mbkauthe 4.8.4 → 5.0.0

package/lib/routes/dbLogs.js

@@ -1,15 +1,213 @@
 import express from "express";
+import rateLimit from "express-rate-limit";
 import { renderError } from "#response.js";
 import { dblogin } from "#pool.js";
 import { getQueryCount, getQueryLog, resetQueryCount, resetQueryLog } from "../utils/dbQueryLogger.js";
 import { mbkautheVar } from "#config.js";
-import rateLimit from 'express-rate-limit';
 
 const router = express.Router();
 
 const isDbLogsEnabled = () => process.env.env === "dev" && process.env.dbLogs === "true";
 
-// Rate limiter for info/test routes
+const clampLimit = (value, fallback = 50, max = 500) => {
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed) || parsed < 1) {
+    return fallback;
+  }
+  return Math.min(max, Math.floor(parsed));
+};
+
+const normalizeStringFilter = (value) => {
+  if (typeof value !== "string") return "";
+  return value.trim();
+};
+
+const parseSuccessFilter = (value) => {
+  if (value === true || value === "true") return true;
+  if (value === false || value === "false") return false;
+  return null;
+};
+
+const getRawQueryLog = () => {
+  if (typeof getQueryLog === "function") return getQueryLog();
+  if (typeof dblogin.getQueryLog === "function") return dblogin.getQueryLog();
+  return [];
+};
+
+const filterQueryLog = (queryLog, filters) => {
+  const poolName = normalizeStringFilter(filters.pool);
+  const username = normalizeStringFilter(filters.username).toLowerCase();
+  const url = normalizeStringFilter(filters.url).toLowerCase();
+  const success = parseSuccessFilter(filters.success);
+
+  return queryLog.filter((entry) => {
+    if (poolName && (entry?.pool?.name || "") !== poolName) {
+      return false;
+    }
+
+    if (username) {
+      const candidate = String(entry?.request?.username || entry?.request?.userId || "").toLowerCase();
+      if (!candidate.includes(username)) {
+        return false;
+      }
+    }
+
+    if (url) {
+      const candidateUrl = String(entry?.request?.url || "").toLowerCase();
+      if (!candidateUrl.includes(url)) {
+        return false;
+      }
+    }
+
+    if (success !== null && Boolean(entry?.success) !== success) {
+      return false;
+    }
+
+    return true;
+  });
+};
+
+const sortQueryLogNewestFirst = (queryLog) =>
+  [...queryLog].sort((a, b) => {
+    const left = Date.parse(b?.time || "") || 0;
+    const right = Date.parse(a?.time || "") || 0;
+    return left - right;
+  });
+
+const average = (numbers) => {
+  if (!numbers.length) return 0;
+  return numbers.reduce((sum, value) => sum + value, 0) / numbers.length;
+};
+
+const buildSummary = (queryLog) => {
+  const durations = queryLog
+    .map((entry) => Number(entry?.durationMs))
+    .filter((value) => Number.isFinite(value));
+  const executionDurations = queryLog
+    .map((entry) => Number(entry?.executionDurationMs))
+    .filter((value) => Number.isFinite(value));
+  const waitDurations = queryLog
+    .map((entry) => Number(entry?.poolWait?.waitMs))
+    .filter((value) => Number.isFinite(value));
+  const errorCount = queryLog.filter((entry) => entry?.success === false).length;
+  const pressuredQueries = queryLog.filter((entry) => entry?.poolWait?.hadPoolPressure).length;
+
+  const slowestQueries = [...queryLog]
+    .sort((a, b) => (Number(b?.durationMs) || 0) - (Number(a?.durationMs) || 0))
+    .slice(0, 5)
+    .map((entry) => ({
+      time: entry.time,
+      query: entry.query,
+      name: entry.name,
+      fingerprint: entry.fingerprint,
+      durationMs: entry.durationMs,
+      executionDurationMs: entry.executionDurationMs,
+      waitMs: entry.poolWait?.waitMs || 0,
+      success: entry.success,
