refactor: Refactor custom logout endpoint to be closer on original payload code

CrawlerCode · CrawlerCode · commit 9400c13c7406 · 2025-03-26T23:30:26.000+01:00
diff --git a/packages/payload-authjs/src/payload/collection/endpoints/logout.ts b/packages/payload-authjs/src/payload/collection/endpoints/logout.ts
@@ -1,6 +1,8 @@
 import NextAuth from "next-auth";
+import type { Endpoint, PayloadRequest } from "payload";
+import { generateExpiredPayloadCookie, headersWithCors, logoutOperation } from "payload";
+
 import { NextResponse } from "next/server";
-import { APIError, type Endpoint, generateExpiredPayloadCookie, headersWithCors } from "payload";
 import { withPayload } from "../../../authjs/withPayload";
 import { AUTHJS_STRATEGY_NAME } from "../../AuthjsAuthStrategy";
 import type { AuthjsPluginConfig } from "../../plugin";
@@ -17,72 +19,87 @@ export const logoutEndpoint: (pluginOptions: AuthjsPluginConfig) => Endpoint = p
   method: "post",
   path: "/logout",
   handler: async req => {
-    const { config: collection } = getRequestCollection(req);
+    // --- Payload cms default logic ---
+    const collection = getRequestCollection(req);
+    const { t } = req;
+    const result = await logoutOperation({
+      collection,
+      req,
+    });
 
-    if (!req.user) {
-      throw new APIError("No User", 400);
-    }
+    const headers = headersWithCors({
+      headers: new Headers(),
+      req,
+    });
 
-    if (req.user.collection !== collection.slug) {
-      throw new APIError("Incorrect collection", 403);
+    if (!result) {
+      return Response.json(
+        {
+          message: t("error:logoutFailed"),
+        },
+        {
+          headers,
+          status: 500,
+        },
+      );
     }
 
-    // Create response with cors headers
+    const expiredCookie = generateExpiredPayloadCookie({
+      collectionAuthConfig: collection.config.auth,
+      config: req.payload.config,
+      cookiePrefix: req.payload.config.cookiePrefix,
+    });
+
+    headers.set("Set-Cookie", expiredCookie);
+
     const response = NextResponse.json(
       {
-        message: req.t("authentication:logoutSuccessful"),
+        message: t("authentication:logoutSuccessful"),
       },
       {
-        headers: headersWithCors({
-          headers: new Headers(),
-          req,
-        }),
+        headers,
+        status: 200,
       },
     );
 
-    if (req.user._strategy === AUTHJS_STRATEGY_NAME) {
-      // Generate expired cookies using authjs
-      const { signOut } = NextAuth(
-        withPayload(pluginOptions.authjsConfig, {
-          payload: req.payload,
-          userCollectionSlug: pluginOptions.userCollectionSlug,
-        }),
-      );
-      const { cookies } = (await signOut({ redirect: false })) as {
-        cookies: {
-          name: string;
-          value: string;
-          options: object;
-        }[];
-      };
-
-      // Set cookies on response
-      for (const cookie of cookies) {
-        response.cookies.set(cookie.name, cookie.value, cookie.options);
-      }
-    } else {
-      // Generate an expired cookie using payload cms
-      const expiredCookie = generateExpiredPayloadCookie({
-        collectionAuthConfig: collection.auth,
-        config: req.payload.config,
-        cookiePrefix: req.payload.config.cookiePrefix,
-      });
+    // --- Custom logic ---
 
-      // Set cookie on response
-      response.headers.set("Set-Cookie", expiredCookie);
-    }
-
-    // Execute afterLogout hooks
-    if (collection.hooks?.afterLogout?.length) {
-      for (const hook of collection.hooks.afterLogout) {
-        await hook({
-          collection,
-          context: req.context,
-          req,
-        });
-      }
+    // If the user is authenticated using authjs, we need to destroy the authjs session cookie
+    if (req.user?._strategy === AUTHJS_STRATEGY_NAME) {
+      await destroyAuthjsSessionCookie(req, response, pluginOptions);
     }
 
     return response;
   },
 });
+
+/**
+ * Destroy the authjs session cookie
+ */
+const destroyAuthjsSessionCookie = async (
+  req: PayloadRequest,
+  response: NextResponse,
+  pluginOptions: AuthjsPluginConfig,
+) => {
+  // Create authjs instance
+  const { signOut } = NextAuth(
+    withPayload(pluginOptions.authjsConfig, {
+      payload: req.payload,
+      userCollectionSlug: pluginOptions.userCollectionSlug,
+    }),
+  );
+
+  // Generate expired cookies using authjs
+  const { cookies } = (await signOut({ redirect: false })) as {
+    cookies: {
+      name: string;
+      value: string;
+      options: object;
+    }[];
+  };
+
+  // Set cookies on response
+  for (const cookie of cookies) {
+    response.cookies.set(cookie.name, cookie.value, cookie.options);
+  }
+};
