diff --git a/sdk/src/auth/authMiddleware.ts b/sdk/src/auth/authMiddleware.ts index 4013802..550dc3a 100644 --- a/sdk/src/auth/authMiddleware.ts +++ b/sdk/src/auth/authMiddleware.ts @@ -19,7 +19,7 @@ const authMiddleware: RequestHandler = safeAsyncHandler(async (req: Request, res const credentials = await storage.getCredentialsByClientToken(token); if (!credentials) { - console.info(`[RISEACT-SDK] No credentials found in storage for token ${token}, redirecting to riseact accounts authorize page`); + console.info('[RISEACT-SDK] No credentials found in storage for provided client token, redirecting to riseact accounts authorize page'); // return res.redirect(authorizePageUrl); return res.status(401).send('Invalid client token'); } diff --git a/sdk/src/auth/callbackHandler.ts b/sdk/src/auth/callbackHandler.ts index 91aafb4..dff0189 100644 --- a/sdk/src/auth/callbackHandler.ts +++ b/sdk/src/auth/callbackHandler.ts @@ -46,7 +46,6 @@ const oauthCallbackHandler: RequestHandler = safeAsyncHandler(async (req: Reques .catch((e) => { console.error('[RISEACT-SDK] Error during OAuth callback with Riseact accounts server. Details below:', e, { callbackParams: params, - codeVerifier: storedState.codeVerifier, }); }); @@ -60,13 +59,12 @@ const oauthCallbackHandler: RequestHandler = safeAsyncHandler(async (req: Reques if (!refreshToken || !accessToken || !expiresInSeconds) { console.error('[RISEACT-SDK] No refresh_token, access_token or expires_in provided from authorization server. Details below:', { - refreshToken, - accessToken, + hasRefreshToken: !!refreshToken, + hasAccessToken: !!accessToken, expiresInSeconds, riseactConfig: config, callbackParams: params, - codeVerifierCookie: storedState, - tokenSet, + hasCodeVerifier: !!storedState.codeVerifier, }); return res.sendStatus(500); } diff --git a/sdk/src/auth/sidExchange.ts b/sdk/src/auth/sidExchange.ts index 8da0e2d..71207c8 100644 --- a/sdk/src/auth/sidExchange.ts +++ b/sdk/src/auth/sidExchange.ts @@ -28,7 +28,7 @@ const sidExchangeHandler: RequestHandler = safeAsyncHandler(async (req: Request, // console.error('[RISEACT-SDK] Organization domain mismatch in SID exchange request'); // return res.status(400).send('Organization domain mismatch'); // } - console.debug('[RISEACT-SDK] SID exchange successful>', { sid, token }); + console.debug('[RISEACT-SDK] SID exchange successful>', { sid, organizationDomain: token.organizationDomain }); return res.json({ client_token: token.clientToken, organization: token.organizationDomain, diff --git a/sdk/src/storage/file.ts b/sdk/src/storage/file.ts index ffcf412..4e8941a 100644 --- a/sdk/src/storage/file.ts +++ b/sdk/src/storage/file.ts @@ -16,7 +16,7 @@ async function readStore(): Promise> { async function writeStore(store: Record): Promise { const tmp = `${CREDENTIALS_FILE}.tmp`; - await fs.writeFile(tmp, JSON.stringify(store, null, 2), 'utf-8'); + await fs.writeFile(tmp, JSON.stringify(store, null, 2), { encoding: 'utf-8', mode: 0o600 }); await fs.rename(tmp, CREDENTIALS_FILE); // atomic swap } diff --git a/sdk/src/utils/lruCache.ts b/sdk/src/utils/lruCache.ts index dc90a1b..ebda160 100644 --- a/sdk/src/utils/lruCache.ts +++ b/sdk/src/utils/lruCache.ts @@ -10,7 +10,7 @@ export const pkceStore = new LRUCache({ }); export function savePkce(state: string, rec: PkceRecord) { - console.info('[RISEACT-SDK] Saving PKCE record', { state, rec }); + console.info('[RISEACT-SDK] Saving PKCE record', { state, organizationDomain: rec.organizationDomain }); pkceStore.set(state, rec); } @@ -30,7 +30,7 @@ export const sidStore = new LRUCache({ }); export function saveSid(state: string, rec: SidRecord) { - console.info('[RISEACT-SDK] Saving SID record', { state, rec }); + console.info('[RISEACT-SDK] Saving SID record', { state, organizationDomain: rec.organizationDomain }); sidStore.set(state, rec); }