auth logs

Author: tannerlinsley

src/routes/api/auth/callback/$provider.tsx

@@ -19,12 +19,12 @@ export const Route = createFileRoute('/api/auth/callback/$provider')({
           const error = url.searchParams.get('error')
 
           if (error) {
-            console.error(`[OAuth Callback] OAuth error received: ${error}`)
+            console.error(`[AUTH:ERROR] OAuth error received from provider: ${error}`)
             return Response.redirect(new URL('/login?error=oauth_failed', request.url), 302)
           }
 
           if (!code || !state) {
-            console.error('[OAuth Callback] Missing code or state')
+            console.error('[AUTH:ERROR] Missing code or state in OAuth callback')
             return Response.redirect(new URL('/login?error=oauth_failed', request.url), 302)
           }
 
@@ -35,14 +35,14 @@ export const Route = createFileRoute('/api/auth/callback/$provider')({
             .find((c) => c.trim().startsWith('oauth_state='))
 
           if (!stateCookie) {
-            console.error('[OAuth Callback] No state cookie found')
+            console.error('[AUTH:ERROR] No state cookie found - possible CSRF or cookie issue')
             return Response.redirect(new URL('/login?error=oauth_failed', request.url), 302)
           }
 
           const cookieState = decodeURIComponent(stateCookie.split('=').slice(1).join('=').trim())
 
           if (cookieState !== state) {
-            console.error('[OAuth Callback] State mismatch')
+            console.error(`[AUTH:ERROR] State mismatch - expected: ${cookieState.substring(0, 10)}..., received: ${state.substring(0, 10)}...`)
             return Response.redirect(new URL('/login?error=oauth_failed', request.url), 302)
           }
 
@@ -88,9 +88,15 @@ export const Route = createFileRoute('/api/auth/callback/$provider')({
 
           const tokenData = await tokenResponse.json()
           if (tokenData.error) {
-            console.error('[OAuth Callback] GitHub OAuth error received')
+            console.error(`[AUTH:ERROR] GitHub token exchange failed: ${tokenData.error}, description: ${tokenData.error_description || 'none'}`)
             throw new Error(`GitHub OAuth error: ${tokenData.error}`)
           }
+
+          if (!tokenData.access_token) {
+            console.error('[AUTH:ERROR] GitHub token exchange succeeded but no access_token returned')
+            throw new Error('No access token received from GitHub')
+          }
+
           accessToken = tokenData.access_token
           // Fetch user profile
           const profileResponse = await fetch('https://api.github.com/user', {
@@ -121,7 +127,8 @@ export const Route = createFileRoute('/api/auth/callback/$provider')({
           }
 
           if (!email) {
-             throw new Error('No verified email found for GitHub account')
+            console.error(`[AUTH:ERROR] No verified email found for GitHub user ${profile.id} (${profile.login})`)
+            throw new Error('No verified email found for GitHub account')
           }
 
           userProfile = {
@@ -155,9 +162,15 @@ export const Route = createFileRoute('/api/auth/callback/$provider')({
 
           const tokenData = await tokenResponse.json()
           if (tokenData.error) {
-            console.error('[OAuth Callback] Google OAuth error received')
+            console.error(`[AUTH:ERROR] Google token exchange failed: ${tokenData.error}, description: ${tokenData.error_description || 'none'}`)
             throw new Error(`Google OAuth error: ${tokenData.error}`)
           }
+
+          if (!tokenData.access_token) {
+            console.error('[AUTH:ERROR] Google token exchange succeeded but no access_token returned')
+            throw new Error('No access token received from Google')
+          }
+
           accessToken = tokenData.access_token
 
