This document lists code and features that were added during development/debugging that might be candidates for cleanup or removal in the future.
## Debug/Development Code
### 1. Verbose Logging in Production
**Location:** Multiple files
**Status:** Consider reducing in production
- `lib/auth.ts` - Session callback logging (lines 78-103, 105-113)
- Logs full session details on every session creation
- Could be reduced to warnings only or removed in production
- `app/photos/page.tsx` - Page render logging (lines 12-33)
- Logs auth() calls and session details
- Useful for debugging but verbose for production
- `app/api/debug/session/route.ts` - Entire debug endpoint
- Created for debugging session issues
- Consider removing or protecting with admin-only access
- Or move to development-only route
### 2. Activity Logging
**Location:** `lib/activity-log.ts`, `proxy.ts`, API routes
**Status:** Keep but consider optimization
- Activity logging is useful for monitoring
- Consider:
- Moving to structured logging (JSON format)
- Adding log rotation/retention policies
- Option to disable in production if not needed
- Rate limiting logs to prevent spam
### 3. Upload Verification Logging
**Location:** `app/api/photos/upload/route.ts`
**Status:** Keep but reduce verbosity
- Lines 89-91: Directory creation/existence logging
- Lines 101: File save verification logging
- Useful for debugging but could be reduced to errors only
### 4. Middleware Debug Logging
**Location:** `proxy.ts`
**Status:** Keep but consider reducing
- Lines 22-37: Activity logging for all requests
- Useful for monitoring but generates many logs
- Consider: log only important events or add log level filtering
## Unused/Redundant Code
### 5. Legacy Upload Route
**Location:** `app/api/photos/route.ts`
**Status:** Consider deprecating
- Legacy URL-based upload endpoint
- New uploads use `/api/photos/upload`
- Consider:
- Marking as deprecated
- Removing if not used
- Or consolidating with upload route
### 6. Multiple Upload Routes
**Location:** `app/api/photos/upload/route.ts` and `app/api/photos/upload-multiple/route.ts`
**Status:** Keep but document usage
- Two separate upload endpoints
- Consider if both are needed or can be consolidated
### 7. Proxy.ts Cookie Name Variable
**Location:** `proxy.ts` line 15
**Status:** Minor cleanup
- `cookieName` variable defined but could use constant
- Consider moving to shared constant or env var
## Configuration Cleanup
### 8. Next.js Config
**Location:** `next.config.ts`
**Status:** Review
- Image optimization settings (line 19: `unoptimized: false`)
- Consider if all remote patterns are needed
- Review Turbopack configuration if not using
## Documentation Cleanup
### 10. ARCHITECTURE.md References
**Location:** `ARCHITECTURE.md` line 156
**Status:** Update
- Still references `middleware.ts` in some places
- Should reference `proxy.ts` instead
- Update all middleware references
## Testing/Debugging Utilities
### 11. Watch Activity Script
**Location:** `watch-activity.sh` (if created)
**Status:** Keep or document
- Useful utility for monitoring
- Consider adding to README or removing if not needed
## Recommendations
### High Priority (Consider Removing)
1. `app/api/debug/session/route.ts` - Debug endpoint (protect or remove)
2. Verbose logging in `app/photos/page.tsx` - Reduce to errors only
3. Update ARCHITECTURE.md middleware references
### Medium Priority (Optimize)
1. Activity logging - Add log levels or filtering
2. Upload logging - Reduce verbosity
3. Session callback logging - Reduce in production
### Low Priority (Keep)
1. Activity logging utility - Useful for monitoring
2. Multiple upload routes - Document usage
3. Watch activity script - Useful utility
## Notes
- **Consider** adding environment-based log levels (DEBUG, INFO, WARN, ERROR)
- **Consider** moving debug endpoints behind admin authentication
- **Consider** adding log rotation/retention for production
---
Do all these in stages. create new tests and test and docuemtn as u go.
add DEBUG, INFO, WARN, ERROR flags and only show when asked for. create new branch.
- Changed the type of `details` in the ActivityLog interface and logActivity function from `Record<string, any>` to `Record<string, unknown>` to enhance type safety and clarity.
- Updated the proxy function in Prisma client to use `keyof PrismaClient` for property access, improving type inference and reducing reliance on `any`.
- Enhanced the proxy function to log user activity for both authenticated and unauthenticated requests, capturing details such as IP address, user agent, and referer.
- Introduced a new utility for logging activities, allowing for structured tracking of user actions across various routes.
- Updated photo upload and guess submission routes to log relevant user activity, improving visibility into user interactions.
- Added a script to watch user activity logs in real-time for easier monitoring.
- Introduced a lazy initialization function for the Prisma client to optimize resource usage by only initializing when first accessed.
- Enhanced error handling for parsing Prisma Postgres connection strings, providing clearer error messages and logging for debugging.
- Updated the export to use a Proxy for lazy loading, improving performance and maintaining the existing interface.
- Removed unnecessary check for session.user existence, ensuring it is always populated with token data.
- Updated comments to clarify session return behavior when token validation fails, allowing NextAuth to manage invalid tokens.
- Introduced console logs to track the authentication call and its results, including session presence and user details.
- Enhanced error logging to capture and display authentication errors for improved debugging.
- Added additional details to the JWT callback logging, including token ID, email, name, and role for improved debugging and context during authentication.
- Enhanced visibility into token state when no user is present, aiding in troubleshooting authentication issues.
- Added detailed logging for session information in the PhotosPage component to aid in debugging.
- Included console logs for session presence and user details, as well as a log for redirection to the login page when no session is found.
- Updated session callback in auth.ts to include additional session details for improved context during authentication.
- Updated session callback to include user role in the logging output for better context during session creation.
- Improved logging for missing or invalid tokens by adding token ID and email to the warning message.
- Removed conditional logging for non-production environments to ensure consistent logging across all environments.
- Enhanced the GET request handler to better manage session tokens from both request headers and Next.js cookie store.
- Added detailed error handling for authentication failures and improved logging for debugging purposes.
- Updated cookie management to provide clearer insights into session token presence and accessibility.
- Ensured secure cookie handling is enforced in production environments.
- Added a new API route for session management that retrieves session information and cookie data.
- Enhanced error handling to provide detailed error messages in case of failures.
- Updated login page to support callback URLs for redirection after successful login.
- Introduced debug logging for session creation and token validation in non-production environments.
- Added email and name to the token during the sign-in process for improved user context.
- Updated session callback to ensure session.user is populated with token data, including id, email, name, and role, while maintaining existing session data.
- Added a warning for non-production environments when the token is missing or invalid.
- Added validation for NEXTAUTH_SECRET to ensure it is set before authentication.
- Wrapped the authorization logic in a try-catch block to handle potential errors gracefully and log them for debugging.
- Add duplicate photo detection (file hash and URL checking)
- Add max attempts per photo with UI counter
- Simplify penalty system (auto-enable when points > 0)
- Prevent scores from going below 0
- Add admin photo deletion functionality
- Improve navigation with always-visible logout
- Prevent users from guessing their own photos
