feat: enhance party user auth endpoint with token validation, error logging, and security improvements
This commit is contained in:
louiscklaw
@@ -7,6 +7,14 @@
|
|||||||
// - Log all access attempts (success/failure)
|
// - Log all access attempts (success/failure)
|
||||||
// - Validate token structure and user existence
|
// - Validate token structure and user existence
|
||||||
//
|
//
|
||||||
|
// RULES:
|
||||||
|
// - Must validate Bearer token format before processing
|
||||||
|
// - All errors must be logged via access-log service
|
||||||
|
// - User existence must be verified after token validation
|
||||||
|
// - Sensitive data must be filtered from responses
|
||||||
|
// - Mock JWT_SECRET should be replaced in production
|
||||||
|
// - Debug info should be included in error logs
|
||||||
|
//
|
||||||
import type { NextRequest } from 'next/server';
|
import type { NextRequest } from 'next/server';
|
||||||
import type { PartyUser } from '@prisma/client';
|
import type { PartyUser } from '@prisma/client';
|
||||||
|
|
||||||
@@ -23,14 +31,6 @@ import { flattenNextjsRequest } from '../sign-in/flattenNextjsRequest';
|
|||||||
|
|
||||||
// ----------------------------------------------------------------------
|
// ----------------------------------------------------------------------
|
||||||
|
|
||||||
/**
|
|
||||||
* This API is used for demo purpose only
|
|
||||||
* You should use a real database
|
|
||||||
* You should hash the password before saving to database
|
|
||||||
* You should not save the password in the database
|
|
||||||
* You should not expose the JWT_SECRET in the client side
|
|
||||||
*/
|
|
||||||
|
|
||||||
const ERR_USER_TOKEN_CHECK_FAILED = 'user token check failed';
|
const ERR_USER_TOKEN_CHECK_FAILED = 'user token check failed';
|
||||||
const ERR_INVALID_AUTH_TOKEN = 'Invalid authorization token';
|
const ERR_INVALID_AUTH_TOKEN = 'Invalid authorization token';
|
||||||
const ERR_USER_ID_NOT_FOUND = 'userId not found';
|
const ERR_USER_ID_NOT_FOUND = 'userId not found';
|
||||||
|
|||||||
@@ -1,28 +1,23 @@
|
|||||||
// src/app/services/AccessLog.service.ts
|
// src/app/services/access-log.service.ts
|
||||||
//
|
//
|
||||||
// PURPOSE:
|
// PURPOSE:
|
||||||
// Service for handling AccessLog records
|
// - Core service for audit logging and access tracking
|
||||||
|
// - Records all authentication attempts and system access
|
||||||
|
// - Provides query capabilities for audit trails
|
||||||
|
// - Integrates with Prisma ORM for database operations
|
||||||
//
|
//
|
||||||
// RULES:
|
// RULES:
|
||||||
// - All methods return Promises
|
// - All methods return Promises for async operations
|
||||||
// - Input validation should be done at controller level
|
// - Input validation must be done at controller level
|
||||||
// - Errors should be propagated to caller
|
// - Errors should be propagated to caller with context
|
||||||
|
// - Audit records should never be modified after creation
|
||||||
|
// - Sensitive data should be hashed before logging
|
||||||
|
// - Metadata should be stored as JSON for flexibility
|
||||||
|
|
||||||
import type { AccessLog } from '@prisma/client';
|
import type { AccessLog } from '@prisma/client';
|
||||||
|
|
||||||
import prisma from '../lib/prisma';
|
import prisma from '../lib/prisma';
|
||||||
|
|
||||||
// type CreateAccessLog = {
|
|
||||||
// userId?: string;
|
|
||||||
// message?: string;
|
|
||||||
// metadata?: Record<string, any>;
|
|
||||||
// };
|
|
||||||
|
|
||||||
// type UpdateAccessLog = {
|
|
||||||
// status?: number;
|
|
||||||
// metadata?: object;
|
|
||||||
// };
|
|
||||||
|
|
||||||
async function listAccessLogs(): Promise<AccessLog[]> {
|
async function listAccessLogs(): Promise<AccessLog[]> {
|
||||||
return prisma.accessLog.findMany({
|
return prisma.accessLog.findMany({
|
||||||
orderBy: { timestamp: 'desc' },
|
orderBy: { timestamp: 'desc' },
|
||||||
|
|||||||
Reference in New Issue
Block a user