v0.1.45 - 로그아웃 API와 세션 상태 안내 추가

backend/src/lib/authSession.js

@@ -14,6 +14,10 @@ function getBearerToken(request) {
   return authorization.slice('Bearer '.length).trim()
 }
 
+export function getSessionTokenFromRequest(request) {
+  return getBearerToken(request)
+}
+
 export async function createSession(userId) {
   const token = createSessionToken()
   const tokenHash = hashSessionToken(token)
@@ -68,3 +72,17 @@ export async function findAuthenticatedUser(request) {
 
   return user ?? null
 }
+
+export async function revokeSessionByToken(token) {
+  if (!token) {
+    return false
+  }
+
+  const tokenHash = hashSessionToken(token)
+  const deletedSessions = await db
+    .delete(authSessions)
+    .where(eq(authSessions.tokenHash, tokenHash))
+    .returning({ id: authSessions.id })
+
+  return deletedSessions.length > 0
+}

backend/src/routes/auth.js

@@ -3,7 +3,7 @@ import { z } from 'zod'
 import { db } from '../db/client.js'
 import { authSessions, emailVerificationTokens, passwordResetTokens, users } from '../db/schema.js'
 import { createSessionToken, hashSessionToken, hashPassword, verifyPassword } from '../lib/password.js'
-import { createSession, findAuthenticatedUser } from '../lib/authSession.js'
+import { createSession, findAuthenticatedUser, getSessionTokenFromRequest, revokeSessionByToken } from '../lib/authSession.js'
 import { sendPasswordResetEmail, sendVerificationEmail } from '../lib/mailer.js'
 import { env } from '../config.js'
 
@@ -279,6 +279,22 @@ export async function registerAuthRoutes(app) {
     }
   })
 
+  app.post('/api/auth/logout', async (request, reply) => {
+    const token = getSessionTokenFromRequest(request)
+
+    if (!token) {
+      return reply.code(401).send({
+        message: '인증이 필요합니다.',
+      })
+    }
+
+    await revokeSessionByToken(token)
+
+    return {
+      message: '로그아웃되었습니다.',
+    }
+  })
+
   app.put('/api/auth/profile', async (request, reply) => {
     const user = await findAuthenticatedUser(request)