hardened login / logout flow

author: Daniel Hader <[email protected]> 2026-05-30 12:59:21 -0500
committer: Daniel Hader <[email protected]> 2026-05-30 12:59:21 -0500
commit: bcff4d006a0600ecf86f18ecdaa74e0df31766f0 (patch)
tree: 5889f48f0c7d348d0bfe6240ab5136cd710d4ce4 /static/main.js
parent: 929be68e691c1c4015fc6874111b19b9f5d68c02 (diff)
1 files changed, 7 insertions, 5 deletions
diff --git a/static/main.js b/static/main.js
index da3a9d3..4af948a 100644
--- a/static/main.js
+++ b/static/main.js
@@ -2,18 +2,20 @@ async function me() {
     const response = await fetch("/me");
     if (response.ok) {
         const result = await response.json();
-        const span = document.getElementById("logged-in");
         // this is technically a XSS risk (TODO: deal with it)
         // in principle it only affects the person who chose their username, but...
-        span.innerHTML = `Logged in as ${result.username}`;
-        span.hidden = false;
+        document.getElementById("logged-in").innerHTML = `Logged in as ${result.username}`;
+        document.getElementById("logout-links").hidden = false;
     } else {
         document.getElementById("login-links").hidden = false;
-        console.log("not logged in? No cookie");
-        console.log(response);
     }
 }
 
+async function logout() {
+    const response = await fetch("/logout", {method: "post"});
+    window.location.reload();
+}
+
 async function fetch_problems() {
     const response = await fetch("/problem");
     if (!response.ok) {
author	Daniel Hader <[email protected]>	2026-05-30 12:59:21 -0500
committer	Daniel Hader <[email protected]>	2026-05-30 12:59:21 -0500
commit	bcff4d006a0600ecf86f18ecdaa74e0df31766f0 (patch)
tree	5889f48f0c7d348d0bfe6240ab5136cd710d4ce4 /static/main.js
parent	929be68e691c1c4015fc6874111b19b9f5d68c02 (diff)