// server/api/auth/logout.post.ts

/**
 * POST /api/auth/logout
 *
 * End user session and perform Single Sign-Out at Cidaas
 *
 * Response:
 * {
 *   "success": true
 * }
 */

export default defineEventHandler(async (event) => {
  try {
    // 1. Get session to retrieve access token
    const session = await getUserSession(event)

    // 2. If access token exists, logout from Cidaas (Single Sign-Out)
    if (session.accessToken) {
      try {
        await logoutFromCidaas(session.accessToken)
      } catch (error) {
        // Log error but continue with local logout
        console.error('Cidaas logout failed, continuing with local logout:', error)
      }
    }

    // 3. Clear local session (nuxt-auth-utils)
    await clearUserSession(event)

    return {
      success: true,
    }
  } catch (error) {
    console.error('Logout error:', error)

    // Clear session even if Cidaas logout fails
    await clearUserSession(event)

    return {
      success: true, // Always return success for logout
    }
  }
})