From 584c7207ef71e303e96851f2e565f8366c8b4ffd Mon Sep 17 00:00:00 2001 From: Ben Fornefeld Date: Thu, 15 May 2025 14:27:54 +0200 Subject: [PATCH 1/2] improve: auth callback logging --- src/app/api/auth/callback/route.ts | 25 +++++++++++++++++++------ src/lib/clients/logger.ts | 7 +++++++ 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/src/app/api/auth/callback/route.ts b/src/app/api/auth/callback/route.ts index ed54da49..170c7565 100644 --- a/src/app/api/auth/callback/route.ts +++ b/src/app/api/auth/callback/route.ts @@ -1,6 +1,8 @@ import { createClient } from '@/lib/clients/supabase/server' import { redirect } from 'next/navigation' -import { PROTECTED_URLS } from '@/configs/urls' +import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls' +import { logError, logInfo } from '@/lib/clients/logger' +import { ERROR_CODES } from '@/configs/logs' export async function GET(request: Request) { // The `/auth/callback` route is required for the server-side auth flow implemented @@ -13,7 +15,7 @@ export async function GET(request: Request) { const returnTo = requestUrl.searchParams.get('returnTo')?.toString() const redirectTo = requestUrl.searchParams.get('redirect_to')?.toString() - console.log('Auth callback:', { + logInfo('Auth callback:', { code: !!code, origin, returnTo, @@ -21,13 +23,24 @@ export async function GET(request: Request) { if (code) { const supabase = await createClient() - await supabase.auth.exchangeCodeForSession(code) + const { data, error } = await supabase.auth.exchangeCodeForSession(code) + + if (error) { + logError( + ERROR_CODES.SUPABASE, + 'Error exchanging code for session:', + error + ) + return redirect(AUTH_URLS.SIGN_IN) + } + + logInfo('OTP was successfully exchanged for user:', data.user.id) } if (redirectTo) { const returnToUrl = new URL(redirectTo, origin) if (returnToUrl.origin === origin) { - console.log('Redirecting to:', redirectTo) + logInfo('Redirecting to:', redirectTo) return redirect(redirectTo) } } @@ -37,12 +50,12 @@ export async function GET(request: Request) { // Ensure returnTo is a relative URL to prevent open redirect vulnerabilities const returnToUrl = new URL(returnTo, origin) if (returnToUrl.origin === origin) { - console.log('Returning to:', returnTo) + logInfo('Returning to:', returnTo) return redirect(returnTo) } } // Default redirect to dashboard - console.log('Redirecting to dashboard') + logInfo('Redirecting to dashboard') return redirect(PROTECTED_URLS.DASHBOARD) } diff --git a/src/lib/clients/logger.ts b/src/lib/clients/logger.ts index 1db17b8f..88400ac8 100644 --- a/src/lib/clients/logger.ts +++ b/src/lib/clients/logger.ts @@ -19,6 +19,13 @@ export const logDebug = (...args: Parameters) => { ) } +export const logInfo = (...args: Parameters) => { + console.info( + ansis.bgGray.black(' INFO '), + ansis.gray(args.map(stringifyArg).join(' ')) + ) +} + export const logSuccess = (...args: Parameters) => { console.log( ansis.bgGreenBright.white(' SUCCESS '), From 946153b84d106ce4fb2047df59cf4cbdb3e072e9 Mon Sep 17 00:00:00 2001 From: Ben Fornefeld Date: Thu, 15 May 2025 14:29:13 +0200 Subject: [PATCH 2/2] improve: don't manually redirect on exchange error, just log --- src/app/api/auth/callback/route.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/app/api/auth/callback/route.ts b/src/app/api/auth/callback/route.ts index 170c7565..a9c04939 100644 --- a/src/app/api/auth/callback/route.ts +++ b/src/app/api/auth/callback/route.ts @@ -31,10 +31,9 @@ export async function GET(request: Request) { 'Error exchanging code for session:', error ) - return redirect(AUTH_URLS.SIGN_IN) + } else { + logInfo('OTP was successfully exchanged for user:', data.user.id) } - - logInfo('OTP was successfully exchanged for user:', data.user.id) } if (redirectTo) {