From 13d3a6231d0274bc06ebc93b441bd2e63127b1f7 Mon Sep 17 00:00:00 2001
From: tan <thanos.geo@proton.me>
Date: Wed, 13 Dec 2023 20:28:04 +0200
Subject: [PATCH] fix: logout functionality Added a logout hbs so the view is
 actually rendered - CSRF protection for /logout routes

---
 src/index.ts     | 4 ++++
 views/logout.hbs | 3 +++
 2 files changed, 7 insertions(+)
 create mode 100644 views/logout.hbs

diff --git a/src/index.ts b/src/index.ts
index 4174bfd9..7ec3ad75 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -99,6 +99,10 @@ registerErrorRoute(router)
 router.use("/consent", doubleCsrfProtection)
 router.use("/consent", csrfErrorHandler(invalidCsrfTokenError))
 
+// all routes registered under the /logout path are protected by CSRF
+router.use("/logout", doubleCsrfProtection)
+router.use("/logout", csrfErrorHandler(invalidCsrfTokenError))
+
 registerConsentRoute(router)
 registerLogoutRoute(router)
 
diff --git a/views/logout.hbs b/views/logout.hbs
new file mode 100644
index 00000000..26e6824f
--- /dev/null
+++ b/views/logout.hbs
@@ -0,0 +1,3 @@
+<div id="logout">
+  {{{card}}}
+</div>