From a13b07ec9d4898538df5d78e8ee153406932d060 Mon Sep 17 00:00:00 2001
From: devthejo <devthejo@protonmail.com>
Date: Wed, 2 Jul 2025 12:58:37 +0200
Subject: [PATCH] chore: debug

---
 libs/common/oapi/services/auth.js | 44 ++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 4 deletions(-)

diff --git a/libs/common/oapi/services/auth.js b/libs/common/oapi/services/auth.js
index 4765be6..b34486e 100644
--- a/libs/common/oapi/services/auth.js
+++ b/libs/common/oapi/services/auth.js
@@ -29,19 +29,26 @@ module.exports = function () {
   return async function auth(jwt, scopes) {
     const hasMetaExpUser = scopes.includes("meta.exp-user")
     let jwtVerified = false
+    const logger = ctx.require("logger")
+
+    logger.debug({ scopes, hasMetaExpUser }, "Starting authentication")
 
     try {
       if (!jwt) {
+        logger.warn("No JWT provided for authentication")
         return false
       }
 
+      logger.debug("JWT provided, attempting verification")
+
       jwtVerified = await jwtVerify(jwt, JWKSet)
       if (!jwtVerified) {
+        logger.warn("JWT verification failed")
         return false
       }
-    } catch (err) {
-      const logger = ctx.require("logger")
 
+      logger.debug("JWT verification successful")
+    } catch (err) {
       // Allow expired JWT only if meta.exp-user scope is present
       if (hasMetaExpUser && err.code === "ERR_JWT_EXPIRED") {
         logger.debug(
@@ -50,30 +57,59 @@ module.exports = function () {
         )
         // Continue processing with expired JWT
       } else {
-        logger.error({ error: err }, "jwVerify failed")
+        logger.error({ error: err }, "JWT verification failed")
         return false
       }
     }
 
+    logger.debug("Extracting claims from JWT")
     const claims = getHasuraClaimsFromJWT(jwt, claimsNamespace)
     const session = sessionVarsFromClaims(claims)
 
+    logger.debug(
+      { userId: session.userId, deviceId: session.deviceId },
+      "Session variables extracted from claims"
+    )
+
     // Add exp claim to session if meta.exp-user scope is present
     if (hasMetaExpUser) {
+      logger.debug("Adding exp claim for meta.exp-user scope")
       try {
         const payload = jwtDecode(jwt)
         if (payload && payload.exp) {
           session.exp = payload.exp
+          logger.debug({ exp: session.exp }, "Exp claim added to session")
+        } else {
+          logger.debug("No exp claim found in JWT payload")
         }
       } catch (err) {
-        const logger = ctx.require("logger")
         logger.error({ error: err }, "Failed to decode JWT for exp claim")
       }
     }
 
+    logger.debug(
+      { allowedRoles: session.allowedRoles, requestedScopes: scopes },
+      "Checking scope authorization"
+    )
+
     if (!isScopeAllowed(session, scopes)) {
+      logger.warn(
+        { allowedRoles: session.allowedRoles, requestedScopes: scopes },
+        "Scope authorization failed"
+      )
       return false
     }
+
+    logger.info("Authentication successful")
+    logger.debug(
+      {
+        userId: session.userId,
+        deviceId: session.deviceId,
+        allowedRoles: session.allowedRoles,
+      },
+      "Setting session context"
+    )
+
     reqCtx.set("session", session)
     return true
   }