Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Harden auth impl #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fulleni merged 22 commits into main from harden_auth_impl
Jul 20, 2025
Merged
Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
cedbe20
chore(env): add JWT secret key requirement and update CORS origin
fulleni Jul 20, 2025
f0b2068
feat(config): add JWT secret key environment variable retrieval
fulleni Jul 20, 2025
1639d16
refactor(auth): replace hardcoded secret key with environment variable
fulleni Jul 20, 2025
a1468cb
feat(auth): add MongoDB token blacklist service
fulleni Jul 20, 2025
0d5e933
refactor(config): replace token blacklist service
fulleni Jul 20, 2025
01a2e5e
feat(auth): Add MongoDB verification code storage
fulleni Jul 20, 2025
0cb5741
refactor(mongodb): Improve verification code storage
fulleni Jul 20, 2025
8e74597
refactor(services): Replace in-memory verification code storage
fulleni Jul 20, 2025
1550783
refactor(services): remove unnecessary initialization
fulleni Jul 20, 2025
eb04f61
refactor(services): remove unnecessary init method
fulleni Jul 20, 2025
8e52d81
feat(database): add indexes to verification codes and tokens
fulleni Jul 20, 2025
48cbcfe
refactor(auth): replace print statements with logging
fulleni Jul 20, 2025
76589a3
fix(authorization): replace print statements with logger
fulleni Jul 20, 2025
7349220
fix(error_handler): use logger instead of print
fulleni Jul 20, 2025
2ea1f83
refactor: remove unused auth & verification services
fulleni Jul 20, 2025
74935bf
fix(auth): improve anonymous auth error handling
fulleni Jul 20, 2025
981e366
fix(auth): improve error handling in delete-account
fulleni Jul 20, 2025
205acd8
fix(auth): improve error handling in request-code handler
fulleni Jul 20, 2025
ee01c85
fix(auth): improve sign-out error logging
fulleni Jul 20, 2025
170539f
fix: improve error logging in verify-code handler
fulleni Jul 20, 2025
85a289b
fix(api): replace print statements with logger
fulleni Jul 20, 2025
89e2417
feat(auth): configure JWT issuer and expiry
fulleni Jul 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix(api): replace print statements with logger 
- Replaced `print` statements with `_logger`
- Improved error handling and logging
- Added stack traces to error logs
- Used more specific log levels
- Improved log message clarity
  • Loading branch information
fulleni committed Jul 20, 2025
commit 85a289bd9a8e046fcf833ea1901cfb5abc02445a
50 changes: 28 additions & 22 deletions routes/api/v1/data/[id]/index.dart
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ import 'package:ht_api/src/services/dashboard_summary_service.dart';
import 'package:ht_api/src/services/user_preference_limit_service.dart'; // Import UserPreferenceLimitService
import 'package:ht_data_repository/ht_data_repository.dart';
import 'package:ht_shared/ht_shared.dart';
import 'package:logging/logging.dart';

// Create a logger for this file.
final _logger = Logger('data_item_handler');

/// Handles requests for the /api/v1/data/[id] endpoint.
/// Dispatches requests to specific handlers based on the HTTP method.
Expand Down Expand Up @@ -136,7 +140,7 @@ Future<Response> _handleGet(
!permissionService.isAdmin(authenticatedUser)) {
// Ensure getOwnerId is provided for models requiring ownership check
if (modelConfig.getOwnerId == null) {
print(
_logger.severe(
'Configuration Error: Model "$modelName" requires '
'ownership check for GET item but getOwnerId is not provided.',
);
Expand Down Expand Up @@ -192,9 +196,9 @@ Future<Response> _handlePut(
dynamic itemToUpdate;
try {
itemToUpdate = modelConfig.fromJson(requestBody);
} on TypeError catch (e) {
} on TypeError catch (e, s) {
// Catch errors during deserialization (e.g., missing required fields)
print('Deserialization TypeError in PUT /data/[id]: $e');
_logger.warning('Deserialization TypeError in PUT /data/[id]', e, s);
// Throw BadRequestException to be caught by the errorHandler
throw const BadRequestException(
'Invalid request body: Missing or invalid required field(s).',
Expand All @@ -214,7 +218,7 @@ Future<Response> _handlePut(
} catch (e) {
// Ignore if getId throws, means ID might not be in the body,
// which is acceptable depending on the model/client.
print('Warning: Could not get ID from PUT body: $e');
_logger.info('Could not get ID from PUT body: $e');
}

