julienfroidefond/towercontrol
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): enhance authentication process with secure cookie handling and detailed logging

Browse Source 
- Implemented secure cookie options based on HTTPS detection to improve security.
- Added detailed logging for credential checks and user authentication flow to aid in debugging and monitoring.
This commit is contained in:
Julien Froidefond
2025-11-10 23:15:53 +01:00
parent c7c47039b4
commit f7c9926348
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/lib/auth.ts
View File

@@ -2,8 +2,23 @@ import { NextAuthOptions } from 'next-auth';
import CredentialsProvider from 'next-auth/providers/credentials'; import CredentialsProvider from 'next-auth/providers/credentials';
import { usersService } from '@/services/users'; import { usersService } from '@/services/users';
// Détecter si on est en HTTPS
const isHttps = process.env.NEXTAUTH_URL?.startsWith('https://') ?? false;
export const authOptions: NextAuthOptions = { export const authOptions: NextAuthOptions = {
secret: process.env.NEXTAUTH_SECRET, secret: process.env.NEXTAUTH_SECRET,
useSecureCookies: isHttps,
cookies: {
sessionToken: {
name: `${isHttps ? '__Secure-' : ''}next-auth.session-token`,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
secure: isHttps,
},
},
},
providers: [ providers: [
CredentialsProvider({ CredentialsProvider({
name: 'credentials', name: 'credentials',
@@ -13,17 +28,25 @@ export const authOptions: NextAuthOptions = {
}, },
async authorize(credentials) { async authorize(credentials) {
if (!credentials?.email || !credentials?.password) { if (!credentials?.email || !credentials?.password) {
console.error('[Auth] Missing credentials');
return null; return null;
} }
try { try {
console.log(`[Auth] Attempting login for: ${credentials.email}`);
console.log(`[Auth] NEXTAUTH_URL: ${process.env.NEXTAUTH_URL}`);
console.log(`[Auth] HTTPS mode: ${isHttps}`);
// Chercher l'utilisateur dans la base de données // Chercher l'utilisateur dans la base de données
const user = await usersService.getUserByEmail(credentials.email); const user = await usersService.getUserByEmail(credentials.email);
if (!user) { if (!user) {
console.error(`[Auth] User not found: ${credentials.email}`);
return null; return null;
} }
console.log(`[Auth] User found: ${user.id} (${user.email})`);
// Vérifier le mot de passe // Vérifier le mot de passe
const isValidPassword = await usersService.verifyPassword( const isValidPassword = await usersService.verifyPassword(
credentials.password, credentials.password,
@@ -31,9 +54,12 @@ export const authOptions: NextAuthOptions = {
); );
if (!isValidPassword) { if (!isValidPassword) {
console.error(`[Auth] Invalid password for: ${credentials.email}`);
return null; return null;
} }
console.log(`[Auth] Login successful for: ${credentials.email}`);
return { return {
id: user.id, id: user.id,
email: user.email, email: user.email,

6
src/services/core/database.ts
View File

@@ -12,6 +12,12 @@ export const prisma =
log: ['error'], // Désactiver les logs query/warn pour éviter le bruit log: ['error'], // Désactiver les logs query/warn pour éviter le bruit
}); });
// Log de la configuration DB au démarrage (une seule fois)
if (!globalThis.__prisma) {
const dbUrl = process.env.DATABASE_URL || 'NOT SET';
console.log(`[DB] DATABASE_URL: ${dbUrl.replace(/\/\/.*@/, '//***:***@')}`); // Masquer les credentials si présents
}
// En développement, stocker l'instance globalement pour éviter les reconnexions // En développement, stocker l'instance globalement pour éviter les reconnexions
if (process.env.NODE_ENV !== 'production') { if (process.env.NODE_ENV !== 'production') {
globalThis.__prisma = prisma; globalThis.__prisma = prisma;