Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
Codex Review: Here are some suggestions.
Reply with @codex fix comments to fix any unresolved comments.
About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".
auth.config.ts
Outdated
| async signIn({ user, account, profile }) { | ||
| console.log("[auth] signIn payload", { user, account, profile }); | ||
| return true; | ||
| }, | ||
| async session({ session, token }) { | ||
| console.log("[auth] session payload", { session, token }); | ||
| return session; | ||
| }, | ||
| async jwt({ token, user, account, profile }) { | ||
| console.log("[auth] jwt payload", { token, user, account, profile }); |
There was a problem hiding this comment.
[P1] Remove sensitive payload logging in auth callbacks
The signIn, session, and jwt callbacks log their entire payloads (console.log("[auth] …", { user, account, profile, token })). In production these objects contain OAuth access tokens and user data, so the change will leak credentials and personal information into application logs. Consider gating the logs behind a development flag or removing them before release.
Useful? React with 👍 / 👎.
…iguration in workflow files
1 participant
得力于 Next.js Vercel Auth, Github OAth Apps, NEON Database,我们拥有了完全免费的登录系统
文档