Security Hardening

src/context/AuthContext.js

@@ -1,13 +1,14 @@
 import React, { createContext, useState, useContext, useEffect } from 'react';
 import axios from 'axios';
 import api from '../utils/api';
+import logger from '../utils/logger';
 
 const AuthContext = createContext();
 
 const API_URL = process.env.REACT_APP_BACKEND_URL || window.location.origin;
 
 // Log environment on module load for debugging
-console.log('[AuthContext] Module initialized with:', {
+logger.log('[AuthContext] Module initialized with:', {
   REACT_APP_BACKEND_URL: process.env.REACT_APP_BACKEND_URL,
   REACT_APP_BASENAME: process.env.REACT_APP_BASENAME,
   API_URL: API_URL
@@ -56,14 +57,14 @@ export const AuthProvider = ({ children }) => {
       });
       setPermissions(response.data.permissions || []);
     } catch (error) {
-      console.error('Failed to fetch permissions:', error);
+      logger.error('Failed to fetch permissions:', error);
       setPermissions([]);
     }
   };
 
   const login = async (email, password) => {
     try {
-      console.log('[AuthContext] Starting login request...', {
+      logger.log('[AuthContext] Starting login request...', {
         API_URL: API_URL,
         envBackendUrl: process.env.REACT_APP_BACKEND_URL,
         fullUrl: `${API_URL}/api/auth/login`
@@ -80,7 +81,7 @@ export const AuthProvider = ({ children }) => {
         }
       );
 
-      console.log('[AuthContext] Login response received:', {
+      logger.log('[AuthContext] Login response received:', {
         status: response.status,
         hasToken: !!response.data?.access_token,
         hasUser: !!response.data?.user
@@ -98,23 +99,23 @@ export const AuthProvider = ({ children }) => {
       if (storedToken !== access_token) {
         throw new Error('Failed to store token in localStorage');
       }
-      console.log('[AuthContext] Token stored and verified in localStorage');
+      logger.log('[AuthContext] Token stored and verified in localStorage');
 
       // Update state in correct order
       setToken(access_token);
       setUser(userData);
-      console.log('[AuthContext] User state updated:', {
+      logger.log('[AuthContext] User state updated:', {
         email: userData.email,
         role: userData.role
       });
 
       // Fetch permissions immediately and WAIT for it (but don't fail login if it fails)
       try {
-        console.log('[AuthContext] Fetching permissions...');
+        logger.log('[AuthContext] Fetching permissions...');
         await fetchPermissions(access_token);
-        console.log('[AuthContext] Permissions fetched successfully');
+        logger.log('[AuthContext] Permissions fetched successfully');
       } catch (permError) {
-        console.error('[AuthContext] Failed to fetch permissions (non-critical):', {
+        logger.error('[AuthContext] Failed to fetch permissions (non-critical):', {
           message: permError.message,
           response: permError.response?.data,
           status: permError.response?.status
@@ -127,7 +128,7 @@ export const AuthProvider = ({ children }) => {
       return userData;
     } catch (error) {
       // Enhanced error logging
-      console.error('[AuthContext] Login failed:', {
+      logger.error('[AuthContext] Login failed:', {
         message: error.message,
         response: error.response?.data,
         status: error.response?.status,
@@ -174,7 +175,7 @@ export const AuthProvider = ({ children }) => {
       setUser(response.data);
       return response.data;
     } catch (error) {
-      console.error('Failed to refresh user:', error);
+      logger.error('Failed to refresh user:', error);
       // If token expired, logout
       if (error.response?.status === 401) {
         logout();