From 1947c6a88620a2934a1a26f9cdd9a43d3a4ea4e4 Mon Sep 17 00:00:00 2001 From: Usman Baig Date: Sun, 22 Feb 2026 20:18:06 +0100 Subject: [PATCH] fix: remove debug logs from authentication and organization switching to enhance security and prevent sensitive information leakage --- CHANGELOG.md | 1 + app/actions/auth.ts | 7 ------- components/WorkspaceSwitcher.tsx | 1 - lib/api/organization.ts | 1 - lib/auth/context.tsx | 1 - 5 files changed, 1 insertion(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 04dfd2a..a4306cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), ### Fixed - **Organization context switch.** Switching away from a deleted organization now stores the session correctly instead of using an insecure fallback. +- **Removed debug logs.** Auth and organization-switching details no longer leak into the browser console in production. ## [0.10.0-alpha] - 2026-02-21 diff --git a/app/actions/auth.ts b/app/actions/auth.ts index 79d0e15..f618157 100644 --- a/app/actions/auth.ts +++ b/app/actions/auth.ts @@ -112,18 +112,13 @@ export async function exchangeAuthCode(code: string, codeVerifier: string, redir export async function setSessionAction(accessToken: string, refreshToken?: string) { try { - console.log('[setSessionAction] Decoding token...') if (!accessToken) throw new Error('Access token is missing') const payloadPart = accessToken.split('.')[1] const payload: UserPayload = JSON.parse(Buffer.from(payloadPart, 'base64').toString()) - console.log('[setSessionAction] Token Payload:', { sub: payload.sub, org_id: payload.org_id }) - const cookieStore = await cookies() const cookieDomain = getCookieDomain() - - console.log('[setSessionAction] Setting cookies with domain:', cookieDomain) cookieStore.set('access_token', accessToken, { httpOnly: true, @@ -146,8 +141,6 @@ export async function setSessionAction(accessToken: string, refreshToken?: strin }) } - console.log('[setSessionAction] Cookies set successfully') - return { success: true, user: { diff --git a/components/WorkspaceSwitcher.tsx b/components/WorkspaceSwitcher.tsx index a177337..f77a1c7 100644 --- a/components/WorkspaceSwitcher.tsx +++ b/components/WorkspaceSwitcher.tsx @@ -12,7 +12,6 @@ export default function OrganizationSwitcher({ orgs, activeOrgId }: { orgs: Orga const [switching, setSwitching] = useState(null) const handleSwitch = async (orgId: string | null) => { - console.log('Switching to organization:', orgId) setSwitching(orgId || 'personal') try { // * If orgId is null, we can't switch context via API in the same way if strict mode is on diff --git a/lib/api/organization.ts b/lib/api/organization.ts index 3cc5003..2273893 100644 --- a/lib/api/organization.ts +++ b/lib/api/organization.ts @@ -47,7 +47,6 @@ export async function getUserOrganizations(): Promise { // Switch Context (Get token for specific org) export async function switchContext(organizationId: string | null): Promise<{ access_token: string; expires_in: number }> { const payload = { organization_id: organizationId || '' } - console.log('Sending switch context request:', payload) return await authFetch<{ access_token: string; expires_in: number }>('/auth/switch-context', { method: 'POST', body: JSON.stringify(payload), diff --git a/lib/auth/context.tsx b/lib/auth/context.tsx index 61e2b45..ad834e1 100644 --- a/lib/auth/context.tsx +++ b/lib/auth/context.tsx @@ -159,7 +159,6 @@ export function AuthProvider({ children }: { children: React.ReactNode }) { // * If user has organizations but no context (org_id), switch to the first one if (!user.org_id && organizations.length > 0) { const firstOrg = organizations[0] - console.log('Auto-switching to organization:', firstOrg.organization_name) try { const { access_token } = await switchContext(firstOrg.organization_id)