<?php
// POST /api/auth/logout.php
// Body: token

require_once __DIR__ . '/../config/db.php';
require_once __DIR__ . '/../config/auth.php';

$token = trim(post('token', ''));
if (!empty($token)) {
    $db = getDB();
    $db->prepare("DELETE FROM user_tokens WHERE token = ?")->execute([$token]);
}

apiSuccess([], 'Logged out successfully.');