effendy/antrean-operasi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b122aa6dadeaa94f68ee3a075703bb496afbbac3
antrean-operasi/server/api/auth/logout.post.ts
Yusron alamsyah eeda789acd feat(FE) : start integrate api
2026-02-02 08:13:15 +07:00

110 lines
4.6 KiB
TypeScript
Raw Blame History

// server/api/auth/logout.post.ts
export default defineEventHandler(async (event) => {
try {
const config = useRuntimeConfig();
console.log('🚪 Logout handler called');
// Get the current session to retrieve tokens
const sessionId = getCookie(event, 'user_session');
let idToken = null;
if (sessionId) {
try {
const { getSession, deleteSession } = await import('~/server/utils/sessionStore');
const session = getSession(sessionId);
if (session) {
idToken = session.idToken;
console.log('🔑 ID token found in session:', !!idToken);
// Delete session from store
deleteSession(sessionId);
}
} catch (error) {
console.warn('⚠️ Could not retrieve session:', error);
}
} else {
console.warn('⚠️ No session cookie found');
}
// Clear all auth-related cookies
console.log('🧹 Clearing session cookies...');
deleteCookie(event, 'user_session');
deleteCookie(event, 'oauth_state');
// Also clear with different path variations to be thorough
deleteCookie(event, 'user_session', { path: '/' });
deleteCookie(event, 'oauth_state', { path: '/' });
console.log('✅ Session cleared successfully');
// Construct the Keycloak logout URL with proper parameters
// IMPORTANT: The post_logout_redirect_uri must be registered in Keycloak client settings
// Use custom logout URI from env if provided, otherwise use default
const logoutPath = config.keycloakLogoutUri || `${config.keycloakIssuer}/protocol/openid-connect/logout`;
const logoutUrl = new URL(logoutPath);
// Debug: Log the authUrl and logout URI being used
console.log('🔧 Using authUrl from config:', config.public.authUrl);
if (config.keycloakLogoutUri) {
console.log('🔧 Using custom logout URI from env:', config.keycloakLogoutUri);
} else {
console.log('🔧 Using default logout URI:', logoutPath);
}
// Build the redirect URI - must match what's configured in Keycloak
// Use custom post-logout redirect URI from env if provided, otherwise use just the base URL
// Using base URL (e.g., http://localhost:3005) is more likely to be whitelisted in Keycloak
const postLogoutRedirectUri = config.postLogoutRedirectUri || config.public.authUrl;
if (config.postLogoutRedirectUri) {
console.log('🔧 Using custom post-logout redirect URI from env:', config.postLogoutRedirectUri);
} else {
console.log('🔧 Using base authUrl as post-logout redirect URI:', postLogoutRedirectUri);
}
// Add required parameters for proper Keycloak logout
logoutUrl.searchParams.set('client_id', config.keycloakClientId);
logoutUrl.searchParams.set('post_logout_redirect_uri', postLogoutRedirectUri);
// If we have an ID token, add it for proper session termination
// This ensures Keycloak properly terminates the SSO session
if (idToken) {
logoutUrl.searchParams.set('id_token_hint', idToken);
console.log('🔑 Added id_token_hint to logout URL');
} else {
console.warn('⚠️ No ID token available for logout hint - logout may not fully terminate Keycloak session');
}
console.log('🔗 Keycloak logout URL constructed:', logoutUrl.toString());
console.log('📍 Post-logout redirect URI:', postLogoutRedirectUri);
console.log('⚠️ Make sure this redirect URI is configured in Keycloak client settings!');
// Return the logout URL to the client for redirect
// This approach gives better control to the client-side code
return {
success: true,
logoutUrl: logoutUrl.toString(),
message: 'Session cleared successfully'
};
} catch (error: any) {
console.error('❌ Logout error:', error);
console.error('❌ Error stack:', error.stack);
// Even if there's an error, try to provide a basic logout URL
const config = useRuntimeConfig();
const postLogoutRedirectUri = config.postLogoutRedirectUri || config.public.authUrl;
const logoutPath = config.keycloakLogoutUri || `${config.keycloakIssuer}/protocol/openid-connect/logout`;
const fallbackLogoutUrl = new URL(logoutPath);
fallbackLogoutUrl.searchParams.set('client_id', config.keycloakClientId);
fallbackLogoutUrl.searchParams.set('post_logout_redirect_uri', postLogoutRedirectUri);
console.warn('⚠️ Using fallback logout URL due to error');
return {
success: false,
logoutUrl: fallbackLogoutUrl.toString(),
error: 'Logout encountered an error, but providing fallback logout URL',
message: error.message
};
}
});
Reference in New Issue View Git Blame Copy Permalink