ilia/mirror_match
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mirror_match/lib/auth.ts
ilia efb6519ffe
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m23s
Details
CI / lint-and-type-check (pull_request) Successful in 1m47s
Details
CI / test (pull_request) Successful in 1m51s
Details
CI / build (pull_request) Successful in 1m52s
Details
CI / secret-scanning (pull_request) Successful in 1m25s
Details
CI / dependency-scan (pull_request) Successful in 1m28s
Details
CI / sast-scan (pull_request) Successful in 2m32s
Details
CI / workflow-summary (pull_request) Successful in 1m22s
Details
# Cleanup Checklist 
This document lists code and features that were added during development/debugging that might be candidates for cleanup or removal in the future.

## Debug/Development Code

### 1. Verbose Logging in Production
**Location:** Multiple files
**Status:** Consider reducing in production

- `lib/auth.ts` - Session callback logging (lines 78-103, 105-113)
  - Logs full session details on every session creation
  - Could be reduced to warnings only or removed in production

- `app/photos/page.tsx` - Page render logging (lines 12-33)
  - Logs auth() calls and session details
  - Useful for debugging but verbose for production

- `app/api/debug/session/route.ts` - Entire debug endpoint
  - Created for debugging session issues
  - Consider removing or protecting with admin-only access
  - Or move to development-only route

### 2. Activity Logging
**Location:** `lib/activity-log.ts`, `proxy.ts`, API routes
**Status:** Keep but consider optimization

- Activity logging is useful for monitoring
- Consider:
  - Moving to structured logging (JSON format)
  - Adding log rotation/retention policies
  - Option to disable in production if not needed
  - Rate limiting logs to prevent spam

### 3. Upload Verification Logging
**Location:** `app/api/photos/upload/route.ts`
**Status:** Keep but reduce verbosity

- Lines 89-91: Directory creation/existence logging
- Lines 101: File save verification logging
- Useful for debugging but could be reduced to errors only

### 4. Middleware Debug Logging
**Location:** `proxy.ts`
**Status:** Keep but consider reducing

- Lines 22-37: Activity logging for all requests
- Useful for monitoring but generates many logs
- Consider: log only important events or add log level filtering

## Unused/Redundant Code

### 5. Legacy Upload Route
**Location:** `app/api/photos/route.ts`
**Status:** Consider deprecating

- Legacy URL-based upload endpoint
- New uploads use `/api/photos/upload`
- Consider:
  - Marking as deprecated
  - Removing if not used
  - Or consolidating with upload route

### 6. Multiple Upload Routes
**Location:** `app/api/photos/upload/route.ts` and `app/api/photos/upload-multiple/route.ts`
**Status:** Keep but document usage

- Two separate upload endpoints
- Consider if both are needed or can be consolidated

### 7. Proxy.ts Cookie Name Variable
**Location:** `proxy.ts` line 15
**Status:** Minor cleanup

- `cookieName` variable defined but could use constant
- Consider moving to shared constant or env var

## Configuration Cleanup

### 8. Next.js Config
**Location:** `next.config.ts`
**Status:** Review

- Image optimization settings (line 19: `unoptimized: false`)
- Consider if all remote patterns are needed
- Review Turbopack configuration if not using

## Documentation Cleanup

### 10. ARCHITECTURE.md References
**Location:** `ARCHITECTURE.md` line 156
**Status:** Update

- Still references `middleware.ts` in some places
- Should reference `proxy.ts` instead
- Update all middleware references

## Testing/Debugging Utilities

### 11. Watch Activity Script
**Location:** `watch-activity.sh` (if created)
**Status:** Keep or document

- Useful utility for monitoring
- Consider adding to README or removing if not needed

## Recommendations

### High Priority (Consider Removing)
1. `app/api/debug/session/route.ts` - Debug endpoint (protect or remove)
2. Verbose logging in `app/photos/page.tsx` - Reduce to errors only
3. Update ARCHITECTURE.md middleware references

