nlcc-itinerary/server/api/auth/logout.post.ts

import { clearAuthCookie, getAuthCookie } from '~/server/utils/auth'
import { clearCsrfCookie } from '~/server/utils/csrf'
import { deleteSession } from '~/server/utils/database'

export default defineEventHandler(async (event) => {
  // Get session token from cookie
  const sessionToken = getAuthCookie(event)

  // Delete session from database if it exists
  if (sessionToken) {
    deleteSession(sessionToken)
  }

  // Clear both auth and CSRF cookies
  clearAuthCookie(event)
  clearCsrfCookie(event)

  return {
    success: true
  }
})