From 0bc9384b6adac2f15c8eab13f5204f94e39660ee Mon Sep 17 00:00:00 2001
From: jakubmanczak <jakub@manczak.net>
Date: Fri, 13 Mar 2026 12:01:29 +0100
Subject: [PATCH] logout form w/ back to root page

---
 src/api/auth.rs | 6 ++++++
 src/api/mod.rs  | 1 +
 2 files changed, 7 insertions(+)

diff --git a/src/api/auth.rs b/src/api/auth.rs
index 152fa55..fed35b7 100644
--- a/src/api/auth.rs
+++ b/src/api/auth.rs
@@ -53,3 +53,9 @@ pub async fn logout(headers: HeaderMap) -> Result<Response, AuthError> {
     let cookie = format!("{COOKIE_NAME}=revoking; Path=/; HttpOnly; Max-Age=0");
     Ok(([(header::SET_COOKIE, cookie)], "Logged out!").into_response())
 }
+pub async fn logout_form(headers: HeaderMap) -> Result<Response, AuthError> {
+    let mut s = Session::authenticate(&headers)?.required()?;
+    s.revoke(Some(&User::get_by_id(s.user_id)?))?;
+    let cookie = format!("{COOKIE_NAME}=revoking; Path=/; HttpOnly; Max-Age=0");
+    Ok(([(header::SET_COOKIE, cookie)], Redirect::to("/")).into_response())
+}
diff --git a/src/api/mod.rs b/src/api/mod.rs
index f483495..d173700 100644
--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@@ -26,6 +26,7 @@ pub fn api_router() -> Router {
         .route("/api/auth/login", post(auth::login))
         .route("/api/auth/login-form", post(auth::login_form))
         .route("/api/auth/logout", post(auth::logout))
+        .route("/api/auth/logout-form", post(auth::logout_form))
         // users
         .route("/api/users", get(users::get_all))
         .route("/api/users", post(users::create))