feat: enhance middleware and authentication handling by adding health check route, improving session cookie security, and logging for debugging

2025-10-16 23:32:33 +02:00
parent 0c66fae916
commit 57a1cb5e46
3 changed files with 24 additions and 3 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -57,5 +57,19 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
  session: {
    strategy: "jwt",
  },
+  cookies: {
+    sessionToken: {
+      name: process.env.NODE_ENV === "production" 
+        ? `__Secure-next-auth.session-token`
+        : `next-auth.session-token`,
+      options: {
+        httpOnly: true,
+        sameSite: "lax",
+        path: "/",
+        secure: process.env.NODE_ENV === "production",
+      },
+    },
+  },
  secret: process.env.NEXTAUTH_SECRET,
+  trustHost: true,
 });
--- a/src/lib/middleware-auth.ts
+++ b/src/lib/middleware-auth.ts
@@ -8,6 +8,8 @@ export async function getAuthSession(request: NextRequest) {
      secret: process.env.NEXTAUTH_SECRET 
    });
    
+    console.log(`[getAuthSession] Token exists: ${!!token}, Secret configured: ${!!process.env.NEXTAUTH_SECRET}`);
+    
    if (!token) {
      return null;
    }
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -27,9 +27,12 @@ export default async function middleware(request: NextRequest) {
    publicRoutes.includes(pathname) ||
    publicApiRoutes.includes(pathname) ||
    pathname.startsWith("/api/auth/") ||
+    pathname.startsWith("/api/health") ||
    pathname.startsWith("/images/") ||
    pathname.startsWith("/_next/") ||
-    pathname.startsWith("/fonts/")
+    pathname.startsWith("/fonts/") ||
+    pathname === "/favicon.svg" ||
+    pathname === "/favicon.ico"
  ) {
    return NextResponse.next();
  }
@@ -37,6 +40,8 @@ export default async function middleware(request: NextRequest) {
  // Vérifier l'authentification avec NextAuth v5
  const session = await getAuthSession(request);
  
+  console.log(`[Middleware] Path: ${pathname}, Has session: ${!!session}`);
+  
  if (!session) {
    if (pathname.startsWith("/api/")) {
      return NextResponse.json(
@@ -61,7 +66,7 @@ export default async function middleware(request: NextRequest) {
    response.cookies.set("NEXT_LOCALE", locale, {
      path: "/",
      maxAge: 365 * 24 * 60 * 60, // 1 an
-      secure: true, // Ajout de secure pour HTTPS
+      secure: process.env.NODE_ENV === "production", // Secure uniquement en prod HTTPS
      sameSite: "lax", // Protection CSRF
    });
  }
@@ -80,6 +85,6 @@ export const config = {
     * 4. /images/* (inside public directory)
     * 5. Static files (manifest.json, favicon.ico, etc.)
     */
-    "/((?!api/auth|_next/static|_next/image|fonts|images|manifest.json|favicon.ico|sitemap.xml|sw.js|offline.html).*)",
+    "/((?!api/auth|api/health|_next/static|_next/image|fonts|images|manifest.json|favicon|sitemap.xml|sw.js|offline.html).*)",
  ],
 };