refactor(auth): relocate logout handler to main.js

public/js/auth.js

@@ -437,27 +437,7 @@ function initAuth() {
       submitLogin(formData);
     });
   }
-  // handle ?logout=1 query
-  const params = new URLSearchParams(window.location.search);
-  if (params.get('logout') === '1') {
-    localStorage.removeItem("username");
-    localStorage.removeItem("userTOTPEnabled");
-  }
   
-  // attach logout button listener
-  document.addEventListener('DOMContentLoaded', () => {
-    const btn = document.getElementById('logoutBtn');
-    if (!btn) return;
-    btn.addEventListener('click', () => {
-      fetch('/api/auth/logout.php', {
-        method: 'POST',
-        credentials: 'include',
-        headers: { 'X-CSRF-Token': window.csrfToken }
-      })
-        .then(() => window.location.reload(true))
-        .catch(() => { });
-    });
-  });
   document.getElementById("addUserBtn").addEventListener("click", function () {
     resetUserForm();
     toggleVisibility("addUserModal", true);

public/js/main.js

@@ -48,6 +48,27 @@ export function loadCsrfToken() {
     });
 }
 
+// 1) Immediately clear “?logout=1” flag
+const params = new URLSearchParams(window.location.search);
+if (params.get('logout') === '1') {
+  localStorage.removeItem("username");
+  localStorage.removeItem("userTOTPEnabled");
+}
+
+// 2) Wire up logoutBtn right away
+const logoutBtn = document.getElementById("logoutBtn");
+if (logoutBtn) {
+  logoutBtn.addEventListener("click", () => {
+    fetch("/api/auth/logout.php", {
+      method: "POST",
+      credentials: "include",
+      headers: { "X-CSRF-Token": window.csrfToken }
+    })
+      .then(() => window.location.reload(true))
+      .catch(() => {});
+  });
+}
+
 
 // Expose functions for inline handlers.
 window.sendRequest = sendRequest;