From 429649191bbbc3d3cece011453ecf78fd8e36fee Mon Sep 17 00:00:00 2001
From: mikicv <vilim.mikic@gmail.com>
Date: Wed, 8 Oct 2025 23:00:44 +0100
Subject: [PATCH] Refactor authentication and session management: remove debug
 logging and streamline session verification

---
 app/api/auth/login/route.ts |  8 --------
 lib/session.ts              | 41 +++++++------------------------------
 middleware.ts               | 11 ----------
 3 files changed, 7 insertions(+), 53 deletions(-)

diff --git a/app/api/auth/login/route.ts b/app/api/auth/login/route.ts
index 1ed26b9..4c0aa3e 100644
--- a/app/api/auth/login/route.ts
+++ b/app/api/auth/login/route.ts
@@ -35,14 +35,6 @@ export async function POST(request: NextRequest) {
 			role: user[0].role as 'user' | 'admin',
 		});
 
-		// Debug: Check if cookie was actually set
-		console.log('LOGIN: Session created for user:', user[0].email);
-		console.log('LOGIN: Request headers:', {
-			host: request.headers.get('host'),
-			'x-forwarded-proto': request.headers.get('x-forwarded-proto'),
-			'user-agent': request.headers.get('user-agent')
-		});
-
 		// Log the login activity
 		await logActivity({
 			userId: user[0].id,
diff --git a/lib/session.ts b/lib/session.ts
index 8cc6ea3..07af3b1 100644
--- a/lib/session.ts
+++ b/lib/session.ts
@@ -32,31 +32,19 @@ export async function encrypt(payload: SessionPayload) {
 
 export async function decrypt(session: string | undefined = '') {
 	try {
-		if (!session) {
-			console.log('Failed to verify session: No session provided');
-			return null;
-		}
+		if (!session) return null;
 
 		const { payload } = await jwtVerify(session, encodedKey, {
 			algorithms: ['HS256'],
 		});
 		
-		const sessionData = {
+		return {
 			userId: payload.userId as string,
 			email: payload.email as string,
 			role: payload.role as 'user' | 'admin',
 			expiresAt: new Date(payload.expiresAt as number),
 		};
-
-		// Check if session is expired
-		if (sessionData.expiresAt < new Date()) {
-			console.log('Failed to verify session: Session expired');
-			return null;
-		}
-
-		return sessionData;
 	} catch (error) {
-		console.log('Failed to verify session:', error instanceof Error ? error.message : 'Unknown error');
 		return null;
 	}
 }
@@ -67,26 +55,13 @@ export async function createSession(payload: Omit<SessionPayload, 'expiresAt'>)
 
 	const cookieStore = await cookies();
 	
-	// For Cloudflare tunnel: external is HTTPS, internal is HTTP
-	// Use secure cookies when NEXTAUTH_URL is https (external URL)
-	const isSecure = process.env.NEXTAUTH_URL?.startsWith('https') ?? false;
-	
-	const cookieOptions = {
+	cookieStore.set('session', session, {
 		httpOnly: true,
-		secure: isSecure,
+		secure: process.env.NODE_ENV === 'production',
 		expires: expiresAt,
-		sameSite: isSecure ? 'none' : 'lax', // none required for secure cross-site
+		sameSite: 'lax',
 		path: '/',
-	} as const;
-
-	console.log('CREATE_SESSION: Setting cookie with options:', cookieOptions);
-	console.log('CREATE_SESSION: Environment:', {
-		NODE_ENV: process.env.NODE_ENV,
-		NEXTAUTH_URL: process.env.NEXTAUTH_URL,
-		isSecure
 	});
-	
-	cookieStore.set('session', session, cookieOptions);
 }
 
 export async function updateSession() {
@@ -101,13 +76,11 @@ export async function updateSession() {
 	const expires = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
 	const newSession = await encrypt({ ...payload, expiresAt: expires });
 
-	const isSecure = process.env.NEXTAUTH_URL?.startsWith('https') ?? false;
-
 	cookieStore.set('session', newSession, {
 		httpOnly: true,
-		secure: isSecure,
+		secure: process.env.NODE_ENV === 'production',
 		expires: expires,
-		sameSite: isSecure ? 'none' : 'lax',
+		sameSite: 'lax',
 		path: '/',
 	});
 }
diff --git a/middleware.ts b/middleware.ts
index 1515487..51ff337 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -15,17 +15,6 @@ export default async function middleware(req: NextRequest) {
 	const isAuthRoute = authRoutes.includes(path);
 
 	const cookie = req.cookies.get('session')?.value;
-	
-	// Debug logging for production
-	if (!cookie && (isProtectedRoute || isAuthRoute)) {
-		console.log(`No session cookie found for ${path}, headers:`, {
-			host: req.headers.get('host'),
-			'x-forwarded-proto': req.headers.get('x-forwarded-proto'),
-			'x-forwarded-host': req.headers.get('x-forwarded-host'),
-			cookies: req.headers.get('cookie')
-		});
-	}
-	
 	const session = await decrypt(cookie);
 
 	// Redirect to login if accessing protected route without session