From e3095c13054f028f98e9f2e0c63fd5ca8acc6048 Mon Sep 17 00:00:00 2001 From: Minit Date: Wed, 22 Apr 2026 13:17:52 +0530 Subject: [PATCH 1/3] fix(auth): disable NextAuth debug mode in production Co-Authored-By: Claude Sonnet 4.6 --- packages/database/auth/auth-options.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/database/auth/auth-options.ts b/packages/database/auth/auth-options.ts index 1e3a886b2b1..b6aa8d42588 100644 --- a/packages/database/auth/auth-options.ts +++ b/packages/database/auth/auth-options.ts @@ -53,7 +53,7 @@ export const authOptions = (): NextAuthOptions => { _adapter = DrizzleAdapter(db()); return _adapter; }, - debug: true, + debug: process.env.NODE_ENV !== "production", session: { strategy: "jwt", }, From c3d623c7f41a5ed45491d876458e9a3c856f953d Mon Sep 17 00:00:00 2001 From: Minit Date: Sat, 20 Jun 2026 21:41:02 +0530 Subject: [PATCH 2/3] fix(auth): remove production OTP token logging in sendVerificationRequest console.log({ identifier, token }) and console.log({ email }) ran unconditionally in the RESEND_API_KEY (production) path, writing raw OTP codes and recipient emails to stdout on every auth request. console.log("sendVerificationRequest") fired unconditionally. All three are debug-only artifacts with no functional role. Dev fallback path (!RESEND_API_KEY) is unchanged. --- packages/database/auth/auth-options.ts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/packages/database/auth/auth-options.ts b/packages/database/auth/auth-options.ts index b6aa8d42588..796a4ab93cc 100644 --- a/packages/database/auth/auth-options.ts +++ b/packages/database/auth/auth-options.ts @@ -101,8 +101,6 @@ export const authOptions = (): NextAuthOptions => { return crypto.randomInt(100000, 1000000).toString(); }, async sendVerificationRequest({ identifier, token }) { - console.log("sendVerificationRequest"); - if (!serverEnv().RESEND_API_KEY) { console.log("\n"); console.log( @@ -120,10 +118,8 @@ export const authOptions = (): NextAuthOptions => { ); console.log("\n"); } else { - console.log({ identifier, token }); const { OTPEmail } = await import("../emails/otp-email"); const email = OTPEmail({ code: token, email: identifier }); - console.log({ email }); await sendEmail({ email: identifier, subject: `Your Cap Verification Code`, From d99545538b56a00abe414bb5da55a5cb9c2c3c38 Mon Sep 17 00:00:00 2001 From: Minit Date: Sat, 20 Jun 2026 21:43:36 +0530 Subject: [PATCH 3/3] fix(auth): tighten debug flag to development env only NODE_ENV !== "production" enables debug logging in test/staging/unset environments. === "development" restricts it strictly to local dev, preventing JWT/session data from appearing in staging logs. Addresses review suggestion from tembo. --- packages/database/auth/auth-options.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/database/auth/auth-options.ts b/packages/database/auth/auth-options.ts index 796a4ab93cc..cc64b72f3f3 100644 --- a/packages/database/auth/auth-options.ts +++ b/packages/database/auth/auth-options.ts @@ -53,7 +53,7 @@ export const authOptions = (): NextAuthOptions => { _adapter = DrizzleAdapter(db()); return _adapter; }, - debug: process.env.NODE_ENV !== "production", + debug: process.env.NODE_ENV === "development", session: { strategy: "jwt", },