           // Fetch user profile
@@ -173,7 +186,8 @@ export const Route = createFileRoute('/api/auth/callback/$provider')({
           const profile = await profileResponse.json()
 
           if (!profile.verified_email) {
-             throw new Error('Google email not verified')
+            console.error(`[AUTH:ERROR] Google email not verified for user ${profile.id} (${profile.email})`)
+            throw new Error('Google email not verified')
           }
 
           userProfile = {
@@ -193,6 +207,7 @@ export const Route = createFileRoute('/api/auth/callback/$provider')({
         })
 
         if (!user) {
+          console.error(`[AUTH:ERROR] User ${result.userId} not found after OAuth account creation for ${provider}:${userProfile.id} (${userProfile.email})`)
           throw new Error('User not found after OAuth account creation')
         }
 
@@ -224,7 +239,11 @@ export const Route = createFileRoute('/api/auth/callback/$provider')({
           headers,
         })
         } catch (err) {
-          console.error('[API OAuth Callback] Error:', err instanceof Error ? err.message : 'Unknown error')
+          console.error('[AUTH:ERROR] OAuth callback failed:', {
+            error: err instanceof Error ? err.message : 'Unknown error',
+            stack: err instanceof Error ? err.stack : undefined,
+            provider: params.provider,
+          })
           return Response.redirect(new URL('/login?error=oauth_failed', request.url), 302)
         }
       },

src/utils/auth.server-helpers.ts

@@ -10,6 +10,7 @@ export async function getCurrentUserFromRequest(request: Request) {
   const signedCookie = getSessionCookie(request)
 
   if (!signedCookie) {
+    // This is normal - user just isn't logged in
     return null
   }
 
@@ -18,6 +19,7 @@ export async function getCurrentUserFromRequest(request: Request) {
     const cookieData = await verifyCookie(signedCookie)
 
     if (!cookieData) {
+      console.error('[AUTH:ERROR] Session cookie verification failed - invalid signature or expired')
       return null
     }
 
@@ -27,11 +29,13 @@ export async function getCurrentUserFromRequest(request: Request) {
     })
 
     if (!user) {
+      console.error(`[AUTH:ERROR] Session cookie references non-existent user ${cookieData.userId}`)
       return null
     }
 
     // Verify session version matches (for session revocation)
     if (user.sessionVersion !== cookieData.version) {
+      console.error(`[AUTH:ERROR] Session version mismatch for user ${user.id} - expected ${user.sessionVersion}, got ${cookieData.version}`)
       return null
     }
 
@@ -50,10 +54,10 @@ export async function getCurrentUserFromRequest(request: Request) {
       interestedInHidingAds: user.interestedInHidingAds,
     }
   } catch (error) {
-    console.error(
-      '[getCurrentUserFromRequest] Failed to get user from session:',
-      error instanceof Error ? error.message : 'Unknown error',
-    )
+    console.error('[AUTH:ERROR] Failed to get user from session:', {
+      error: error instanceof Error ? error.message : 'Unknown error',
+      stack: error instanceof Error ? error.stack : undefined,
+    })
     return null
   }
 }
@@ -65,6 +69,7 @@ export async function getAuthenticatedUser() {
   const user = await getCurrentUserFromRequest(request)
 
   if (!user) {
+    console.error('[AUTH:ERROR] Authentication required but user not authenticated')
     throw new Error('Not authenticated')
   }
 

src/utils/oauth.server.ts

@@ -30,16 +30,22 @@ export async function upsertOAuthAccount(
   provider: OAuthProvider,
   profile: OAuthProfile,
 ) {
-  // Check if OAuth account already exists
-  const existingAccount = await getOAuthAccount(provider, profile.id)
+  try {
+    // Check if OAuth account already exists
+    const existingAccount = await getOAuthAccount(provider, profile.id)
+
+    if (existingAccount) {
+      // Account exists, update user info if needed
+      const user = await db.query.users.findFirst({
+        where: eq(users.id, existingAccount.userId),
+      })
 
-  if (existingAccount) {
-    // Account exists, update user info if needed
-    const user = await db.query.users.findFirst({
-      where: eq(users.id, existingAccount.userId),
-    })
+      if (!user) {
+        console.error(`[AUTH:ERROR] OAuth account exists for ${provider}:${profile.id} but user ${existingAccount.userId} not found`)
+        throw new Error('User not found for existing OAuth account')
+      }
 