+      request: entry.request,
+      pool: entry.pool,
+    }));
+
+  const repeatedGroupsMap = new Map();
+  for (const entry of queryLog) {
+    const key = entry?.fingerprint || entry?.normalizedQuery || entry?.query;
+    if (!key) continue;
+
+    const existing = repeatedGroupsMap.get(key);
+    if (existing) {
+      existing.count += 1;
+      existing.totalDurationMs += Number(entry?.durationMs) || 0;
+      existing.totalExecutionDurationMs += Number(entry?.executionDurationMs) || 0;
+      existing.totalWaitMs += Number(entry?.poolWait?.waitMs) || 0;
+      existing.errorCount += entry?.success === false ? 1 : 0;
+      if ((Date.parse(entry?.time || "") || 0) > (Date.parse(existing.lastSeen || "") || 0)) {
+        existing.lastSeen = entry.time;
+      }
+      continue;
+    }
+
+    repeatedGroupsMap.set(key, {
+      fingerprint: entry.fingerprint,
+      normalizedQuery: entry.normalizedQuery,
+      sampleQuery: entry.query,
+      sampleName: entry.name,
+      poolName: entry?.pool?.name || null,
+      requestUrl: entry?.request?.url || null,
+      count: 1,
+      totalDurationMs: Number(entry?.durationMs) || 0,
+      totalExecutionDurationMs: Number(entry?.executionDurationMs) || 0,
+      totalWaitMs: Number(entry?.poolWait?.waitMs) || 0,
+      errorCount: entry?.success === false ? 1 : 0,
+      lastSeen: entry.time,
+    });
+  }
+
+  const repeatedGroups = [...repeatedGroupsMap.values()]
+    .filter((group) => group.count > 1)
+    .sort((a, b) => {
+      if (b.count !== a.count) return b.count - a.count;
+      return b.totalDurationMs - a.totalDurationMs;
+    })
+    .slice(0, 8)
+    .map((group) => ({
+      fingerprint: group.fingerprint,
+      normalizedQuery: group.normalizedQuery,
+      sampleQuery: group.sampleQuery,
+      sampleName: group.sampleName,
+      poolName: group.poolName,
+      requestUrl: group.requestUrl,
+      count: group.count,
+      avgDurationMs: group.totalDurationMs / group.count,
+      avgExecutionDurationMs: group.totalExecutionDurationMs / group.count,
+      avgWaitMs: group.totalWaitMs / group.count,
+      errorCount: group.errorCount,
+      lastSeen: group.lastSeen,
+    }));
+
+  return {
+    totalVisible: queryLog.length,
+    avgDurationMs: average(durations),
+    avgExecutionDurationMs: average(executionDurations),
+    avgWaitMs: average(waitDurations),
+    errorCount,
+    pressuredQueries,
+    slowestQueries,
+    repeatedGroups,
+  };
+};
+
+const buildResponsePayload = (req) => {
+  const queryCount = typeof getQueryCount === "function"
+    ? getQueryCount()
+    : typeof dblogin.getQueryCount === "function"
+    ? dblogin.getQueryCount()
+    : 0;
+  const queryLimit = clampLimit(req.query.limit);
+  const filters = {
+    pool: normalizeStringFilter(req.query.pool),
+    username: normalizeStringFilter(req.query.username),
+    url: normalizeStringFilter(req.query.url),
+    success: parseSuccessFilter(req.query.success),
+  };
+  const filtered = filterQueryLog(getRawQueryLog(), filters);
+  const ordered = sortQueryLogNewestFirst(filtered);
+  const queryLog = ordered.slice(0, queryLimit);
+  const summary = buildSummary(queryLog);
+
+  return {
+    queryCount,
+    queryLimit,
+    filters: {
+      pool: filters.pool,
+      username: filters.username,
+      url: filters.url,
+      success: filters.success,
+    },
+    summary,
+    queryLog,
+  };
+};
+
 const LogLimit = rateLimit({
   windowMs: 1 * 60 * 1000,
   max: 50,
@@ -19,15 +217,14 @@ const LogLimit = rateLimit({
   },
   validate: {
     trustProxy: false,
-    xForwardedForHeader: false
-  }
+    xForwardedForHeader: false,
+  },
 });
 
