| 1234567891011121314151617181920212223242526272829303132 |
- import { destroySession } from "@/lib/auth/session";
- import { withErrorHandling, json } from "@/lib/api/errors";
- /**
- * Next.js Route Handler caching configuration (RHL-006):
- *
- * We force this route to execute dynamically on every request.
- *
- * Reasons:
- * - NAS contents can change at any time (new scans).
- * - Auth/RBAC-protected responses must not be cached/shared across users.
- * - We rely on a small storage-layer TTL micro-cache instead of Next route caching.
- */
- export const dynamic = "force-dynamic";
- /**
- * GET /api/auth/logout
- *
- * Destroys the current session by clearing the auth cookie.
- * Always returns { ok: true } on success.
- *
- * Note:
- * - This endpoint is intentionally idempotent.
- * - If there is no cookie, destroySession() still sets an empty cookie.
- */
- export const GET = withErrorHandling(
- async function GET() {
- await destroySession();
- return json({ ok: true }, 200);
- },
- { logPrefix: "[api/auth/logout]" }
- );
|
