refactor(auth): simplify session middleware and remove debug endpoint

- Updated session middleware to remove debug logging and streamline cookie handling for mobile applications.
- Adjusted session cookie configuration to disable secure and domain settings for local development.
- Removed the debug endpoint from the authentication routes to reduce noise in the codebase.

worklenz-backend/src/middlewares/session-middleware.ts

@@ -22,10 +22,10 @@ const sessionConfig = {
     path: "/",
     httpOnly: true,
     // For mobile app support in production, use "none", for local development use "lax"
-    sameSite: isProduction() ? "none" as const : "lax" as const,
+    sameSite: "lax" as const,
     // Secure only in production (HTTPS required for sameSite: "none")
-    secure: isProduction(),
-    domain: isProduction() ? ".worklenz.com" : undefined,
+    secure: false,
+    domain: undefined,
     maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days
   },
   // Custom session ID handling for mobile apps
@@ -42,15 +42,8 @@ export default (req: any, res: any, next: any) => {
   const headerSessionId = req.headers["x-session-id"];
   const headerSessionName = req.headers["x-session-name"];
   
-  console.log("DEBUG - Session middleware:");
-  console.log("- URL:", req.url);
-  console.log("- Method:", req.method);
-  console.log("- Has headers:", !!headerSessionId);
-  console.log("- Original cookie:", req.headers.cookie);
-  
   // Only process headers if they exist AND there's no existing valid session cookie
   if (headerSessionId && headerSessionName) {
-    console.log("Processing mobile headers");
     const secret = process.env.SESSION_SECRET || "development-secret-key";
     
     try {
@@ -70,24 +63,13 @@ export default (req: any, res: any, next: any) => {
         // Set the session cookie from header
         req.headers.cookie = sessionCookie;
       }
-      console.log("Updated cookie:", req.headers.cookie);
     } catch (error) {
-      console.log("Error processing headers:", error);
       // Fallback to the old method
       const sessionCookie = `${headerSessionName}=s%3A${headerSessionId}`;
       req.headers.cookie = sessionCookie;
     }
-  } else {
-    console.log("Using normal cookie processing");
   }
   
   // Always call the original session middleware (handles both cookie and header-converted cases)
-  sessionMiddleware(req, res, (err: any) => {
-    if (err) {
-      console.log("Session middleware error:", err);
-    }
-    console.log("After session middleware - Session ID:", (req as any).sessionID);
-    console.log("After session middleware - Authenticated:", !!(req as any).isAuthenticated && (req as any).isAuthenticated());
-    next(err);
-  });
+  sessionMiddleware(req, res, next);
 };

worklenz-backend/src/routes/auth/index.ts

@@ -22,21 +22,6 @@ authRouter.post("/login", passport.authenticate("local-login", options("login"))
 authRouter.post("/signup", signUpValidator, passwordValidator, passport.authenticate("local-signup", options("signup")));
 authRouter.post("/signup/check", signUpValidator, passwordValidator, safeControllerFunction(AuthController.status_check));
 authRouter.get("/verify", AuthController.verify);
-authRouter.get("/debug", (req, res) => {
-  console.log("=== DEBUG ENDPOINT ===");
-  console.log("Session ID:", req.sessionID);
-  console.log("All cookies:", req.cookies);
-  console.log("Cookie header:", req.headers.cookie);
-  console.log("Session data:", req.session);
-  console.log("Is authenticated:", req.isAuthenticated());
-  res.json({
-    sessionId: req.sessionID,
-    cookies: req.cookies,
-    cookieHeader: req.headers.cookie,
-    authenticated: req.isAuthenticated(),
-    session: req.session
-  });
-});
 authRouter.get("/check-password", safeControllerFunction(AuthController.checkPasswordStrength));
 
 authRouter.post("/reset-password", resetEmailValidator, safeControllerFunction(AuthController.reset_password));