### Medium Priority (Optimize)
1. Activity logging - Add log levels or filtering
2. Upload logging - Reduce verbosity
3. Session callback logging - Reduce in production

### Low Priority (Keep)
1. Activity logging utility - Useful for monitoring
2. Multiple upload routes - Document usage
3. Watch activity script - Useful utility

## Notes

- **Consider** adding environment-based log levels (DEBUG, INFO, WARN, ERROR)
- **Consider** moving debug endpoints behind admin authentication
- **Consider** adding log rotation/retention for production

---

Do all these in stages. create new tests and test and docuemtn  as u go.

add DEBUG, INFO, WARN, ERROR flags and only show when asked for. create new branch.
2026-01-04 19:34:21 -05:00

131 lines
3.8 KiB
TypeScript
Raw Blame History

import NextAuth from "next-auth"
import Credentials from "next-auth/providers/credentials"
import { prisma } from "./prisma"
import bcrypt from "bcryptjs"
import { logger } from "./logger"
import { SESSION_COOKIE_NAME } from "./constants"
const nextAuthSecret = process.env.NEXTAUTH_SECRET
if (!nextAuthSecret) {
throw new Error("NEXTAUTH_SECRET is not set. Define it to enable authentication.")
}
export const { handlers, auth, signIn, signOut } = NextAuth({
trustHost: true,
debug: process.env.NODE_ENV !== "production",
providers: [
Credentials({
name: "Credentials",
credentials: {
email: { label: "Email", type: "email" },
password: { label: "Password", type: "password" }
},
async authorize(credentials) {
try {
if (!credentials?.email || !credentials?.password) {
return null
}
const email = credentials.email as string
const password = credentials.password as string
const user = await prisma.user.findUnique({
where: { email }
})
if (!user || !user.passwordHash) {
return null
}
const isValid = await bcrypt.compare(password, user.passwordHash)
if (!isValid) {
return null
}
return {
id: user.id,
email: user.email,
name: user.name,
role: user.role,
}
} catch (err) {
logger.error("Auth authorize error", err instanceof Error ? err : new Error(String(err)))
return null
}
}
})
],
callbacks: {
async jwt({ token, user }) {
if (user) {
token.id = user.id
token.role = (user as { role: string }).role
token.email = user.email
token.name = user.name
// DEBUG level: only logs in development or when LOG_LEVEL=DEBUG
logger.debug("JWT callback: user added to token", {
userId: user.id,
email: user.email
})
} else {
// DEBUG level: token refresh (normal operation, only log in debug mode)
logger.debug("JWT callback: token refresh", {
hasToken: !!token,
tokenId: token?.id,
tokenEmail: token?.email,
})
}
return token
},
async session({ session, token }) {
// Always ensure session.user exists when token exists
if (token && (token.id || token.email)) {
session.user = {
...session.user,
id: token.id as string,
email: (token.email as string) || session.user?.email || "",
name: (token.name as string) || session.user?.name || "",
role: token.role as string,
}
// DEBUG level: session creation is normal operation, only log in debug mode
logger.debug("Session callback: session created", {
userId: token.id,
email: token.email,
userRole: token.role,
})
} else {
// WARN level: token missing/invalid is a warning condition
logger.warn("Session callback: token missing or invalid", {
hasToken: !!token,
hasSession: !!session,
tokenId: token?.id,
tokenEmail: token?.email
})
// Return session even if token is invalid - NextAuth will handle validation
}
// Explicitly return session to ensure it's returned
return session
}
},
pages: {
signIn: "/login",
},
session: {
strategy: "jwt",
maxAge: 30 * 24 * 60 * 60, // 30 days
},
cookies: {
sessionToken: {
name: SESSION_COOKIE_NAME,
options: {
httpOnly: true,
sameSite: "lax",
path: "/",
secure: true, // Always secure in production (HTTPS required)
},
},
},
secret: nextAuthSecret,
})
Reference in New Issue View Git Blame Copy Permalink