/* global defineEventHandler, createError, getCookie, deleteCookie */

import { isAuthorised } from "../middleware/auth";
import { database } from "../utils/database";
import { cookieSettings } from "../utils/rootUtils";

export default defineEventHandler(async (e) => {
  const token = getCookie(e, "token");
  if (token === undefined) {
    throw createError({
      statusCode: 401,
      data: "You can't log out if you're already logged out (no session cookie)",
    });
  }

  deleteCookie(e, "token", cookieSettings);
  if (!await isAuthorised(token)) {
    throw createError({
      statusCode: 401,
      message: "You can't log out if you're already logged out (session expired or never existed)",
    });
  }

  database.query(
    "DELETE FROM `sessions` WHERE `id` = ?",
    [token],
  );
  return { message: "Logged out" };
});