From abc923a95e42da46ca66a9e426b56b2f5c6ad04a Mon Sep 17 00:00:00 2001 From: Chamika J <75464293+chamikaJ@users.noreply.github.com> Date: Wed, 6 Aug 2025 12:51:21 +0530 Subject: [PATCH] refactor(auth): simplify session middleware and remove debug endpoint - Updated session middleware to remove debug logging and streamline cookie handling for mobile applications. - Adjusted session cookie configuration to disable secure and domain settings for local development. - Removed the debug endpoint from the authentication routes to reduce noise in the codebase. --- .../src/middlewares/session-middleware.ts | 26 +++---------------- worklenz-backend/src/routes/auth/index.ts | 15 ----------- 2 files changed, 4 insertions(+), 37 deletions(-) diff --git a/worklenz-backend/src/middlewares/session-middleware.ts b/worklenz-backend/src/middlewares/session-middleware.ts index 2eee63ff..d4394cb7 100644 --- a/worklenz-backend/src/middlewares/session-middleware.ts +++ b/worklenz-backend/src/middlewares/session-middleware.ts @@ -22,10 +22,10 @@ const sessionConfig = { path: "/", httpOnly: true, // For mobile app support in production, use "none", for local development use "lax" - sameSite: isProduction() ? "none" as const : "lax" as const, + sameSite: "lax" as const, // Secure only in production (HTTPS required for sameSite: "none") - secure: isProduction(), - domain: isProduction() ? ".worklenz.com" : undefined, + secure: false, + domain: undefined, maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days }, // Custom session ID handling for mobile apps @@ -42,15 +42,8 @@ export default (req: any, res: any, next: any) => { const headerSessionId = req.headers["x-session-id"]; const headerSessionName = req.headers["x-session-name"]; - console.log("DEBUG - Session middleware:"); - console.log("- URL:", req.url); - console.log("- Method:", req.method); - console.log("- Has headers:", !!headerSessionId); - console.log("- Original cookie:", req.headers.cookie); - // Only process headers if they exist AND there's no existing valid session cookie if (headerSessionId && headerSessionName) { - console.log("Processing mobile headers"); const secret = process.env.SESSION_SECRET || "development-secret-key"; try { @@ -70,24 +63,13 @@ export default (req: any, res: any, next: any) => { // Set the session cookie from header req.headers.cookie = sessionCookie; } - console.log("Updated cookie:", req.headers.cookie); } catch (error) { - console.log("Error processing headers:", error); // Fallback to the old method const sessionCookie = `${headerSessionName}=s%3A${headerSessionId}`; req.headers.cookie = sessionCookie; } - } else { - console.log("Using normal cookie processing"); } // Always call the original session middleware (handles both cookie and header-converted cases) - sessionMiddleware(req, res, (err: any) => { - if (err) { - console.log("Session middleware error:", err); - } - console.log("After session middleware - Session ID:", (req as any).sessionID); - console.log("After session middleware - Authenticated:", !!(req as any).isAuthenticated && (req as any).isAuthenticated()); - next(err); - }); + sessionMiddleware(req, res, next); }; \ No newline at end of file diff --git a/worklenz-backend/src/routes/auth/index.ts b/worklenz-backend/src/routes/auth/index.ts index ab4570e7..818e5f27 100644 --- a/worklenz-backend/src/routes/auth/index.ts +++ b/worklenz-backend/src/routes/auth/index.ts @@ -22,21 +22,6 @@ authRouter.post("/login", passport.authenticate("local-login", options("login")) authRouter.post("/signup", signUpValidator, passwordValidator, passport.authenticate("local-signup", options("signup"))); authRouter.post("/signup/check", signUpValidator, passwordValidator, safeControllerFunction(AuthController.status_check)); authRouter.get("/verify", AuthController.verify); -authRouter.get("/debug", (req, res) => { - console.log("=== DEBUG ENDPOINT ==="); - console.log("Session ID:", req.sessionID); - console.log("All cookies:", req.cookies); - console.log("Cookie header:", req.headers.cookie); - console.log("Session data:", req.session); - console.log("Is authenticated:", req.isAuthenticated()); - res.json({ - sessionId: req.sessionID, - cookies: req.cookies, - cookieHeader: req.headers.cookie, - authenticated: req.isAuthenticated(), - session: req.session - }); -}); authRouter.get("/check-password", safeControllerFunction(AuthController.checkPasswordStrength)); authRouter.post("/reset-password", resetEmailValidator, safeControllerFunction(AuthController.reset_password));