obsidian-visualiser/server/api/admin/user/[id]/logout.post.ts

import { hasPermissions } from "#shared/auth.util";
import useDatabase from '~/composables/useDatabase';
import { and, eq, notInArray } from "drizzle-orm";
import { z } from "zod";
import { userSessionsTable } from "~/db/schema";

const schema = z.array(z.string());

export default defineEventHandler(async (e) => {
    const session = await getUserSession(e);

    if(!session || !session.user || !hasPermissions(session.user.permissions, ['admin']))
    {
        throw createError({
            statusCode: 401,
            message: 'Unauthorized',
        });
    }

    const param = getRouterParam(e, 'id');

    if(!param)
    {
        throw createError({
            statusCode: 403,
            message: 'Forbidden',
        });
    }

    try {
        const id = parseInt(param, 10);

        const db = useDatabase();
        db.delete(userSessionsTable).where(eq(userSessionsTable.user_id, id)).run();
    } catch(e) {
        console.error(e);

        throw e;
    }
});