ilia
08914dc469
# Structured Logging System Implementation ## Summary Implements a comprehensive structured logging system to replace verbose console.* calls throughout the codebase, addressing all cleanup tasks from CLEANUP.md. ## What Changed ### Core Features - ✅ **Structured Logging System** - New `lib/logger.ts` with DEBUG, INFO, WARN, ERROR levels - ✅ **Environment-Based Control** - `LOG_LEVEL` env var controls verbosity (DEBUG/INFO/WARN/ERROR/NONE) - ✅ **JSON Logging Option** - `LOG_FORMAT=json` for structured JSON output - ✅ **Shared Constants** - Extracted session cookie name to `lib/constants.ts` ### Code Refactoring - ✅ Replaced all `console.*` calls in API routes with structured logger - ✅ Refactored `activity-log.ts` to use new logger system - ✅ Reduced verbose logging in auth, photos page, and upload routes - ✅ Updated proxy.ts to use structured logging - ✅ Removed unused legacy `/api/photos` route (replaced by `/api/photos/upload`) ### Security Improvements - ✅ Protected `/api/debug/session` endpoint with admin-only access - ✅ Added proper error logging with structured context ### Documentation - ✅ Documented multiple upload routes usage - ✅ Enhanced watch-activity.sh script documentation - ✅ Updated README.md with upload endpoint information - ✅ Added configuration documentation to next.config.ts ### Testing - ✅ Added 23 tests for logger system - ✅ Added 8 tests for refactored activity-log - ✅ All 43 tests passing ## Benefits 1. **Production-Ready Logging** - Environment-based control, defaults to INFO in production 2. **Reduced Verbosity** - DEBUG logs only show in development or when explicitly enabled 3. **Structured Output** - JSON format option for log aggregation tools 4. **Better Organization** - Shared constants, consistent logging patterns 5. **Improved Security** - Debug endpoint now requires admin access ## Testing ### Manual Testing - ✅ Server builds successfully - ✅ All tests pass (43/43) - ✅ Type checking passes - ✅ Linting passes - ✅ Production server runs with logs visible - ✅ Log levels work correctly (DEBUG shows all, INFO shows activity, etc.) ### Test Coverage - Logger system: 100% coverage - Activity log: 100% coverage - All existing tests still pass ## Configuration ### Environment Variables ```bash # Control log verbosity (DEBUG, INFO, WARN, ERROR, NONE) LOG_LEVEL=INFO # Use structured JSON logging LOG_FORMAT=json ``` ### Defaults - Development: `LOG_LEVEL=DEBUG` (shows all logs) - Production: `LOG_LEVEL=INFO` (shows activity and above) ## Migration Notes - No breaking changes (legacy route was unused) - All existing functionality preserved - Logs are now structured and filterable - Debug endpoint now requires admin authentication - Legacy `/api/photos` endpoint removed (use `/api/photos/upload` instead) ## Checklist - [x] All console.* calls replaced in API routes - [x] Logger system implemented with tests - [x] Activity logging refactored - [x] Debug endpoint protected - [x] Documentation updated - [x] All tests passing - [x] Type checking passes - [x] Linting passes - [x] Build succeeds - [x] Manual testing completed ## Related Issues Addresses cleanup tasks from CLEANUP.md: - Task 1: Verbose logging in production ✅ - Task 2: Activity logging optimization ✅ - Task 3: Upload verification logging ✅ - Task 4: Middleware debug logging ✅ - Task 5: Legacy upload route documentation ✅ - Task 6: Multiple upload routes documentation ✅ - Task 7: Cookie name constant extraction ✅ - Task 8: Next.js config documentation ✅ - Task 9: ARCHITECTURE.md (already correct) ✅ - Task 10: Watch activity script documentation ✅ Reviewed-on: #4
131 lines
3.8 KiB
TypeScript
131 lines
3.8 KiB
TypeScript
import NextAuth from "next-auth"
|
|
import Credentials from "next-auth/providers/credentials"
|
|
import { prisma } from "./prisma"
|
|
import bcrypt from "bcryptjs"
|
|
import { logger } from "./logger"
|
|
import { SESSION_COOKIE_NAME } from "./constants"
|
|
|
|
const nextAuthSecret = process.env.NEXTAUTH_SECRET
|
|
if (!nextAuthSecret) {
|
|
throw new Error("NEXTAUTH_SECRET is not set. Define it to enable authentication.")
