Jennie Robinson Faber
b7279f57d1
- Add centralized Zod schemas (server/utils/schemas.js) and validateBody utility for all API endpoints - Fix critical mass assignment in member creation: raw body no longer passed to new Member(), only validated fields (email, name, circle, contributionTier) are accepted - Apply Zod validation to login, profile patch, event registration, updates, verify-payment, and admin event creation endpoints - Fix logout cookie flags to match login (httpOnly: true, secure conditional on NODE_ENV) - Delete unauthenticated test/debug endpoints (test-connection, test-subscription, test-bot) - Remove sensitive console.log statements from Helcim and member endpoints - Remove unused bcryptjs dependency - Add 10MB file size limit on image uploads - Use runtime config for JWT secret across all endpoints - Add 38 validation tests (117 total, all passing)
11 lines
No EOL
354 B
JavaScript
11 lines
No EOL
354 B
JavaScript
export default defineEventHandler(async (event) => {
|
|
// Clear the auth token cookie (flags must match login for proper clearing)
|
|
setCookie(event, 'auth-token', '', {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production',
|
|
sameSite: 'lax',
|
|
maxAge: 0 // Expire immediately
|
|
})
|
|
|
|
return { message: 'Logged out successfully' }
|
|
}) |