-// DB stats API (JSON)
 router.get(["/db.json"], LogLimit, async (req, res) => {
   try {
     const isDev = isDbLogsEnabled();
-    const queryLimit = Number(req.query.limit) || 50;
+    const queryLimit = clampLimit(req.query.limit);
 
     if (!isDev) {
       return res.status(403).json({
@@ -36,21 +233,33 @@ router.get(["/db.json"], LogLimit, async (req, res) => {
         isDev,
         queryCount: 0,
         queryLimit,
-        queryLog: []
+        filters: {
+          pool: normalizeStringFilter(req.query.pool),
+          username: normalizeStringFilter(req.query.username),
+          url: normalizeStringFilter(req.query.url),
+          success: parseSuccessFilter(req.query.success),
+        },
+        summary: {
+          totalVisible: 0,
+          avgDurationMs: 0,
+          avgExecutionDurationMs: 0,
+          avgWaitMs: 0,
+          errorCount: 0,
+          pressuredQueries: 0,
+          slowestQueries: [],
+          repeatedGroups: [],
+        },
+        queryLog: [],
       });
     }
 
-    const queryCount = typeof getQueryCount === 'function' ? getQueryCount() : (typeof dblogin.getQueryCount === 'function' ? dblogin.getQueryCount() : 0);
-    const queryLog = typeof getQueryLog === 'function' ? getQueryLog({ limit: queryLimit }) : (typeof dblogin.getQueryLog === 'function' ? dblogin.getQueryLog({ limit: queryLimit }) : []);
-
-    return res.json({ queryCount, queryLimit, queryLog, isDev });
+    return res.json({ ...buildResponsePayload(req), isDev });
   } catch (err) {
-    console.error(`[mbkauthe] /db.json route error:`, err);
-    return res.status(500).json({ success: false, message: 'Could not fetch DB stats.' });
+    console.error("[mbkauthe] /db.json route error:", err);
+    return res.status(500).json({ success: false, message: "Could not fetch DB stats." });
   }
 });
 
-// Dedicated reset API for DB logs and counters
 router.post(["/db/reset"], LogLimit, async (req, res) => {
   try {
     const isDev = isDbLogsEnabled();
@@ -58,39 +267,48 @@ router.post(["/db/reset"], LogLimit, async (req, res) => {
       return res.status(403).json({
         success: false,
         message: "DB logs are disabled.",
-        isDev
+        isDev,
       });
     }
 
-    if (typeof resetQueryCount === 'function') resetQueryCount();
-    else if (typeof dblogin.resetQueryCount === 'function') dblogin.resetQueryCount();
+    if (typeof resetQueryCount === "function") resetQueryCount();
+    else if (typeof dblogin.resetQueryCount === "function") dblogin.resetQueryCount();
 
-    if (typeof resetQueryLog === 'function') resetQueryLog();
-    else if (typeof dblogin.resetQueryLog === 'function') dblogin.resetQueryLog();
+    if (typeof resetQueryLog === "function") resetQueryLog();
+    else if (typeof dblogin.resetQueryLog === "function") dblogin.resetQueryLog();
 
-    return res.json({ success: true, message: 'Query log and count have been reset.' });
+    return res.json({ success: true, message: "Query log and count have been reset." });
   } catch (err) {
-    console.error(`[mbkauthe] /db/reset route error:`, err);
-    return res.status(500).json({ success: false, message: 'Could not reset DB stats.' });
+    console.error("[mbkauthe] /db/reset route error:", err);
+    return res.status(500).json({ success: false, message: "Could not reset DB stats." });
   }
 });
 
-// DB stats page (HTML)
 router.get(["/db"], LogLimit, async (req, res) => {
   try {
     const isDev = isDbLogsEnabled();
-    const queryLimit = Number(req.query.limit) || 50;
-    const resetDone = req.query.resetDone === '1';
-    return res.render('pages/dbLogs.handlebars', {
+    const queryLimit = clampLimit(req.query.limit);
+    const resetDone = req.query.resetDone === "1";
+    const successFilter = parseSuccessFilter(req.query.success);
+
+    return res.render("pages/dbLogs.handlebars", {
       layout: false,
       appName: mbkautheVar.APP_NAME,
       queryLimit,
       resetDone,
       isDev,
-      disabledMessage: isDev ? null : 'DB logs are disabled.'
+      filters: {
+        pool: normalizeStringFilter(req.query.pool),
+        username: normalizeStringFilter(req.query.username),
+        url: normalizeStringFilter(req.query.url),
+        successAny: successFilter === null,
+        successTrue: successFilter === true,
+        successFalse: successFilter === false,
+      },
+      disabledMessage: isDev ? null : "DB logs are disabled.",
     });
   } catch (err) {
-    console.error(`[mbkauthe] /db route error:`, err);
+    console.error("[mbkauthe] /db route error:", err);
     return renderError(res, req, {
       layout: false,
       code: 500,
@@ -102,4 +320,4 @@ router.get(["/db"], LogLimit, async (req, res) => {
   }
 });
 
