Merge pull request #124 from konecty/feat/logout-token-deletion

feat: ensure token deletion on logout
konecty · Mar 15, 2024 · daf2407 · daf2407
2 parents 722658d + 94bb848
commit daf2407
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/src/server/routes/rest/auth/authApi.ts b/src/server/routes/rest/auth/authApi.ts
@@ -107,6 +107,21 @@ export const authApi: FastifyPluginCallback = (fastify, _, done) => {
 			const authTokenId = getAuthTokenIdFromReq(req);
 			const result = await logout(authTokenId);
 
+			const origin = req.headers['origin'];
+
+			if (origin) {
+				const suffix = origin.match(/(\.dev|\.com)(\.br)?/g)?.[0];
+
+				const domainNoSuffix = origin
+					.replace(/https?:\/\//, '')
+					.replace(/:\d+/, '')
+					.replace(/(\.dev|\.com)(\.br)?/g, '')
+					.split('.')
+					.reverse()[0];
+
+				reply.header('set-cookie', `_authTokenId=; Domain=${domainNoSuffix}${suffix}; Version=1; Path=/; Max-Age=0`);
+			}
+
 			reply.header('set-cookie', `_authTokenId=; Version=1; Path=/; Max-Age=0`);
 			return reply.send(result as KonectyResult);
 		} catch (error) {