fix(api): logout (#415)

* Fixed logout Fixed users can't logout * Update logout.js * Fix ESLint
discord-tickets · Apr 28, 2023 · d577b9d · d577b9d
1 parent b2a8b03
commit d577b9d
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/src/routes/auth/logout.js b/src/routes/auth/logout.js
@@ -1,13 +1,22 @@
+const { domain } = require('../../lib/http');
+
 module.exports.get = fastify => ({
 	handler: async function (req, res) {
+		const { accessToken } = req.user;
+
 		await fetch('https://discord.com/api/oauth2/token/revoke', {
-			body: new URLSearchParams({ token: req.user.accessToken }).toString(),
+			body: new URLSearchParams({ token: accessToken }).toString(),
 			headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
 			method: 'POST',
 		});
-		res
-			.clearCookie('token', '/')
-			.send('The token has been revoked.');
+
+		res.clearCookie('token', {
+			domain,
+			httpOnly: true,
+			path: '/',
+			sameSite: 'Lax',
+			secure: false,
+		}).send('The token has been revoked.');
 	},
 	onRequest: [fastify.authenticate],
 });