sam-react-prod/src/app/api/auth/logout/route.ts

import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

/**
 * Logout Proxy Route Handler
 *
 * Purpose:
 * - Call PHP backend logout API
 * - Clear HttpOnly cookie
 * - Ensure complete session cleanup
 */
export async function POST(request: NextRequest) {
  try {
    // Get token from HttpOnly cookie
    const token = request.cookies.get('user_token')?.value;

    if (token) {
      // Call PHP backend logout API
      try {
        await fetch(`${process.env.NEXT_PUBLIC_API_URL}/api/v1/logout`, {
          method: 'POST',
          headers: {
            'Content-Type': 'application/json',
            'Accept': 'application/json',
            'Authorization': `Bearer ${token}`,
            'X-API-KEY': process.env.NEXT_PUBLIC_API_KEY || '',
          },
        });
        console.log('✅ Backend logout API called successfully');
      } catch (error) {
        console.warn('⚠️ Backend logout API failed (continuing with cookie deletion):', error);
      }
    }

    // Clear HttpOnly cookie
    const cookieOptions = [
      'user_token=',
      'HttpOnly',
      'Secure',
      'SameSite=Strict',
      'Path=/',
      'Max-Age=0',  // Delete immediately
    ].join('; ');

    console.log('✅ Logout complete - HttpOnly cookie cleared');

    return NextResponse.json(
      { message: 'Logged out successfully' },
      {
        status: 200,
        headers: {
          'Set-Cookie': cookieOptions,
        },
      }
    );

  } catch (error) {
    console.error('Logout proxy error:', error);
    return NextResponse.json(
      { error: 'Internal server error' },
      { status: 500 }
    );
  }
}