From 536e544d04c2ad1705300a48455bcc0ca727a32b Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Sun, 15 Jun 2025 17:06:01 +0200
Subject: [PATCH] DEBUG: Add detailed OIDC cookie debugging for file preview
 issues

- Added logging for OIDC session presence and type detection
- Will help identify why OIDC cookies aren't being sent during file preview requests
- Keycloak login works but file previews fail due to missing OIDC cookie
---
 server/utils/auth.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/server/utils/auth.ts b/server/utils/auth.ts
index 6216258..1306a08 100644
--- a/server/utils/auth.ts
+++ b/server/utils/auth.ts
@@ -15,12 +15,19 @@ export const isAuthenticated = async (event: any): Promise<boolean> => {
   // Check Directus token authentication
   try {
     const directusToken = getCookie(event, 'directus_token');
+    console.log('[auth] Checking Directus token:', directusToken ? 'present' : 'not found');
+    
     if (directusToken) {
       // Validate Directus token is not expired
       const directusExpiry = getCookie(event, 'directus_token_expired_at');
+      console.log('[auth] Directus expiry cookie:', directusExpiry ? directusExpiry : 'not found');
+      
       if (directusExpiry) {
         const expiryTime = parseInt(directusExpiry);
-        if (Date.now() < expiryTime) {
+        const currentTime = Date.now();
+        console.log('[auth] Directus expiry check:', { currentTime, expiryTime, isValid: currentTime < expiryTime });
+        
+        if (currentTime < expiryTime) {
           console.log('[auth] Authenticated via Directus token');
           return true;
         } else {
@@ -39,8 +46,11 @@ export const isAuthenticated = async (event: any): Promise<boolean> => {
   // Check OIDC session authentication
   try {
     const oidcSession = getCookie(event, 'nuxt-oidc-auth');
+    console.log('[auth] Checking OIDC session:', oidcSession ? 'present' : 'not found');
+    
     if (oidcSession) {
       // Note: OIDC session might be encrypted, we'll validate it properly in session endpoint
+      console.log('[auth] OIDC session found, type:', oidcSession.startsWith('Fe26.2**') ? 'encrypted' : 'plain');
       console.log('[auth] Authenticated via OIDC session');
       return true;
     }