// --- Handler-Level Limit Check (for UserContentPreferences PUT) ---
Expand All @@ -224,7 +228,7 @@ Future<Response> _handlePut(
try {
// Ensure the itemToUpdate is the correct type for the limit service
if (itemToUpdate is! UserContentPreferences) {
print(
_logger.severe(
'Type Error: Expected UserContentPreferences '
'for limit check, but got ${itemToUpdate.runtimeType}.',
);
Expand All @@ -239,11 +243,13 @@ Future<Response> _handlePut(
} on HtHttpException {
// Propagate known exceptions from the limit service (e.g., ForbiddenException)
rethrow;
} catch (e) {
} catch (e, s) {
// Catch unexpected errors from the limit service
print(
_logger.severe(
'Unexpected error during limit check for '
'UserContentPreferences PUT: $e',
'UserContentPreferences PUT',
e,
s,
);
throw const OperationFailedException(
'An unexpected error occurred during limit check.',
Expand Down Expand Up @@ -358,7 +364,7 @@ Future<Response> _handlePut(
!permissionService.isAdmin(authenticatedUser)) {
// Ensure getOwnerId is provided for models requiring ownership check
if (modelConfig.getOwnerId == null) {
print(
_logger.severe(
'Configuration Error: Model "$modelName" requires '
'ownership check for PUT but getOwnerId is not provided.',
);
Expand All @@ -374,7 +380,7 @@ Future<Response> _handlePut(
if (itemOwnerId != authenticatedUser.id) {
// This scenario should ideally not happen if the repository correctly
// enforced ownership during the update call when userId was passed.
print(
_logger.warning(
'Ownership check failed AFTER PUT for item $id. '
'Item owner: $itemOwnerId, User: ${authenticatedUser.id}',
);
Expand Down Expand Up @@ -424,7 +430,7 @@ Future<Response> _handleDelete(
!permissionService.isAdmin(authenticatedUser)) {
// Ensure getOwnerId is provided for models requiring ownership check
if (modelConfig.getOwnerId == null) {
print(
_logger.severe(
'Configuration Error: Model "$modelName" requires '
'ownership check for DELETE but getOwnerId is not provided.',
);
Expand Down Expand Up @@ -461,15 +467,15 @@ Future<Response> _handleDelete(
final repo = context.read<HtDataRepository<RemoteConfig>>();
itemToDelete = await repo.read(
id: id,
userId: userIdForRepoCall,
); // userId should be null for AppConfig
default:
print(
'Error: Unsupported model type "$modelName" reached _handleDelete ownership check.',
);
// Throw an exception to be caught by the errorHandler
throw OperationFailedException(
'Unsupported model type "$modelName" reached handler.',
userId: userIdForRepoCall,
); // userId should be null for AppConfig
default:
_logger.severe(
'Unsupported model type "$modelName" reached _handleDelete ownership check.',
);
// Throw an exception to be caught by the errorHandler
throw OperationFailedException(
'Unsupported model type "$modelName" reached handler.',
);
}

Expand Down Expand Up @@ -534,8 +540,8 @@ Future<Response> _handleDelete(
default:
// This case should ideally be caught by the data/_middleware.dart,
// but added for safety.
print(
'Error: Unsupported model type "$modelName" reached _handleDelete.',
_logger.severe(
'Unsupported model type "$modelName" reached _handleDelete.',
);
// Throw an exception to be caught by the errorHandler
throw OperationFailedException(
Expand Down

AltStyle γ«γ‚ˆγ£γ¦ε€‰ζ›γ•γ‚ŒγŸγƒšγƒΌγ‚Έ (->γ‚ͺγƒͺγ‚ΈγƒŠγƒ«) /