import { destroySession } from "@/lib/auth/session";
import { withErrorHandling, json } from "@/lib/api/errors";

/**
 * Next.js Route Handler caching configuration (RHL-006):
 *
 * We force this route to execute dynamically on every request.
 *
 * Reasons:
 * - NAS contents can change at any time (new scans).
 * - Auth/RBAC-protected responses must not be cached/shared across users.
 * - We rely on a small storage-layer TTL micro-cache instead of Next route caching.
 */
export const dynamic = "force-dynamic";

/**
 * GET /api/auth/logout
 *
 * Destroys the current session by clearing the auth cookie.
 * Always returns { ok: true } on success.
 *
 * Note:
 * - This endpoint is intentionally idempotent.
 * - If there is no cookie, destroySession() still sets an empty cookie.
 */
export const GET = withErrorHandling(
	async function GET() {
		await destroySession();
		return json({ ok: true }, 200);
	},
	{ logPrefix: "[api/auth/logout]" }
);