import { json } from '@sveltejs/kit';
import prisma from '$lib/server/prisma';
import { secure } from '$lib/server/utils'; // so it matches login's secure flag

export const POST = async ({ cookies, locals: { user } }) => {
	if (user?.id) {
		try {
			// Nullify the refresh token in DB — prevents re-use
			await prisma.user.update({
				where: { id: user.id },
				data: { refreshToken: null }
			});
		} catch (e) {
			console.error('Failed to clear refresh token:', e);
		}
	}

	// Clear cookies securely
	cookies.delete('token', { path: '/', secure: secure });
	cookies.delete('refreshToken', { path: '/', secure: secure });

	return json({ message: 'Logged out successfully' });
};