// Copyright 2023 wanderer // SPDX-License-Identifier: AGPL-3.0-only package handlers import ( "net/http" "github.com/labstack/echo-contrib/session" "github.com/labstack/echo/v4" ) func Logout() echo.HandlerFunc { return func(c echo.Context) error { addHeaders(c) csrf := c.Get("csrf").(string) switch { case c.Request().Method == "POST": sess, _ := session.Get(setting.SessionCookieName(), c) if sess != nil { log.Infof("max-age before logout: %d", sess.Options.MaxAge) sess.Options.MaxAge = -1 if username := sess.Values["username"]; username != nil { sess.Values["username"] = "" } err := sess.Save(c.Request(), c.Response()) if err != nil { c.Logger().Error("could not delete session cookie") } } return c.Redirect(http.StatusMovedPermanently, "/logout") case c.Request().Method == "GET": sess, _ := session.Get(setting.SessionCookieName(), c) if sess != nil { if username := sess.Values["username"]; username != nil { return c.Redirect(http.StatusSeeOther, "/home") } } err := c.Render( http.StatusOK, "logout.tmpl", page{ AppName: setting.AppName(), AppVer: appver, Title: "Logout", CSRF: csrf, DevelMode: setting.IsDevel(), Current: "logout", }, ) if err != nil { c.Logger().Errorf("error: %q", err) return renderErrorPage( c, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), err.Error(), ) } } return nil } }