29 lines
882 B
TypeScript
29 lines
882 B
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { db } from "@/lib/db";
|
|
import { hashToken, revokeRefreshTokenFamily } from "@/lib/mobileTokens";
|
|
|
|
export async function POST(req: NextRequest) {
|
|
const authHeader = req.headers.get("authorization");
|
|
const accessToken = authHeader?.match(/^Bearer\s+(.+)$/i)?.[1];
|
|
const { refreshToken } = await req.json().catch(() => ({}));
|
|
|
|
if (accessToken) {
|
|
await db.session.deleteMany({
|
|
where: { sessionToken: accessToken },
|
|
});
|
|
}
|
|
|
|
if (typeof refreshToken === "string" && refreshToken.trim()) {
|
|
const token = await db.refreshToken.findUnique({
|
|
where: { tokenHash: hashToken(refreshToken.trim()) },
|
|
select: { userId: true, familyId: true },
|
|
});
|
|
|
|
if (token) {
|
|
await revokeRefreshTokenFamily(token.userId, token.familyId);
|
|
}
|
|
}
|
|
|
|
return NextResponse.json({ ok: true });
|
|
}
|