chore: logging updates to magic links

Bccorb · Bccorb · commit e3360f885793 · 2026-03-12T23:23:26.000-04:00
diff --git a/src/controllers/magicLinks.ts b/src/controllers/magicLinks.ts
@@ -16,13 +16,16 @@ import { User } from '../models/users';
 import { AuthEventService } from '../services/authEventService';
 import { sendMagicLinkEmail } from '../services/messagingService';
 import { AuthenticatedRequest } from '../types/types';
+import getLogger from '../utils/logger';
 import {
   computeSessionTimes,
   hashDeviceFingerprint,
   hashSha256,
   parseDurationToSeconds,
 } from '../utils/utils';
 
+const logger = getLogger('magic-links');
+
 const TTL_MINUTES = 15;
 const AUTH_MODE: 'web' | 'server' = process.env.AUTH_MODE! as 'web' | 'server';
 
@@ -79,6 +82,7 @@ export async function requestMagicLink(req: Request, res: Response) {
 }
 
 export async function verifyMagicLink(req: Request, res: Response) {
+  logger.debug('Verifying magic link');
   const { token } = req.params;
 
   if (!token) {
@@ -91,18 +95,23 @@ export async function verifyMagicLink(req: Request, res: Response) {
   });
 
   if (!record) {
+    logger.warn(`No magic link found for token: ${token}`);
     return res.status(400).json({ message: 'Invalid verification token' });
   }
 
   if (record.used_at) {
+    logger.warn(`Magic link token is already used ${token}`);
     return res.status(400).json({ message: 'Invalid verification token' });
   }
 
   if (record.expires_at < new Date()) {
+    logger.warn(`Magic link token expired: ${token}`);
     return res.status(400).json({ message: 'Invalid verification token' });
   }
 
   // Atomic consume
+  logger.info(`Magic link being consumed ${token}`);
+
   const [updated] = await MagicLinkToken.update(
     { used_at: new Date() },
     {
@@ -114,13 +123,15 @@ export async function verifyMagicLink(req: Request, res: Response) {
   );
 
   if (!updated) {
+    logger.error(`Magic link token was not consumted: ${token}`);
     return res.status(500).json({ message: 'Failed to use token' });
   }
 
   await AuthEventService.log({
     userId: record.user_id,
     type: 'magic_link_success',
     req,
+    metadata: { message: `Token: ${token}` },
   });
 
   // Device binding check
diff --git a/src/lib/cookie.ts b/src/lib/cookie.ts
@@ -52,7 +52,6 @@ export async function setAuthCookies(
 }
 
 export function clearAuthCookies(res: Response) {
-  logger.debug('Cookies cleared');
   res.clearCookie('seamless_access', {
     httpOnly: true,
     secure: process.env.NODE_ENV === 'production',
diff --git a/src/middleware/verifyCookieAuth.ts b/src/middleware/verifyCookieAuth.ts
@@ -35,7 +35,6 @@ export function verifyCookieAuth(cookieType: CookieType = 'access') {
           clearAuthCookies(res);
           return res.status(401).json({ error: 'unauthorized' });
         }
-        logger.debug(`Validating ephemeral cookie`);
         const user = await validateSession({
           type: 'cookie',
           value: ephemeralCookie,
@@ -77,7 +76,7 @@ export function verifyCookieAuth(cookieType: CookieType = 'access') {
       }
 
       // If we reach here, both access & refresh failed
-      clearAuthCookies(res);
+      //clearAuthCookies(res);
       return res.status(401).json({ error: 'unauthorized' });
     } catch (err) {
       logger.error('verifyCookieAuth error:', err);

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,6 @@ export async function setAuthCookies(`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`export function clearAuthCookies(res: Response) {`
`55`		`- logger.debug('Cookies cleared');`
`56`	`55`	`res.clearCookie('seamless_access', {`
`57`	`56`	`httpOnly: true,`
`58`	`57`	`secure: process.env.NODE_ENV === 'production',`