<?php require '/src/base.php' ?>
<?php

if ($valid_cookie) {
	$sm = $db->prepare('SELECT access_token, auth_more FROM oauth_tokens WHERE cookie = ?');
	$sm->execute([$cookie]);
	if (($row = $sm->fetchObject()) !== false) {
		switch ($user->account_type)
		{
			case 'mastodon':
				$row->auth_more = @json_decode($row->auth_more);
				if (isset($row->auth_more->result->client_id)) {
					$ch = curl_init($row->auth_more->instance.'/oauth/revoke');
					curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
					curl_setopt($ch, CURLOPT_POSTFIELDS, [
						'client_id'			=> $row->auth_more->result->client_id,
						'client_secret'		=> $row->auth_more->result->client_secret,
						'token'				=> $row->access_token
					]);
					curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
					curl_exec($ch);
					curl_close($ch);
					# we don't care about the output
				}
				break;
		}

		# delete token from database (YES, actually delete)
		$sm = $db->prepare('DELETE FROM oauth_tokens WHERE cookie = ?');
		$sm->execute([$cookie]);
		if ($sm->rowCount() === 1) {
			setcookie('rf_sess', null);
		}
	}
}

header('Location: /');