-export default router;
+export default router;

package/lib/routes/misc.js

@@ -7,10 +7,12 @@ import { authenticate, sessVal, sessRole } from "../middleware/auth.js";
 import { ErrorCodes, ErrorMessages, createErrorResponse } from "../utils/errors.js";
 import { dblogin } from "#pool.js";
 import { clearSessionCookies, decryptSessionId, cachedCookieOptions } from "#cookies.js";
+import { AuthRepository } from "../db/AuthRepository.js";
 import { fileURLToPath } from "url";
 import path from "path";
 import fs from "fs";
 import dotenv from "dotenv";
+import { createLogger } from "../utils/logger.js";
 
 dotenv.config();
 
@@ -18,6 +20,8 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
 
 const router = express.Router();
+const authRepo = new AuthRepository({ db: dblogin });
+const logMisc = createLogger("misc");
 // Rate limiter for info/test routes
 const LoginLimit = rateLimit({
   windowMs: 1 * 60 * 1000,
@@ -100,14 +104,10 @@ router.get('/user/profilepic', async (req, res) => {
 
     // If not in cache, fetch from DB
     if (!imageUrl) {
-      const result = await dblogin.query({
-        name: 'get-user-profile-pic',
-        text: 'SELECT "Image" FROM "Users" WHERE "UserName" = $1 LIMIT 1',
-        values: [username]
-      });
+      const profile = await authRepo.getUserImageByUsername(username, 'get-user-profile-pic');
 
-      if (result.rows.length > 0 && result.rows[0].Image && result.rows[0].Image.trim() !== '') {
-        imageUrl = result.rows[0].Image;
+      if (profile && profile.Image && profile.Image.trim() !== '') {
+        imageUrl = profile.Image;
       } else {
         imageUrl = 'default';
       }
@@ -229,31 +229,13 @@ router.get('/api/checkSession', LoginLimit, async (req, res) => {
     }
 
     // Single round-trip: fetch app-session expiry and (if needed) connect-pg-simple expiry.
-    const result = await dblogin.query({
-      name: 'check-session-validity',
-      text: `
-        SELECT
-          s.expires_at,
-          u."Active",
-          CASE
-            WHEN s.expires_at IS NULL THEN (SELECT expire FROM "session" WHERE sid = $2)
-            ELSE NULL
-          END AS connect_expire
-        FROM "Sessions" s
-        JOIN "Users" u ON s."UserName" = u."UserName"
-        WHERE s.id = $1
-        LIMIT 1
-      `,
-      values: [sessionId, req.sessionID]
-    });
+    const row = await authRepo.getSessionValidity(sessionId, req.sessionID, 'check-session-validity');
 
-    if (result.rows.length === 0) {
+    if (!row) {
       req.session.destroy(() => { });
       clearSessionCookies(res);
       return res.status(200).json({ sessionValid: false, expiry: null });
     }
-
-    const row = result.rows[0];
     if ((row.expires_at && new Date(row.expires_at) <= new Date()) || !row.Active) {
       req.session.destroy(() => { });
       clearSessionCookies(res);
@@ -298,17 +280,8 @@ function normalizeSessionIdFromBody(body = {}) {
 }
 
 async function getSessionValidationRow(sessionId, queryName = 'check-session-validity-by-id') {
-  const result = await dblogin.query({
-    name: queryName,
-    text: `SELECT s.expires_at, u."Active", u."UserName", u."Role" FROM "Sessions" s JOIN "Users" u ON s."UserName" = u."UserName" WHERE s.id = $1 LIMIT 1`,
-    values: [sessionId]
-  });
-
-  if (result.rows.length === 0) {
-    return null;
-  }
-
-  return result.rows[0];
+  const row = await authRepo.getSessionValidationRow(sessionId, queryName);
+  return row || null;
 }
 
