feat: Execute complete production readiness plan

src/lib/authService.ts

@@ -13,6 +13,8 @@ import type {
   MFAChallengeResult 
 } from '@/types/auth';
 import { setStepUpRequired, setAuthMethod, clearAllAuthFlags } from './sessionFlags';
+import { logger } from './logger';
+import { getErrorMessage } from './errorHandler';
 
 /**
  * Extract AAL level from session using Supabase API
@@ -20,14 +22,14 @@ import { setStepUpRequired, setAuthMethod, clearAllAuthFlags } from './sessionFl
  */
 export async function getSessionAal(session: Session | null): Promise<AALLevel> {
   if (!session) {
-    console.log('🔍 [AuthService] No session, returning aal1');
+    logger.log('[AuthService] No session, returning aal1');
     return 'aal1';
   }
   
   try {
     const { data, error } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel();
     
-    console.log('🔍 [AuthService] getSessionAal result:', { 
+    logger.log('[AuthService] getSessionAal result', { 
       hasData: !!data, 
       currentLevel: data?.currentLevel,
       nextLevel: data?.nextLevel,
@@ -35,15 +37,22 @@ export async function getSessionAal(session: Session | null): Promise<AALLevel>
     });
     
     if (error) {
-      console.error('[AuthService] Error getting AAL:', error);
+      logger.error('[AuthService] Error getting AAL', {
+        action: 'get_session_aal',
+        error: error.message
+      });
       return 'aal1';
     }
     
     const level = (data.currentLevel as AALLevel) || 'aal1';
-    console.log('🔐 [AuthService] Returning AAL:', level);
+    logger.log('[AuthService] Returning AAL', { level });
     return level;
-  } catch (error) {
-    console.error('[AuthService] Exception getting AAL:', error);
+  } catch (error: unknown) {
+    const errorMessage = getErrorMessage(error);
+    logger.error('[AuthService] Exception getting AAL', {
+      action: 'get_session_aal',
+      error: errorMessage
+    });
     return 'aal1';
   }
 }
@@ -56,7 +65,10 @@ export async function getEnrolledFactors(): Promise<MFAFactor[]> {
     const { data, error } = await supabase.auth.mfa.listFactors();
     
     if (error) {
-      console.error('[AuthService] Error listing factors:', error);
+      logger.error('[AuthService] Error listing factors', {
+        action: 'get_enrolled_factors',
+        error: error.message
+      });
       return [];
     }
     
@@ -70,8 +82,12 @@ export async function getEnrolledFactors(): Promise<MFAFactor[]> {
         created_at: f.created_at,
         updated_at: f.updated_at,
       }));
-  } catch (error) {
-    console.error('[AuthService] Exception listing factors:', error);
+  } catch (error: unknown) {
+    const errorMessage = getErrorMessage(error);
+    logger.error('[AuthService] Exception listing factors', {
+      action: 'get_enrolled_factors',
+      error: errorMessage
+    });
     return [];
   }
 }
@@ -119,13 +135,22 @@ export async function verifyMfaRequired(userId: string): Promise<boolean> {
       .in('role', ['admin', 'moderator']);
     
     if (error) {
-      console.error('[AuthService] Error checking roles:', error);
+      logger.error('[AuthService] Error checking roles', {
+        action: 'verify_mfa_required',
+        userId,
+        error: error.message
+      });
       return false;
     }
     
     return (data?.length || 0) > 0;
-  } catch (error) {
-    console.error('[AuthService] Exception checking roles:', error);
+  } catch (error: unknown) {
+    const errorMessage = getErrorMessage(error);
+    logger.error('[AuthService] Exception checking roles', {
+      action: 'verify_mfa_required',
+      userId,
+      error: errorMessage
+    });
     return false;
   }
 }
@@ -146,7 +171,10 @@ export async function handlePostAuthFlow(
     const aalCheck = await checkAalStepUp(session);
     
     if (aalCheck.needsStepUp) {
-      console.log(`[AuthService] ${authMethod} sign-in requires MFA step-up`);
+      logger.info('[AuthService] MFA step-up required', {
+        authMethod,
+        currentAal: aalCheck.currentLevel
+      });
       
       // Set flag and redirect to step-up page
       setStepUpRequired(true, window.location.pathname);
@@ -178,11 +206,16 @@ export async function handlePostAuthFlow(
         shouldRedirect: false,
       },
     };
-  } catch (error) {
-    console.error('[AuthService] Error in post-auth flow:', error);
+  } catch (error: unknown) {
+    const errorMessage = getErrorMessage(error);
+    logger.error('[AuthService] Error in post-auth flow', {
+      action: 'handle_post_auth_flow',
+      authMethod,
+      error: errorMessage
+    });
     return {
       success: false,
-      error: error instanceof Error ? error.message : 'Unknown error',
+      error: errorMessage,
     };
   }
 }
@@ -201,7 +234,11 @@ export async function verifyMfaUpgrade(session: Session | null): Promise<MFAChal
   const currentAal = await getSessionAal(session);
   
   if (currentAal !== 'aal2') {
-    console.error('[AuthService] MFA verification failed - still at AAL1');
+    logger.error('[AuthService] MFA verification failed', {
+      action: 'verify_mfa_upgrade',
+      expectedAal: 'aal2',
+      actualAal: currentAal
+    });
     await logAuthEvent(session.user.id, 'mfa_verification_failed', {
       expected_aal: 'aal2',
       actual_aal: currentAal,
@@ -245,10 +282,21 @@ async function logAuthEvent(
     });
     
     if (error) {
-      console.error('[AuthService] Error logging auth event:', error);
+      logger.error('[AuthService] Error logging auth event', {
+        action: 'log_auth_event',
+        eventAction: action,
+        userId,
+        error: error.message
+      });
     }
-  } catch (error) {
-    console.error('[AuthService] Exception logging auth event:', error);
+  } catch (error: unknown) {
+    const errorMessage = getErrorMessage(error);
+    logger.error('[AuthService] Exception logging auth event', {
+      action: 'log_auth_event',
+      eventAction: action,
+      userId,
+      error: errorMessage
+    });
   }
 }