From 4e01608e4ab579ccdc2058386320eb28ea0704f6 Mon Sep 17 00:00:00 2001
From: KernelDeimos <7225168+KernelDeimos@users.noreply.github.com>
Date: Thu, 19 Feb 2026 17:02:33 -0500
Subject: [PATCH] dev: remove guarded debug log

---
 src/backend/src/middleware/configurable_auth.js | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/src/backend/src/middleware/configurable_auth.js b/src/backend/src/middleware/configurable_auth.js
index f0a6da750..c2e854318 100644
--- a/src/backend/src/middleware/configurable_auth.js
+++ b/src/backend/src/middleware/configurable_auth.js
@@ -117,19 +117,6 @@ const configurable_auth = options => async (req, res, next) => {
     const services = context.get('services');
     const svc_auth = services.get('auth');
 
-    // Debug: log token source and decoded type before creating Actor (for session_required / hasHttpOnlyCookie debugging)
-    if ( process.env.DEBUG ) {
-        let decodedForLog;
-        try {
-            decodedForLog = jwt.decode(token);
-        } catch ( _ ) { /* ignore */ }
-        console.log('decodedForLog?', decodedForLog);
-        const tokenType = decodedForLog && decodedForLog.t != null ? decodedForLog.t : '(no type or invalid jwt)';
-        const tokenPreview = typeof token === 'string' && token.length > 20
-            ? `${token.slice(0, 12)}...${token.slice(-8)}`
-            : '(short)';
-    }
-
     let actor;
     try {
         actor = await svc_auth.authenticate_from_token(token);