 function isSessionRowValid(row) {
@@ -501,9 +474,9 @@ export async function checkVersion() {
         if (hasValidLatest && latestVersion !== packageJson.version) {
             console.warn(`[mbkauthe] Current version (${packageJson.version}) is outdated. Latest version: ${latestVersion}. Consider updating mbkauthe.`);
         } else if (hasValidLatest) {
-            console.info(`[mbkauthe] Running latest version (${packageJson.version}).`);
+            logMisc(`Running latest version (${packageJson.version}).`);
         } else {
-            console.info(`[mbkauthe] Skipped version check warning: latest version unavailable.`);
+            logMisc(`Skipped version check warning: latest version unavailable.`);
         }
     } catch (error) {
         console.warn(`[mbkauthe] Failed to check for updates: ${error.message}`);
@@ -567,25 +540,19 @@ router.post("/api/terminateAllSessions", AdminOperationLimit, authenticate(mbkau
   try {
     // Run both operations in parallel for better performance
     await Promise.all([
-      dblogin.query({
-        name: 'terminate-all-app-sessions',
-        text: 'DELETE FROM "Sessions"'
-      }),
-      dblogin.query({
-        name: 'terminate-all-db-sessions',
-        text: 'DELETE FROM "session" WHERE expire > NOW()'
-      })
+      authRepo.deleteAllAppSessions('terminate-all-app-sessions'),
+      authRepo.deleteActiveSessionStoreRows('terminate-all-db-sessions')
     ]);
 
     req.session.destroy((err) => {
       if (err) {
-        console.log(`[mbkauthe] Error destroying session:`, err);
+        console.error(`[mbkauthe] Error destroying session:`, err);
         return res.status(500).json({ success: false, message: "Failed to terminate sessions" });
       }
 
       clearSessionCookies(res);
 
-      console.log(`[mbkauthe] All sessions terminated successfully`);
+      logMisc(`All sessions terminated successfully`);
       res.status(200).json({
         success: true,
         message: "All sessions terminated successfully",

package/lib/routes/oauth.js

@@ -8,8 +8,12 @@ import { dblogin } from "#pool.js";
 import { mbkautheVar } from "#config.js";
 import { renderError } from "../utils/response.js";
 import { checkTrustedDevice, completeLoginProcess } from "./auth.js";
+import { AuthRepository } from "../db/AuthRepository.js";
+import { createLogger } from "../utils/logger.js";
 
 const router = express.Router();
+const authRepo = new AuthRepository({ db: dblogin });
+const logOAuth = createLogger("oauth");
 
 // CSRF protection middleware
 const csrfProtection = csurf({ cookie: true });
@@ -39,28 +43,19 @@ const githubClientSecret = mbkautheVar.GITHUB_APP_CLIENT_SECRET || mbkautheVar.G
 // Common OAuth strategy handler
 const createOAuthStrategy = async (provider, profile, done) => {
     try {
-        console.log(`[mbkauthe] ${provider} OAuth callback for user: ${profile.emails?.[0]?.value || profile.id}`);
+        logOAuth(`${provider} OAuth callback for user: ${profile.emails?.[0]?.value || profile.id}`);
 
         const isGitHub = provider === 'GitHub';
-        const tableName = isGitHub ? 'user_github' : 'user_google';
-        const idField = isGitHub ? 'github_id' : 'google_id';
-        const queryName = isGitHub ? 'github-login-get-user' : 'google-login-get-user';
 
         // Check if this OAuth account is linked to any user
-        const oauthUser = await dblogin.query({
-            name: queryName,
-            text: `SELECT ug.*, u."UserName", u."Role", u."Active", u."AllowedApps", u."id" FROM ${tableName} ug JOIN "Users" u ON ug.user_name = u."UserName" WHERE ug.${idField} = $1`,
-            values: [profile.id]
-        });
+        const user = await authRepo.getOAuthUserByProviderId(provider, profile.id);
 
-        if (oauthUser.rows.length === 0) {
+        if (!user) {
             const error = new Error(`${provider} account not linked to any user`);
             error.code = `${provider.toUpperCase()}_NOT_LINKED`;
             return done(error);
         }
 
-        const user = oauthUser.rows[0];
-
         // Check if the user account is active
         if (!user.Active) {
             const error = new Error('Account is inactive');
@@ -83,6 +78,8 @@ const createOAuthStrategy = async (provider, profile, done) => {
             id: user.id,
             username: user.UserName,
             role: user.Role,
+            allowedApps: user.AllowedApps,
+            TwoFAStatus: user.TwoFAStatus,
         };
 
         if (isGitHub) {
@@ -149,7 +146,7 @@ if ((mbkautheVar.GOOGLE_LOGIN_ENABLED || "").toLowerCase() === "true") {
 
 // Print consolidated OAuth summary
 if (enabledProviders.length > 0) {
-    console.log(`[mbkauthe] Social providers: ${enabledProviders.join(', ')}`);
+    logOAuth(`Social providers: ${enabledProviders.join(', ')}`);
 }
 
