Add logout functionality to helix-front

[kabragaurav]

Summary

• Adds POST /user/logout server route that destroys the Express session and clears the connect.sid cookie
• Adds destroy() to the HelixSession TypeScript interface
• Adds logout() method to Angular UserService
• Replaces the user chip with a mat-menu dropdown offering Sign In and Sign Out
• Adds logout() method to AppComponent with snackbar confirmation

Testing Done

• Manually verified in browser on localhost:4200:
  • Click username chip → dropdown menu shows Sign In and Sign Out with distinct icons
  • Sign In opens LDAP dialog, authenticates as before
  • Sign Out clears session, chip reverts to "Sign In", snackbar confirms
  • After sign out, write operations correctly require re-authentication

helix-ui_logout_flow.mov

No duplicate HTTP calls:

Context

Users had no way to log out or re-authenticate after their identity token expired (~24h), causing 401 errors on write operations while the UI still showed them as logged in. The only workaround was manually clearing cookies in DevTools.

[LZD-PratyushBhatt]

The new template references (currentUser | async) 4 times in the toolbar. Each | async opens its own subscription and getCurrentUser() returns this.http.get(...), so a single page load fires 4 GET
/user/current calls.

Expose currentUser$ = this.service.getCurrentUser().pipe(shareReplay(1)) once and bind to that, or resolve the value into a plain field in ngOnInit. The old template was already noisy, this doubles
it.

[kabragaurav]

Added shareReplay(1) to getCurrentUser() in user.service.ts. All | async pipes now share a single HTTP call per observable instance.

[LZD-PratyushBhatt]

=== 'Sign In' / !== 'Sign In' as a logged-in branch is brittle. If /user/current ever returns null, '', or someone happens to be named "Sign In", the UI breaks. Compute an isLoggedIn boolean (or
isLoggedIn$) and gate the two buttons on that.

[kabragaurav]

Replaced string comparison with an isLoggedIn boolean, derived via tap() on the currentUser observable. Template now uses *ngIf="isLoggedIn" / *ngIf="!isLoggedIn". The tap still checks user !== 'Sign In' internally since the server returns that as the default - changing the server return value risks breaking other consumers.

[LZD-PratyushBhatt]

req.session is typed session?: HelixSession (optional) in d.ts. If a request lands without a session (store flake, tampered cookie, whatever), req.session.destroy(...) throws TypeError and the client
gets a generic 500.

if (!req.session) { 
  res.json(true); 
  return; 
}

[kabragaurav]

Added if (!req.session) guard before destroy() call. Returns res.json(true) early if session is missing.

[LZD-PratyushBhatt]

PR #186 has destroy(callback?: (err?: any) => void): void (optional) which matches express-session's actual signature. This PR has it required. Mirror #186 so the two PRs don't fight over the same
line at merge.

[kabragaurav]

Changed to callback?: (optional) to match express-session's actual signature. Now consistent with #186.

[LZD-PratyushBhatt]

Once #186 lands, AppComponent has a 30s setInterval watching the identity cookie. Your manual Sign Out clears the cookie but doesn't stop that interval. ~30s after the user clicks Sign Out, #186's
watcher detects "no token", pops "Session Expired", calls /logout again, and reloads. User experiences: click Sign Out -> snackbar -> 30s of normal UI -> surprise dialog.

Stop the watcher on manual logout. Either expose a stopExpiryWatch() public method from the watcher logic, or move the handle out of AppComponent into a shared service that both #186 and #184's
logout can drive.

[kabragaurav]

Added clearInterval(this.expiryCheckHandle) at the top of logout() before the API call. Stops the 30s watcher immediately so it won't detect the cleared cookie and fire a surprise dialog.

[LZD-PratyushBhatt]

LGTM