be05724de0
- lib/session.ts: token generatie, SHA-256 hashing, createSession/getCurrentUser/invalidateSession - app/api/auth/login: bcrypt verificatie, session aanmaken, ops_session cookie (httpOnly, sameSite=strict, 24h TTL), rate-limit 5/min per IP - app/api/auth/logout: session invalideren en cookie verwijderen - app/login/page.tsx: login form (client component) - proxy.ts: route-protectie – redirect naar /login zonder sessie (middleware.ts is deprecated in Next.js 16) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
16 lines
463 B
TypeScript
16 lines
463 B
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { cookies } from 'next/headers'
|
|
import { invalidateSession } from '@/lib/session'
|
|
|
|
export async function POST(_request: NextRequest) {
|
|
const cookieStore = await cookies()
|
|
const token = cookieStore.get('ops_session')?.value
|
|
|
|
if (token) {
|
|
await invalidateSession(token)
|
|
}
|
|
|
|
const response = NextResponse.json({ success: true })
|
|
response.cookies.delete('ops_session')
|
|
return response
|
|
}
|