11import { NextRequest , NextResponse } from "next/server" ;
22import { verifyNonce } from "@/lib/token" ;
3+ import { logApiReject } from "@/lib/api-log" ;
34import { executeMagicVerify , magicTokenStatus } from "@/lib/magic-verify" ;
45import type { VerifyFailureReason } from "@/lib/verify-feedback" ;
56
@@ -15,9 +16,13 @@ const COOKIE = "wh_lid";
1516export async function GET ( req : NextRequest ) {
1617 const token = req . nextUrl . searchParams . get ( "token" ) ;
1718 const nonce = token ? verifyNonce ( token ) : null ;
18- if ( ! nonce ) return failRedirect ( req , "invalid" ) ;
19+ if ( ! nonce ) {
20+ logApiReject ( "auth/verify" , "invalid" , { phase : "get" , hasToken : ! ! token } ) ;
21+ return failRedirect ( req , "invalid" ) ;
22+ }
1923 const status = await magicTokenStatus ( nonce ) ;
2024 if ( status !== "valid" ) {
25+ logApiReject ( "auth/verify" , status === "expired" ? "expired" : "used" , { phase : "get" } ) ;
2126 return failRedirect ( req , status === "expired" ? "expired" : "used" ) ;
2227 }
2328
@@ -64,15 +69,22 @@ export async function POST(req: NextRequest) {
6469
6570 const nonce = token ? verifyNonce ( token ) : null ;
6671 const deviceLocalId = req . cookies . get ( COOKIE ) ?. value ;
67- if ( ! nonce ) return failRedirect ( req , "invalid" ) ;
68- if ( ! deviceLocalId ) return failRedirect ( req , "no_session" ) ;
72+ if ( ! nonce ) {
73+ logApiReject ( "auth/verify" , "invalid" , { phase : "post" , hasToken : ! ! token } ) ;
74+ return failRedirect ( req , "invalid" ) ;
75+ }
76+ if ( ! deviceLocalId ) {
77+ logApiReject ( "auth/verify" , "no_session" , { phase : "post" } ) ;
78+ return failRedirect ( req , "no_session" ) ;
79+ }
6980
7081 try {
7182 const result = await executeMagicVerify ( nonce , deviceLocalId ) ;
7283 if ( result === "ok" ) {
7384 return NextResponse . redirect ( new URL ( "/?verified=1" , req . nextUrl . origin ) ) ;
7485 }
7586 if ( result === "device_mismatch" ) {
87+ logApiReject ( "auth/verify" , "wrong_device" , { phase : "post" } ) ;
7688 return failRedirect ( req , "wrong_device" ) ;
7789 }
7890 if ( result === "token_invalid" ) {
@@ -83,6 +95,7 @@ export async function POST(req: NextRequest) {
8395 return failRedirect ( req , "error" ) ;
8496 }
8597
98+ logApiReject ( "auth/verify" , "error" , { phase : "post" , detail : "unexpected_result" } ) ;
8699 return failRedirect ( req , "error" ) ;
87100}
88101
@@ -92,6 +105,8 @@ function failRedirect(req: NextRequest, reason: VerifyFailureReason) {
92105
93106async function failRedirectForToken ( req : NextRequest , nonce : string ) {
94107 const status = await magicTokenStatus ( nonce ) ;
108+ const reason = status === "expired" ? "expired" : "used" ;
109+ logApiReject ( "auth/verify" , reason , { phase : "post" , tokenStatus : status } ) ;
95110 if ( status === "expired" ) return failRedirect ( req , "expired" ) ;
96111 return failRedirect ( req , "used" ) ;
97112}
0 commit comments