chore: update ENV.md for NextAuth URL configuration, remove debug logging from middleware, and adjust session token handling in auth middleware

2025-10-16 23:56:46 +02:00
parent 57a1cb5e46
commit 2c850d1c59
4 changed files with 9 additions and 19 deletions
--- a/ENV.md
+++ b/ENV.md
@@ -9,7 +9,10 @@ MONGODB_URI=mongodb://admin:your-secure-password@mongodb:27017/stripstream?authS

 # NextAuth Configuration
 NEXTAUTH_SECRET=your-secret-key-here-generate-with-openssl-rand-base64-32
-NEXTAUTH_URL=http://localhost:3020
+# Si derrière un reverse proxy HTTPS, utiliser l'URL HTTPS publique :
+NEXTAUTH_URL=https://ton-domaine.com
+# Sinon en local :
+# NEXTAUTH_URL=http://localhost:3020

 # Admin User (optional - default password for julienfroidefond@gmail.com)
 ADMIN_DEFAULT_PASSWORD=Admin@2025
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -57,19 +57,7 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
  session: {
    strategy: "jwt",
  },
-  cookies: {
-    sessionToken: {
-      name: process.env.NODE_ENV === "production" 
-        ? `__Secure-next-auth.session-token`
-        : `next-auth.session-token`,
-      options: {
-        httpOnly: true,
-        sameSite: "lax",
-        path: "/",
-        secure: process.env.NODE_ENV === "production",
-      },
-    },
-  },
  secret: process.env.NEXTAUTH_SECRET,
  trustHost: true,
+  // useSecureCookies sera automatiquement détecté via NEXTAUTH_URL
 });
--- a/src/lib/middleware-auth.ts
+++ b/src/lib/middleware-auth.ts
@@ -5,11 +5,12 @@ export async function getAuthSession(request: NextRequest) {
  try {
    const token = await getToken({ 
      req: request,
-      secret: process.env.NEXTAUTH_SECRET 
+      secret: process.env.NEXTAUTH_SECRET,
+      cookieName: process.env.NODE_ENV === "production" 
+        ? "__Secure-authjs.session-token"
+        : "authjs.session-token"
    });
    
-    console.log(`[getAuthSession] Token exists: ${!!token}, Secret configured: ${!!process.env.NEXTAUTH_SECRET}`);
-    
    if (!token) {
      return null;
    }
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -40,8 +40,6 @@ export default async function middleware(request: NextRequest) {
  // Vérifier l'authentification avec NextAuth v5
  const session = await getAuthSession(request);
  
-  console.log(`[Middleware] Path: ${pathname}, Has session: ${!!session}`);
-  
  if (!session) {
    if (pathname.startsWith("/api/")) {
      return NextResponse.json(