<?php
namespace Misuzu;

use Misuzu\Auth\AuthTokenCookie;

$authInfo = $msz->getAuthInfo();
if($authInfo->isLoggedIn()) {
    if(!CSRF::validateRequest()) {
        Template::render('auth.logout');
        return;
    }

    $tokenInfo = $authInfo->getTokenInfo();

    $authCtx = $msz->getAuthContext();
    $authCtx->getSessions()->deleteSessions(sessionTokens: $tokenInfo->getSessionToken());

    $tokenBuilder = $tokenInfo->toBuilder();
    $tokenBuilder->removeUserId();
    $tokenBuilder->removeSessionToken();
    $tokenBuilder->removeImpersonatedUserId();
    $tokenInfo = $tokenBuilder->toInfo();

    AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
}

Tools::redirect($msz->getURLs()->format('index'));;