mirror of
https://github.com/pacnpal/thrilltrack-explorer.git
synced 2025-12-22 01:51:12 -05:00
Add edge function logging
This commit is contained in:
gpt-engineer-app[bot]
@@ -1,4 +1,5 @@
|
||||
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
|
||||
import { edgeLogger } from '../_shared/logger.ts';
|
||||
|
||||
const corsHeaders = {
|
||||
'Access-Control-Allow-Origin': '*',
|
||||
@@ -22,21 +23,21 @@ Deno.serve(async (req) => {
|
||||
// Get authenticated user
|
||||
const { data: { user }, error: userError } = await supabaseClient.auth.getUser();
|
||||
if (userError || !user) {
|
||||
console.error('Authentication failed:', userError);
|
||||
edgeLogger.error('Authentication failed', { action: 'mfa_unenroll_auth' });
|
||||
return new Response(
|
||||
JSON.stringify({ error: 'Unauthorized' }),
|
||||
{ status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
|
||||
console.log('[mfa-unenroll] Processing request for user:', user.id);
|
||||
edgeLogger.info('Processing MFA unenroll', { action: 'mfa_unenroll', userId: user.id });
|
||||
|
||||
// Phase 1: Check AAL level
|
||||
const { data: { session } } = await supabaseClient.auth.getSession();
|
||||
const aal = session?.aal || 'aal1';
|
||||
|
||||
if (aal !== 'aal2') {
|
||||
console.warn('[mfa-unenroll] AAL2 required, current:', aal);
|
||||
edgeLogger.warn('AAL2 required for MFA removal', { action: 'mfa_unenroll_aal', userId: user.id, aal });
|
||||
return new Response(
|
||||
JSON.stringify({ error: 'AAL2 required to remove MFA' }),
|
||||
{ status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
|
||||
@@ -52,7 +53,7 @@ Deno.serve(async (req) => {
|
||||
const requiresMFA = roles?.some(r => ['admin', 'moderator', 'superuser'].includes(r.role));
|
||||
|
||||
if (requiresMFA) {
|
||||
console.warn('[mfa-unenroll] Role requires MFA, blocking removal');
|
||||
edgeLogger.warn('Role requires MFA, blocking removal', { action: 'mfa_unenroll_role', userId: user.id });
|
||||
return new Response(
|
||||
JSON.stringify({ error: 'Your role requires MFA and it cannot be disabled' }),
|
||||
{ status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
|
||||
@@ -68,7 +69,7 @@ Deno.serve(async (req) => {
|
||||
.gte('created_at', new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString());
|
||||
|
||||
if (recentAttempts && recentAttempts.length >= 2) {
|
||||
console.warn('[mfa-unenroll] Rate limit exceeded:', recentAttempts.length, 'attempts');
|
||||
edgeLogger.warn('Rate limit exceeded', { action: 'mfa_unenroll_rate', userId: user.id, attempts: recentAttempts.length });
|
||||
return new Response(
|
||||
JSON.stringify({ error: 'Rate limit exceeded. Try again in 24 hours.' }),
|
||||
{ status: 429, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
|
||||
@@ -88,7 +89,7 @@ Deno.serve(async (req) => {
|
||||
const { error: unenrollError } = await supabaseClient.auth.mfa.unenroll({ factorId });
|
||||
|
||||
if (unenrollError) {
|
||||
console.error('[mfa-unenroll] Unenroll failed:', unenrollError);
|
||||
edgeLogger.error('Unenroll failed', { action: 'mfa_unenroll_fail', userId: user.id, error: unenrollError.message });
|
||||
return new Response(
|
||||
JSON.stringify({ error: unenrollError.message }),
|
||||
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
|
||||
@@ -109,7 +110,7 @@ Deno.serve(async (req) => {
|
||||
});
|
||||
|
||||
if (auditError) {
|
||||
console.error('[mfa-unenroll] Audit log failed:', auditError);
|
||||
edgeLogger.error('Audit log failed', { action: 'mfa_unenroll_audit', userId: user.id });
|
||||
}
|
||||
|
||||
// Send security notification
|
||||
@@ -126,10 +127,10 @@ Deno.serve(async (req) => {
|
||||
}
|
||||
});
|
||||
} catch (notifError) {
|
||||
console.error('[mfa-unenroll] Notification failed:', notifError);
|
||||
edgeLogger.error('Notification failed', { action: 'mfa_unenroll_notification', userId: user.id });
|
||||
}
|
||||
|
||||
console.log('[mfa-unenroll] MFA successfully disabled for user:', user.id);
|
||||
edgeLogger.info('MFA successfully disabled', { action: 'mfa_unenroll_success', userId: user.id });
|
||||
|
||||
return new Response(
|
||||
JSON.stringify({ success: true }),
|
||||
@@ -137,7 +138,7 @@ Deno.serve(async (req) => {
|
||||
);
|
||||
|
||||
} catch (error) {
|
||||
console.error('[mfa-unenroll] Unexpected error:', error);
|
||||
edgeLogger.error('Unexpected error', { action: 'mfa_unenroll_error', error: error instanceof Error ? error.message : String(error) });
|
||||
return new Response(
|
||||
JSON.stringify({ error: 'Internal server error' }),
|
||||
{ status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
|
||||
|
||||
Reference in New Issue
Block a user