import { NextRequest, NextResponse } from 'next/server';

/**
 * API endpoint to mark that a logout has occurred
 * This sets a server-side cookie that will force the login prompt on next sign-in
 * 
 * This ensures that after logout, users are asked for credentials even if
 * a Keycloak SSO session still exists.
 */
export async function POST(request: NextRequest) {
  try {
    const response = NextResponse.json({ 
      success: true,
      message: 'Logout marked successfully'
    });
    
    // Set HttpOnly cookie to mark logout (5 minutes)
    // This cookie will be checked in signin page to force prompt=login
    response.cookies.set('force_login_prompt', 'true', {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'lax',
      path: '/',
      maxAge: 300 // 5 minutes
    });
    
    return response;
  } catch (error) {
    console.error('Error marking logout:', error);
    return NextResponse.json(
      { error: 'Internal server error', message: error instanceof Error ? error.message : 'Unknown error' },
      { status: 500 }
    );
  }
}