<?php
// logout.php — تسجيل الخروج الآمن وإلغاء التوكن

require_once __DIR__ . '/connect.php';

try {
    $jwtService = new JwtService($redis);
    $decoded = $jwtService->authenticate();

    $jti = $decoded->jti ?? null;
    $exp = $decoded->exp ?? 0;
    $remaining = $exp - time();

    if ($jti && $remaining > 0) {
        $jwtService->revokeToken($jti, $remaining);
        securityLog("User logged out and token revoked", ['user_id' => $decoded->user_id, 'jti' => $jti]);
    }

    jsonSuccess(null, "Logged out successfully");

} catch (Exception $e) {
    jsonError("Logout failed", 500);
}