 // Serialize/Deserialize user for OAuth login
@@ -182,7 +179,7 @@ const createOAuthInitiation = (provider, enabledFlag, clientIdFlag, clientSecret
             // Store CSRF token for validation on callback
             const csrfToken = req.csrfToken();
             req.session.oauthCsrfToken = csrfToken;
-            console.log(`[mbkauthe] ${provider} OAuth initiation started`);
+            logOAuth(`${provider} OAuth initiation started`);
 
             // Store redirect parameter in session before OAuth flow
             const redirect = req.query.redirect;
@@ -207,7 +204,7 @@ const createOAuthInitiation = (provider, enabledFlag, clientIdFlag, clientSecret
                         pagename: 'Login'
                     });
                 }
-                console.log(`[mbkauthe] ${provider} OAuth session saved successfully`);
+                logOAuth(`${provider} OAuth session saved successfully`);
                 passport.authenticate(`${provider.toLowerCase()}-login`, { state: csrfToken })(req, res, next);
             });
         } else {
@@ -299,39 +296,11 @@ const validateOAuthCallback = (req, res) => {
     return true;
 };
 
-const finishProviderLogin = async (req, res, provider, username, detailValue = '') => {
-    const userQuery = `
-    SELECT u.id, u."UserName", u."Active", u."Role", u."AllowedApps",
-           tfa."TwoFAStatus"
-    FROM "Users" u
-    LEFT JOIN "TwoFA" tfa ON u."UserName" = tfa."UserName"
-    WHERE u."UserName" = $1
-  `;
-
-    const userResult = await dblogin.query({
-        name: `${provider.toLowerCase()}-callback-get-user`,
-        text: userQuery,
-        values: [username]
-    });
-
-    if (userResult.rows.length === 0) {
-        console.error(`[mbkauthe] ${provider} login: User not found: ${username}`);
-        return renderError(res, req, {
-            code: 404,
-            error: 'User Not Found',
-            message: `Your ${provider} account is linked, but the user account no longer exists in our system.`,
-            page: '/mbkauthe/login',
-            pagename: 'Login',
-            details: `${provider} identifier: ${detailValue}\nPlease contact your administrator.`
-        });
-    }
-
-    const user = userResult.rows[0];
-
+const finishProviderLogin = async (req, res, provider, user, detailValue = '') => {
     // Check for trusted device
     const trustedDeviceUser = await checkTrustedDevice(req, user.UserName);
     if (trustedDeviceUser && (mbkautheVar.MBKAUTH_TWO_FA_ENABLE || "").toLowerCase() === "true" && user.TwoFAStatus) {
-        console.log(`[mbkauthe] ${provider} trusted device login for user: ${user.UserName}, skipping 2FA only`);
+        logOAuth(`${provider} trusted device login for user: ${user.UserName}, skipping 2FA only`);
         return await handleOAuthRedirect(req, res, user, 'trusted', provider.toLowerCase());
     }
     
@@ -347,7 +316,7 @@ const finishProviderLogin = async (req, res, provider, username, detailValue = '
             loginMethod: provider.toLowerCase(),
             redirectUrl: oauthRedirect || null
         };
-        console.log(`[mbkauthe] ${provider} login: 2FA required for user: ${username}`);
+        logOAuth(`${provider} login: 2FA required for user: ${user.UserName}`);
         return res.redirect('/mbkauthe/2fa');
     }
 
@@ -394,7 +363,13 @@ const createOAuthCallback = (provider, strategy) => {
                     req,
                     res,
                     provider,
-                    oauthUser.username,
+                    {
+                        id: oauthUser.id,
+                        UserName: oauthUser.username,
+                        Role: oauthUser.role,
+                        AllowedApps: oauthUser.allowedApps,
+                        TwoFAStatus: oauthUser.TwoFAStatus
+                    },
                     provider === 'GitHub' ? (oauthUser.githubUsername || oauthUser.username) : (oauthUser.googleEmail || oauthUser.username)
                 );
             } catch (err) {
@@ -436,7 +411,7 @@ const handleOAuthRedirect = async (req, res, user, type, method = null) => {
     res.json = function (data) {
         if (data.success && statusCode === 200) {
             const redirectUrl = oauthRedirect || mbkautheVar.loginRedirectURL || '/dashboard';
-            console.log(`[mbkauthe] ${method || 'social'} ${type} login: Redirecting to ${redirectUrl}`);
+            logOAuth(`${method || 'social'} ${type} login: Redirecting to ${redirectUrl}`);
             res.json = originalJson;
             res.status = originalStatus;
             return res.redirect(redirectUrl);