web/app/[lang]/(live)/(protected)/logout/route.ts

import { createActionURL } from "@auth/core"
import { cookies,headers as nextHeaders } from "next/headers"
import { NextRequest, NextResponse } from "next/server"
import { AuthError } from "next-auth"

import { Lang } from "@/constants/languages"
import { env } from "@/env/server"
import { internalServerError } from "@/server/errors/next"

import { signOut } from "@/auth"

export async function GET(
  request: NextRequest,
  context: { params: { lang: Lang } }
) {
  let redirectTo: string = ""

  const returnUrl = request.headers.get("x-returnurl")

  if (returnUrl) {
    // Seamless logout request from Current web
    redirectTo = returnUrl
  } else {
    try {
      // Initiate the seamless logout flow
      let redirectUrlValue
      switch (context.params.lang) {
        case Lang.da:
          redirectUrlValue = env.SEAMLESS_LOGOUT_DA
          break
        case Lang.de:
          redirectUrlValue = env.SEAMLESS_LOGOUT_DE
          break
        case Lang.en:
          redirectUrlValue = env.SEAMLESS_LOGOUT_EN
          break
        case Lang.fi:
          redirectUrlValue = env.SEAMLESS_LOGOUT_FI
          break
        case Lang.no:
          redirectUrlValue = env.SEAMLESS_LOGOUT_NO
          break
        case Lang.sv:
          redirectUrlValue = env.SEAMLESS_LOGOUT_SV
          break
      }
      const redirectUrl = new URL(redirectUrlValue)
      redirectTo = redirectUrl.toString()
    } catch (e) {
      console.error(
        "Unable to create URL for seamless logout, proceeding without it."
      )
      console.error(e)
    }
  }

  try {
    /**
     * Passing `redirect: false` to `signOut` will return a result object
     * instead of automatically redirecting inside of `signOut`.
     * https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L104
     */
    console.log({ logout_NEXTAUTH_URL: process.env.NEXTAUTH_URL })
    console.log({ logout_env: process.env })

    const cookieStore = cookies()
    cookieStore.set("_SecureMFA-token", "", { maxAge: 0 })
    const headers = new Headers(nextHeaders())
    const signOutURL = createActionURL(
      "signout",
      // @ts-expect-error `x-forwarded-proto` is not nullable, next.js sets it by default
      headers.get("x-forwarded-proto"),
      headers,
      process.env
    )

    console.log({ logout_signOutURL: signOutURL })

    // Redirect to Curity logout
    const curityLogoutUrl = `${env.CURITY_ISSUER_USER}/authn/authenticate/logout?redirect_uri=${encodeURIComponent(redirectTo)}`

    console.log({ logout_redirectTo: curityLogoutUrl })

    const redirectUrlObj = await signOut({
      redirectTo: curityLogoutUrl,
      redirect: false,
    })

    if (redirectUrlObj) {
      return NextResponse.redirect(redirectUrlObj.redirect)
    }
  } catch (error) {
    if (error instanceof AuthError) {
      console.log({ signOutAuthError: error })
    } else {
      console.log({ signOutError: error })
    }
  }

  return internalServerError()
}