|
|
}
|
|
|
|
export const { handlers, auth, signIn, signOut } = NextAuth({
|
|
trustHost: true,
|
|
debug: process.env.NODE_ENV !== "production",
|
|
providers: [
|
|
Credentials({
|
|
name: "Credentials",
|
|
credentials: {
|
|
email: { label: "Email", type: "email" },
|
|
password: { label: "Password", type: "password" }
|
|
},
|
|
async authorize(credentials) {
|
|
try {
|
|
if (!credentials?.email || !credentials?.password) {
|
|
return null
|
|
}
|
|
|
|
const email = credentials.email as string
|
|
const password = credentials.password as string
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { email }
|
|
})
|
|
|
|
if (!user || !user.passwordHash) {
|
|
return null
|
|
}
|
|
|
|
const isValid = await bcrypt.compare(password, user.passwordHash)
|
|
|
|
if (!isValid) {
|
|
return null
|
|
}
|
|
|
|
return {
|
|
id: user.id,
|
|
email: user.email,
|
|
name: user.name,
|
|
role: user.role,
|
|
}
|
|
} catch (err) {
|
|
logger.error("Auth authorize error", err instanceof Error ? err : new Error(String(err)))
|
|
return null
|
|
}
|
|
}
|
|
})
|
|
],
|
|
callbacks: {
|
|
async jwt({ token, user }) {
|
|
if (user) {
|
|
token.id = user.id
|
|
token.role = (user as { role: string }).role
|
|
token.email = user.email
|
|
token.name = user.name
|
|
// DEBUG level: only logs in development or when LOG_LEVEL=DEBUG
|
|
logger.debug("JWT callback: user added to token", {
|
|
userId: user.id,
|
|
email: user.email
|
|
})
|
|
} else {
|
|
// DEBUG level: token refresh (normal operation, only log in debug mode)
|
|
logger.debug("JWT callback: token refresh", {
|
|
hasToken: !!token,
|
|
tokenId: token?.id,
|
|
tokenEmail: token?.email,
|
|
})
|
|
}
|
|
return token
|
|
},
|
|
async session({ session, token }) {
|
|
// Always ensure session.user exists when token exists
|
|
if (token && (token.id || token.email)) {
|
|
session.user = {
|
|
...session.user,
|
|
id: token.id as string,
|
|
email: (token.email as string) || session.user?.email || "",
|
|
name: (token.name as string) || session.user?.name || "",
|
|
role: token.role as string,
|
|
}
|
|
// DEBUG level: session creation is normal operation, only log in debug mode
|
|
logger.debug("Session callback: session created", {
|
|
userId: token.id,
|
|
email: token.email,
|
|
userRole: token.role,
|
|
})
|
|
} else {
|
|
// WARN level: token missing/invalid is a warning condition
|
|
logger.warn("Session callback: token missing or invalid", {
|
|
hasToken: !!token,
|
|
hasSession: !!session,
|
|
tokenId: token?.id,
|
|
tokenEmail: token?.email
|
|
})
|
|
// Return session even if token is invalid - NextAuth will handle validation
|
|
}
|
|
// Explicitly return session to ensure it's returned
|
|
return session
|
|
}
|
|
},
|
|
pages: {
|
|
signIn: "/login",
|
|
},
|
|
session: {
|
|
strategy: "jwt",
|
|
maxAge: 30 * 24 * 60 * 60, // 30 days
|
|
},
|
|
cookies: {
|
|
sessionToken: {
|
|
name: SESSION_COOKIE_NAME,
|
|
options: {
|
|
httpOnly: true,
|
|
sameSite: "lax",
|
|
path: "/",
|
|
secure: true, // Always secure in production (HTTPS required)
|
|
},
|
|
},
|
|
},
|
|
secret: nextAuthSecret,
|
|
})
|