37 lines
1.1 KiB
TypeScript
37 lines
1.1 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
|
|
/**
|
|
* API endpoint to mark that a logout has occurred
|
|
* This sets a server-side cookie that will force the login prompt on next sign-in
|
|
*
|
|
* This ensures that after logout, users are asked for credentials even if
|
|
* a Keycloak SSO session still exists.
|
|
*/
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const response = NextResponse.json({
|
|
success: true,
|
|
message: 'Logout marked successfully'
|
|
});
|
|
|
|
// Set HttpOnly cookie to mark logout (5 minutes)
|
|
// This cookie will be checked in signin page to force prompt=login
|
|
response.cookies.set('force_login_prompt', 'true', {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'lax',
|
|
path: '/',
|
|
maxAge: 300 // 5 minutes
|
|
});
|
|
|
|
return response;
|
|
} catch (error) {
|
|
console.error('Error marking logout:', error);
|
|
return NextResponse.json(
|
|
{ error: 'Internal server error', message: error instanceof Error ? error.message : 'Unknown error' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|
|
|