From d1be3ef67a4e403dc9ee76d97b156eda57adafff Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Tue, 6 Feb 2024 02:29:07 -0800
Subject: feat: stronger logout

---
 src/routes/api/authentication/log-out/+server.ts | 10 +++++++++-
 src/routes/api/oauth/refresh/+server.ts          |  5 ++---
 2 files changed, 11 insertions(+), 4 deletions(-)

(limited to 'src/routes/api')

diff --git a/src/routes/api/authentication/log-out/+server.ts b/src/routes/api/authentication/log-out/+server.ts
index 22ef49d8..e3ce347a 100644
--- a/src/routes/api/authentication/log-out/+server.ts
+++ b/src/routes/api/authentication/log-out/+server.ts
@@ -1,7 +1,15 @@
+import root from '$lib/Utility/root.js';
 import { redirect } from '@sveltejs/kit';
 
 export const GET = ({ cookies }) => {
 	cookies.delete('user', { path: '/' });
+	cookies.set('logout', '1', {
+		path: '/',
+		maxAge: 60 * 60 * 24 * 7,
+		httpOnly: false,
+		sameSite: 'lax',
+		secure: false
+	});
 
-	throw redirect(303, '/');
+	throw redirect(303, root('/'));
 };
diff --git a/src/routes/api/oauth/refresh/+server.ts b/src/routes/api/oauth/refresh/+server.ts
index 8bfac6e6..b2b36db2 100644
--- a/src/routes/api/oauth/refresh/+server.ts
+++ b/src/routes/api/oauth/refresh/+server.ts
@@ -1,4 +1,3 @@
-import { dev } from '$app/environment';
 import { env } from '$env/dynamic/private';
 import { env as env2 } from '$env/dynamic/public';
 import { redirect } from '@sveltejs/kit';
@@ -21,9 +20,9 @@ export const GET = async ({ url, cookies }) => {
 	cookies.set('user', JSON.stringify(newUser), {
 		path: '/',
 		maxAge: 60 * 60 * 24 * 7,
-		httpOnly: true,
+		httpOnly: false,
 		sameSite: 'lax',
-		secure: !dev
+		secure: false
 	});
 
 	if (url.searchParams.get('redirect')) throw redirect(303, '/');
-- 
cgit v1.2.3