add username change and logout

author: l3wdfut4pwr <l3wdfut4pwr@gmail.com> 2026-04-27 13:45:09 +0300
committer: l3wdfut4pwr <l3wdfut4pwr@gmail.com> 2026-04-27 13:45:09 +0300
commit: 4848a9e9394b283022085a6305d00f94b11cd703 (patch)
tree: d7ba45885f110e8ded4af20bc98b9f88f75b1f4a /app/routes/auth/logout.py
parent: f1842be3bfabe7850d33662da2da377676144c48 (diff)
1 files changed, 35 insertions, 0 deletions
diff --git a/app/routes/auth/logout.py b/app/routes/auth/logout.py
new file mode 100644
index 0000000..a55ea9e
--- /dev/null
+++ b/app/routes/auth/logout.py
@@ -0,0 +1,35 @@
+from fastapi import APIRouter, Depends, Response
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.auth.dependencies import get_current_user
+from app.models.user import User
+from app.utils.db import get_async_session
+from app.utils.logger_cfg import logger
+
+router = APIRouter(tags=["auth"])
+
+
+COOKIE_KWARGS = {
+    "httponly": True,
+    "secure": False,
+    "samesite": "lax",
+    "path": "/",
+}
+
+
+@router.post("/logout")
+async def logout(
+    response: Response,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(get_current_user),
+):
+    response.delete_cookie("access_token", **COOKIE_KWARGS)
+    response.delete_cookie("refresh_token", **COOKIE_KWARGS)
+
+    user.token_version += 1
+    session.add(user)
+    await session.commit()
+
+    logger.info("User logged out everywhere | user_id={}", user.id)
+
+    return {"message": "Logged out successfully"}
author	l3wdfut4pwr <l3wdfut4pwr@gmail.com>	2026-04-27 13:45:09 +0300
committer	l3wdfut4pwr <l3wdfut4pwr@gmail.com>	2026-04-27 13:45:09 +0300
commit	4848a9e9394b283022085a6305d00f94b11cd703 (patch)
tree	d7ba45885f110e8ded4af20bc98b9f88f75b1f4a /app/routes/auth/logout.py
parent	f1842be3bfabe7850d33662da2da377676144c48 (diff)