
||||
|
||||
// UserCtxKeyForTest is exported ONLY for tests in sibling packages that need
|
||||
// to inject a dbq.User into request context without going through the
|
||||
// middleware. Do not use this outside _test.go files.
|
||||
func UserCtxKeyForTest() any { return userCtxKey }
|
||||
|
||||
func sessionTokenFromRequest(r *http.Request) string {
|
||||
if c, err := r.Cookie(SessionCookieName); err == nil && c.Value != "" {
|
||||
return c.Value
|
||||
|
||||
Reference in New Issue
Block a user