VIA-824 TS Logging improvements, adds logs of unauthenticated routes, adds HTTP method to middleware

[terence-sheppard-nhs]

Description

• Update Proxy logging to include content-length header and HTTP METHOD
• Update nextAuth GET and POST endpoints to include all headers currently available in proxy logging plus content-length and HTTP METHOD
• Update /api/sso GET endpoint with same

Context

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[Copilot]

Pull request overview

Improves request logging consistency by centralizing “safe header” extraction and extending logs for middleware and unauthenticated API routes to include HTTP method and additional headers (e.g., content-length).

Changes:

• Added getHeadersForLogging utility to standardize which request headers are logged.
• Updated middleware (proxy) and unauthenticated routes (/api/auth/*, /api/sso) to log HTTP method + safe headers.
• Updated/added unit tests to validate new logging behavior and header selection.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/utils/getHeadersForLogging.ts	New shared helper to extract a fixed set of “safe” headers (incl. content-length/content-type) for logging.
src/utils/getHeadersForLogging.test.ts	New unit tests for safe-header inclusion/exclusion and default "-" behavior.
src/proxy.ts	Middleware logging now includes method and uses shared header-extraction helper.
src/proxy.test.ts	Removes tests tied to deleted internal helper; updates affected test text.
src/app/api/sso/route.ts	Adds structured log for SSO route invocation including method, pathname, and safe headers.
src/app/api/sso/route.test.ts	Adds coverage asserting the new SSO invocation log payload.
src/app/api/auth/[...nextauth]/route.ts	Adds safe header + method logging for GET; wraps POST to add equivalent logging/context before delegating to NextAuth handler.
src/app/api/auth/[...nextauth]/route.test.ts	Updates tests for new logging payload and adds POST logging assertions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[liming-cheung-nhs]

Looks good! Anything to give us more clues on what's going on! :star

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.