Hornwitser
f4e4dc9f11
If an anonymous session is detected as taken the logic preventing the session from being accidentally deleted would also prevent the user from recovering from a taken anonymous session.
22 lines
668 B
TypeScript
22 lines
668 B
TypeScript
/*
|
|
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
|
|
SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
import { readUsers } from "~/server/database";
|
|
import { cancelSessionStreams } from "~/server/streams";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const session = await getServerSession(event, true);
|
|
if (session) {
|
|
const users = await readUsers();
|
|
const account = users.find(user => user.id === session.accountId);
|
|
if (account?.type === "anonymous" && session.successor === undefined) {
|
|
throw createError({
|
|
status: 409,
|
|
message: "Cannot log out of an anonymous account",
|
|
});
|
|
}
|
|
}
|
|
|
|
await clearServerSession(event);
|
|
})
|