feat(auth): enhance authentication process with secure cookie handling and detailed logging

- Implemented secure cookie options based on HTTPS detection to improve security. - Added detailed logging for credential checks and user authentication flow to aid in debugging and monitoring.
2025-11-10 23:15:53 +01:00
parent c7c47039b4
commit f7c9926348
2 changed files with 32 additions and 0 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -2,8 +2,23 @@ import { NextAuthOptions } from 'next-auth';
 import CredentialsProvider from 'next-auth/providers/credentials';
 import { usersService } from '@/services/users';

+// Détecter si on est en HTTPS
+const isHttps = process.env.NEXTAUTH_URL?.startsWith('https://') ?? false;
+
 export const authOptions: NextAuthOptions = {
  secret: process.env.NEXTAUTH_SECRET,
+  useSecureCookies: isHttps,
+  cookies: {
+    sessionToken: {
+      name: `${isHttps ? '__Secure-' : ''}next-auth.session-token`,
+      options: {
+        httpOnly: true,
+        sameSite: 'lax',
+        path: '/',
+        secure: isHttps,
+      },
+    },
+  },
  providers: [
    CredentialsProvider({
      name: 'credentials',
@@ -13,17 +28,25 @@ export const authOptions: NextAuthOptions = {
      },
      async authorize(credentials) {
        if (!credentials?.email || !credentials?.password) {
+          console.error('[Auth] Missing credentials');
          return null;
        }

        try {
+          console.log(`[Auth] Attempting login for: ${credentials.email}`);
+          console.log(`[Auth] NEXTAUTH_URL: ${process.env.NEXTAUTH_URL}`);
+          console.log(`[Auth] HTTPS mode: ${isHttps}`);
+
          // Chercher l'utilisateur dans la base de données
          const user = await usersService.getUserByEmail(credentials.email);

          if (!user) {
+            console.error(`[Auth] User not found: ${credentials.email}`);
            return null;
          }

+          console.log(`[Auth] User found: ${user.id} (${user.email})`);
+
          // Vérifier le mot de passe
          const isValidPassword = await usersService.verifyPassword(
            credentials.password,
@@ -31,9 +54,12 @@ export const authOptions: NextAuthOptions = {
          );

          if (!isValidPassword) {
+            console.error(`[Auth] Invalid password for: ${credentials.email}`);
            return null;
          }

+          console.log(`[Auth] Login successful for: ${credentials.email}`);
+
          return {
            id: user.id,
            email: user.email,
--- a/src/services/core/database.ts
+++ b/src/services/core/database.ts
@@ -12,6 +12,12 @@ export const prisma =
    log: ['error'], // Désactiver les logs query/warn pour éviter le bruit
  });

+// Log de la configuration DB au démarrage (une seule fois)
+if (!globalThis.__prisma) {
+  const dbUrl = process.env.DATABASE_URL || 'NOT SET';
+  console.log(`[DB] DATABASE_URL: ${dbUrl.replace(/\/\/.*@/, '//***:***@')}`); // Masquer les credentials si présents
+}
+
 // En développement, stocker l'instance globalement pour éviter les reconnexions
 if (process.env.NODE_ENV !== 'production') {
  globalThis.__prisma = prisma;