From bcff4d006a0600ecf86f18ecdaa74e0df31766f0 Mon Sep 17 00:00:00 2001
From: Daniel Hader <dhader96@gmail.com>
Date: Sat, 30 May 2026 12:59:21 -0500
Subject: hardened login / logout flow

---
 src/main.rs        | 3 ++-
 src/routes/auth.rs | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/main.rs b/src/main.rs
index 0fdd2fb..36ef319 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -10,7 +10,7 @@ use axum::{
 
 use routes::problem::{get_problems, create_problem};
 use routes::user::{create_user, me};
-use routes::auth::login;
+use routes::auth::{login, logout};
 use tower_http::services::ServeDir;
 
 use crate::database::Database;
@@ -41,6 +41,7 @@ async fn main() {
     
     let app = Router::new()
         .route("/login", post(login))
+        .route("/logout", post(logout))
         .route("/problem", get(get_problems))
         .route("/problem", post(create_problem))
         .route("/user", post(create_user))
diff --git a/src/routes/auth.rs b/src/routes/auth.rs
index 979e617..ab7a393 100644
--- a/src/routes/auth.rs
+++ b/src/routes/auth.rs
@@ -111,6 +111,12 @@ pub async fn login(
     Ok(jar.add(cookie))
 }
 
+pub async fn logout(
+    jar: CookieJar,
+) -> Result<impl IntoResponse, RouteError> {
+    Ok(jar.remove(Cookie::from("token")))
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
-- 
cgit v1.2.3