implemented database connection security

Author: Kuzma02

.gitignore

@@ -35,3 +35,9 @@ yarn-error.log*
 # typescript
 *.tsbuildinfo
 next-env.d.ts
+
+
+# application logs (contains sensitive data)
+/server/logs/
+/logs/
+*.log

README.md

@@ -124,15 +124,17 @@ We have applied this method by examining the code after each new added functiona
 </ol>
 
 ```
-DATABASE_URL="mysql://username:password@localhost:3306/singitronic_nextjs"
+NODE_ENV=development
+DATABASE_URL="mysql://username:password@localhost:3306/singitronic_nextjs?sslmode=disabled"
 NEXTAUTH_SECRET=12D16C923BA17672F89B18C1DB22A
 NEXTAUTH_URL=http://localhost:3000
 ```
 
 <p>7. After you do it, you need to create another .env file in the server folder and put the same DATABASE_URL you used in the previous .env file:</p>
 
 ```
-DATABASE_URL="mysql://username:password@localhost:3306/singitronic_nextjs"
+NODE_ENV=development
+DATABASE_URL="mysql://username:password@localhost:3306/singitronic_nextjs?sslmode=disabled"
 ```
 
 <p>8. Now you need to open your terminal of choice in the root folder of the project and write:</p>

app/layout.tsx

@@ -1,7 +1,7 @@
 import type { Metadata } from "next";
 import { Inter } from "next/font/google";
 import "./globals.css";
-import { getServerSession } from "next-auth";
+import { getServerSession } from "next-auth/next";
 import 'svgmap/dist/svgMap.min.css';
 import SessionProvider from "@/utils/SessionProvider";
 import Header from "@/components/Header";

package-lock.json

@@ -1,3 +1,8 @@
 node_modules
 # Keep environment variables out of version control
 .env
+
+# application logs (contains sensitive data)
+/server/logs/
+/logs/
+*.log

server/.gitignore

@@ -1,5 +1,4 @@
-const { PrismaClient } = require("@prisma/client");
-const prisma = new PrismaClient();
+const prisma = require("../utills/db"); // ✅ Fixed: removed .default
 const bcrypt = require("bcryptjs");
 
 // Helper function to exclude password from user object

server/controllers/users.js

@@ -0,0 +1,33 @@
+const { PrismaClient } = require("@prisma/client");
+
+const prismaClientSingleton = () => {
+    // Validate that DATABASE_URL is present
+    if (!process.env.DATABASE_URL) {
+        throw new Error('DATABASE_URL environment variable is required');
+    }
+
+    // Parse DATABASE_URL to check SSL configuration
+    const databaseUrl = process.env.DATABASE_URL;
+    const url = new URL(databaseUrl);
+    
+    // Log SSL configuration for debugging
+    if (process.env.NODE_ENV === "development") {
+        console.log(` Database connection: ${url.protocol}//${url.hostname}:${url.port || '3306'}`);
+        console.log(`🔒 SSL Mode: ${url.searchParams.get('sslmode') || 'not specified'}`);
+    }
+
+    return new PrismaClient({
+        // Add logging for debugging
+        log: process.env.NODE_ENV === "development" 
+            ? ['query', 'info', 'warn', 'error']
+            : ['error', 'warn'],
+    });
+}
+
+const globalForPrisma = globalThis;
+
+const prisma = globalForPrisma.prisma ?? prismaClientSingleton();
+
+module.exports = prisma;
+
+if(process.env.NODE_ENV !== "production") globalForPrisma.prisma = prisma;

server/logs/access.log

@@ -1,7 +1,27 @@
 import { PrismaClient } from "@prisma/client"; 
 
 const prismaClientSingleton = () => {
-    return new PrismaClient();
+    // Validate that DATABASE_URL is present
+    if (!process.env.DATABASE_URL) {
+        throw new Error('DATABASE_URL environment variable is required');
+    }
+
+    // Parse DATABASE_URL to check SSL configuration
+    const databaseUrl = process.env.DATABASE_URL;
+    const url = new URL(databaseUrl);
+    
+    // Log SSL configuration for debugging
+    if (process.env.NODE_ENV === "development") {
+        console.log(` Database connection: ${url.protocol}//${url.hostname}:${url.port || '3306'}`);
+        console.log(`🔒 SSL Mode: ${url.searchParams.get('sslmode') || 'not specified'}`);
+    }
+
+    return new PrismaClient({
+        // Add logging for debugging
+        log: process.env.NODE_ENV === "development" 
+            ? ['query', 'info', 'warn', 'error']
+            : ['error', 'warn'],
+    });
 }
 
 type PrismaClientSingleton = ReturnType<typeof prismaClientSingleton>;
@@ -12,7 +32,6 @@ const globalForPrisma = globalThis as unknown as {
 
 const prisma = globalForPrisma.prisma ?? prismaClientSingleton();
 
-
 export default prisma;
 
 if(process.env.NODE_ENV !== "production") globalForPrisma.prisma = prisma;

server/utills/db.js

@@ -1,7 +1,27 @@
 import { PrismaClient } from "@prisma/client"; 
 
 const prismaClientSingleton = () => {
-    return new PrismaClient();
+    // Validate that DATABASE_URL is present
+    if (!process.env.DATABASE_URL) {
+        throw new Error('DATABASE_URL environment variable is required');
+    }
+
+    // Parse DATABASE_URL to check SSL configuration
+    const databaseUrl = process.env.DATABASE_URL;
+    const url = new URL(databaseUrl);
+    
+    // Log SSL configuration for debugging
+    if (process.env.NODE_ENV === "development") {
+        console.log(` Database connection: ${url.protocol}//${url.hostname}:${url.port || '3306'}`);
+        console.log(`🔒 SSL Mode: ${url.searchParams.get('sslmode') || 'not specified'}`);
+    }
+
+    return new PrismaClient({
+        // Add logging for debugging
+        log: process.env.NODE_ENV === "development" 
+            ? ['query', 'info', 'warn', 'error']
+            : ['error', 'warn'],
+    });
 }
 
 type PrismaClientSingleton = ReturnType<typeof prismaClientSingleton>;
@@ -12,7 +32,6 @@ const globalForPrisma = globalThis as unknown as {
 
 const prisma = globalForPrisma.prisma ?? prismaClientSingleton();
 
-
 export default prisma;
 
 if(process.env.NODE_ENV !== "production") globalForPrisma.prisma = prisma;