various multi tenant improvements (#2803)

* various multi tenant improvements

* nit

* ensure consistent db session operations

* minor robustification

web/src/app/auth/logout/route.ts

@@ -1,3 +1,4 @@
+import { CLOUD_ENABLED } from "@/lib/constants";
 import { getAuthTypeMetadataSS, logoutSS } from "@/lib/userSS";
 import { NextRequest } from "next/server";
 
@@ -6,8 +7,38 @@ export const POST = async (request: NextRequest) => {
   // Needed since env variables don't work well on the client-side
   const authTypeMetadata = await getAuthTypeMetadataSS();
   const response = await logoutSS(authTypeMetadata.authType, request.headers);
-  if (!response || response.ok) {
+
+  if (response && !response.ok) {
+    return new Response(response.body, { status: response?.status });
+  }
+
+  // Delete cookies only if cloud is enabled (jwt auth)
+  if (CLOUD_ENABLED) {
+    const cookiesToDelete = ["fastapiusersauth", "tenant_details"];
+    const cookieOptions = {
+      path: "/",
+      secure: process.env.NODE_ENV === "production",
+      httpOnly: true,
+      sameSite: "lax" as const,
+    };
+
+    // Logout successful, delete cookies
+    const headers = new Headers();
+
+    cookiesToDelete.forEach((cookieName) => {
+      headers.append(
+        "Set-Cookie",
+        `${cookieName}=; Max-Age=0; ${Object.entries(cookieOptions)
+          .map(([key, value]) => `${key}=${value}`)
+          .join("; ")}`
+      );
+    });
+
+    return new Response(null, {
+      status: 204,
+      headers: headers,
+    });
+  } else {
     return new Response(null, { status: 204 });
   }
-  return new Response(response.body, { status: response?.status });
 };

web/src/lib/constants.ts

@@ -58,6 +58,7 @@ export const DISABLE_LLM_DOC_RELEVANCE =
 
 export const CLOUD_ENABLED =
   process.env.NEXT_PUBLIC_CLOUD_ENABLED?.toLowerCase() === "true";
+
 export const REGISTRATION_URL =
   process.env.INTERNAL_URL || "http://127.0.0.1:3001";