Merge remote-tracking branch 'origin/main'

SerpentRace_Backend/src/Application/User/commands/LogoutCommandHandler.ts

@@ -17,6 +17,7 @@ export class LogoutCommandHandler {
     try {
       logAuth('Logout process started', userId);
 
+<<<<<<< HEAD
       // 1. Get tokens from request to blacklist them
       let accessTokenToBlacklist: string | null = null;
       let refreshTokenToBlacklist: string | null = null;
@@ -41,10 +42,32 @@ export class LogoutCommandHandler {
       // 2. Blacklist both access and refresh tokens in Redis
       if (accessTokenToBlacklist && req) {
         try {
+=======
+      // 1. Get token from request to blacklist it
+      let tokenToBlacklist: string | null = null;
+      if (req) {
+        // Extract token from cookie
+        tokenToBlacklist = req.cookies['auth_token'];
+        
+        // Also check Authorization header as fallback
+        if (!tokenToBlacklist && req.headers.authorization) {
+          const authHeader = req.headers.authorization;
+          if (authHeader.startsWith('Bearer ')) {
+            tokenToBlacklist = authHeader.substring(7);
+          }
+        }
+      }
+
+      // 2. Blacklist the current JWT token in Redis (if available)
+      if (tokenToBlacklist && req) {
+        try {
+          // Store token in blacklist with expiration matching token expiry
+>>>>>>> 83fad59878db015ec8d86bdec1ecbbca0baddfd2
           const decoded = this.jwtService.verify(req);
           if (decoded && decoded.exp) {
             const ttl = decoded.exp - Math.floor(Date.now() / 1000);
             if (ttl > 0) {
+<<<<<<< HEAD
               await this.redisService.setWithExpiry(`blacklist:${accessTokenToBlacklist}`, 'true', ttl);
               logAuth('Access token blacklisted', userId, { tokenExpiry: ttl });
             }
@@ -74,6 +97,24 @@ export class LogoutCommandHandler {
       if (req) {
         this.jwtService.logout(req, res);
       }
+=======
+              await this.redisService.setWithExpiry(`blacklist:${tokenToBlacklist}`, 'true', ttl);
+              logAuth('JWT token blacklisted', userId, { tokenExpiry: ttl });
+            }
+          }
+        } catch (error) {
+          logWarning('Failed to blacklist token', { userId, error: (error as Error).message });
+        }
+      }
+
+      // 3. Clear authentication cookie
+      res.clearCookie('auth_token', {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'strict',
+        path: '/'
+      });
+>>>>>>> 83fad59878db015ec8d86bdec1ecbbca0baddfd2
 
       // 4. Remove user from active sessions in Redis
       try {