use actix_web::{HttpResponse, web};

use crate::api::response::{ApiEmptyResponse, ApiErrorResponse};
use crate::error::AppError;
use crate::service::AppService;
use crate::session::Session;

#[utoipa::path(
    post,
    path = "/api/v1/auth/logout",
    tag = "Auth",
    operation_id = "authLogout",
    summary = "Log out",
    description = "Clear the user identity and all temporary authentication data from the current session, including captcha, temporary RSA keys, and pending 2FA state. This endpoint is idempotent: unauthenticated users also receive a success response.",
    responses(
        (status = 200, description = "Logged out successfully, or the session was already unauthenticated.", body = ApiEmptyResponse),
        (status = 500, description = "Session persistence failed.", body = ApiErrorResponse)
    )
)]
pub async fn handle(
    service: web::Data<AppService>,
    session: Session,
) -> Result<HttpResponse, AppError> {
    service.auth.auth_logout(&session).await?;
    Ok(HttpResponse::Ok().json(ApiEmptyResponse::ok("logout successful")))
}