From a80dd357a357b7c502b74b856517a53782d148bb Mon Sep 17 00:00:00 2001
From: Matthieu Haineault <matthieuh@targointernet.com>
Date: Fri, 19 Dec 2025 09:24:26 -0500
Subject: [PATCH] feat(debugging): temporary guard disable and comment for
 troubleshooting dockerization of the staging app. to be rolled-back before
 prod

---
 .../controllers/auth.controller.ts            |  4 ++--
 .../guards/authentik-auth.guard.ts            |  1 +
 .../strategies/authentik.strategy.ts          |  1 +
 src/main.ts                                   | 21 +++++++++++++------
 4 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/identity-and-account/authentication/controllers/auth.controller.ts b/src/identity-and-account/authentication/controllers/auth.controller.ts
index 43c9397..d0d8b06 100644
--- a/src/identity-and-account/authentication/controllers/auth.controller.ts
+++ b/src/identity-and-account/authentication/controllers/auth.controller.ts
@@ -5,12 +5,12 @@ import { Request, Response } from 'express';
 @Controller('auth')
 export class AuthController {
 
-    @UseGuards(OIDCLoginGuard)
+    // @UseGuards(OIDCLoginGuard)
     @Get('/v1/login')
     login() { }
 
     @Get('/callback')
-    @UseGuards(OIDCLoginGuard)
+    // @UseGuards(OIDCLoginGuard)
     loginCallback(@Req() req: Request, @Res() res: Response) {
         // res.redirect('http://10.100.251.2:9011/#/login-success');
         res.redirect('http://localhost:9000/#/login-success');
diff --git a/src/identity-and-account/authentication/guards/authentik-auth.guard.ts b/src/identity-and-account/authentication/guards/authentik-auth.guard.ts
index ff4f44d..1fb423a 100644
--- a/src/identity-and-account/authentication/guards/authentik-auth.guard.ts
+++ b/src/identity-and-account/authentication/guards/authentik-auth.guard.ts
@@ -6,6 +6,7 @@ export class OIDCLoginGuard extends AuthGuard('openidconnect') {
   async canActivate(context: ExecutionContext) {
     const result = (await super.canActivate(context)) as boolean;
     const request = context.switchToHttp().getRequest();
+    console.log('JWT HEADER:', request.headers.authorization);
     await super.logIn(request);
     return result;
   }
diff --git a/src/identity-and-account/authentication/strategies/authentik.strategy.ts b/src/identity-and-account/authentication/strategies/authentik.strategy.ts
index 5d1c029..4bfd32d 100644
--- a/src/identity-and-account/authentication/strategies/authentik.strategy.ts
+++ b/src/identity-and-account/authentication/strategies/authentik.strategy.ts
@@ -53,6 +53,7 @@ export class AuthentikStrategy extends PassportStrategy(OIDCStrategy, 'openidcon
 
             const components = _idToken.split('.');
             const payload = Buffer.from(components[1], "base64").toString('utf-8');
+            console.log('JWT PAYLOAD:', payload);
             const claims = JSON.parse(payload);
 
             if (!claims.email) return cb(new Error('Missing email in OIDC profile'), false);
diff --git a/src/main.ts b/src/main.ts
index d4b520d..d8d1f1b 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -16,6 +16,7 @@ import * as session from 'express-session';
 import * as passport from 'passport';
 import { PrismaService } from 'src/prisma/prisma.service';
 import { PrismaSessionStore } from '@quixo3/prisma-session-store';
+
 // import { extractOldShifts } from 'scripts/migrate-shifts';
 // import { extractOldTimesheets } from 'scripts/migrate-timesheets';
 // import { extractOldExpenses } from 'scripts/migrate-expenses';
@@ -23,11 +24,24 @@ import { PrismaSessionStore } from '@quixo3/prisma-session-store';
 const SESSION_TOKEN_DURATION_MINUTES = 180
 
 async function bootstrap() {
+
     const app = await NestFactory.create(AppModule);
     const prisma_service = app.get(PrismaService);
-
     const reflector = app.get(Reflector);
 
+    app.use((req, res, next) => {
+        console.log('--- INCOMING REQUEST ---');
+        console.log('METHOD:', req.method);
+        console.log('URL:', req.originalUrl);
+        console.log('HEADERS:', req.headers);
+        console.log('BODY:', req.body);
+        console.log('------------------------');
+        console.log(req.headers.authorization);
+        console.log(req.headers['x-authentik-signature']);
+        console.log(req.headers['content-type)']);
+        next();
+    });
+
     app.useGlobalGuards(
         // new JwtAuthGuard(reflector), //Authentification JWT
         new ModulesGuard(reflector), //deny-by-default and Module-based Access Control
@@ -89,11 +103,6 @@ async function bootstrap() {
     SwaggerModule.setup('api/docs', app, document);
     writeFileSync('./docs/swagger/swagger-spec.json', JSON.stringify(document, null, 2));
 
-    // logs to be removed post dev
-    console.log('[ENV.ATTACHMENTS_ROOT]', process.env.ATTACHMENTS_ROOT);
-    console.log('[resolveAttachmentsRoot()]', resolveAttachmentsRoot());
-    console.log('[ATT_TMP_DIR()]', ATT_TMP_DIR());
-
     await ensureAttachmentsTmpDir();
     await app.listen(process.env.PORT ?? 3000);