-    if (user) {
+      if (user) {
       const updates: {
         email?: string
         name?: string
@@ -70,64 +76,78 @@ export async function upsertOAuthAccount(
     }
   }
 
-  // Find user by email (for linking multiple OAuth providers)
-  const existingUser = await db.query.users.findFirst({
-    where: eq(users.email, profile.email),
-  })
+    // Find user by email (for linking multiple OAuth providers)
+    const existingUser = await db.query.users.findFirst({
+      where: eq(users.email, profile.email),
+    })
 
-  let userId: string
+    let userId: string
 
-  if (existingUser) {
-    // Link OAuth account to existing user
-    userId = existingUser.id
+    if (existingUser) {
+      // Link OAuth account to existing user
+      console.log(`[AUTH:INFO] Linking ${provider} account to existing user ${existingUser.id} (${profile.email})`)
+      userId = existingUser.id
 
-    // Update user info if provided
-    const updates: {
-      name?: string
-      image?: string
-    } = {}
+      // Update user info if provided
+      const updates: {
+        name?: string
+        image?: string
+      } = {}
 
-    if (profile.name && !existingUser.name) {
-      updates.name = profile.name
-    }
-    if (profile.image && !existingUser.image) {
-      updates.image = profile.image
-    }
+      if (profile.name && !existingUser.name) {
+        updates.name = profile.name
+      }
+      if (profile.image && !existingUser.image) {
+        updates.image = profile.image
+      }
 
-    if (Object.keys(updates).length > 0) {
-      await db
-        .update(users)
-        .set({ ...updates, updatedAt: new Date() })
-        .where(eq(users.id, userId))
-    }
-  } else {
-    // Create new user
-    const [newUser] = await db
-      .insert(users)
-      .values({
-        email: profile.email,
-        name: profile.name,
-        image: profile.image,
-        capabilities: [],
-        displayUsername: profile.name,
-      })
-      .returning()
+      if (Object.keys(updates).length > 0) {
+        await db
+          .update(users)
+          .set({ ...updates, updatedAt: new Date() })
+          .where(eq(users.id, userId))
+      }
+    } else {
+      // Create new user
+      console.log(`[AUTH:INFO] Creating new user for ${provider} login: ${profile.email}`)
+      const [newUser] = await db
+        .insert(users)
+        .values({
+          email: profile.email,
+          name: profile.name,
+          image: profile.image,
+          capabilities: [],
+          displayUsername: profile.name,
+        })
+        .returning()
+
+      if (!newUser) {
+        console.error(`[AUTH:ERROR] Failed to create user for ${provider}:${profile.id} (${profile.email})`)
+        throw new Error('Failed to create user')
+      }
 
-    userId = newUser.id
-  }
+      userId = newUser.id
+    }
 
-  // Create OAuth account link
-  const newOAuthAccount: NewOAuthAccount = {
-    userId,
-    provider,
-    providerAccountId: profile.id,
-    email: profile.email,
-  }
+    // Create OAuth account link
+    const newOAuthAccount: NewOAuthAccount = {
+      userId,
+      provider,
+      providerAccountId: profile.id,
+      email: profile.email,
+    }
 
-  await db.insert(oauthAccounts).values(newOAuthAccount)
+    await db.insert(oauthAccounts).values(newOAuthAccount)
 
-  return {
-    userId,
-    isNewUser: !existingUser,
+    return {
+      userId,
+      isNewUser: !existingUser,
+    }
+  } catch (error) {
+    console.error(`[AUTH:ERROR] Failed to upsert OAuth account for ${provider}:${profile.id} (${profile.email}):`, {
+      error: error instanceof Error ? error.message : 'Unknown error',
+      stack: error instanceof Error ? error.stack : undefined,
+    })
+    throw error
   }
 }