Implement logout functionality in LogoutController with cookie expiration for access and refresh tokens

This commit updates the logout method in the LogoutController to revoke the user's access token and set cookies for both access and refresh tokens to expire immediately. It includes environment-based cookie settings for enhanced security, ensuring a proper logout process and improved user experience.

Author: Level237

app/Http/Controllers/Auth/LogoutController.php

@@ -2,8 +2,9 @@
 
 namespace App\Http\Controllers\Auth;
 
-use App\Http\Controllers\Controller;
+use Carbon\Carbon;
 use Illuminate\Http\Request;
+use App\Http\Controllers\Controller;
 use Illuminate\Support\Facades\Auth;
 
 
@@ -12,6 +13,21 @@ class LogoutController extends Controller
     public function logout(){
        $user = Auth::guard('api')->user();
         $user->token()->revoke();
-        return response()->json(['message'=>"Logout successfully"]);
+        $domain = (config('app.env') === 'production') ? '.akevas.com' : null;
+    $secure = config('app.env') === 'production';
+    
+    // 3. Définir la date d'expiration dans le passé (expire immédiatement)
+    $pastExpiration = Carbon::now()->subMinutes(5)->timestamp;
+
+    // 4. Construire la réponse (statut 204 No Content est courant pour le logout)
+    return response()->noContent(204)
+        // 5. Faire expirer l'accessToken
+        ->cookie('accessToken', null, 
+            $pastExpiration, 
+            '/', $domain, $secure, true, false, 'none') // Utiliser les mêmes paramètres que la pose
+        // 6. Faire expirer le refreshToken
+        ->cookie('refreshToken', null, 
+            $pastExpiration, 
+            '/', $domain, $secure, true, false, 'none');
     }
 }