T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/lavocat.quebec/private_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/lavocat.quebec/private_html/SITE_ANALYSIS.md
# Site Analysis Report - lavocat.quebec
**Date:** $(date)
**Status:** Site has multiple critical issues preventing proper operation

## 🔴 Critical Issues

### 1. Missing Production Build
**Problem:** Server cannot start because production build is missing
- **Location:** `.next` directory is incomplete
- **Error:** `Could not find a production build in the '.next' directory`
- **Impact:** Production server cannot run
- **Fix Required:** Run `npm run build:production` or `npm run build`

### 2. Live-Cases API Internal Server Error
**Problem:** `/api/live-cases` endpoint returns 500 error
- **Location:** `src/pages/api/live-cases/index.ts`
- **Root Cause:** 
  - Prisma queries with `include` relations may fail
  - Database schema may not match Prisma client
  - Relations (`leadLawyer`, `creator`, `_count`) may not exist
- **Impact:** Live cases page cannot load data
- **Fix Required:** 
  - Regenerate Prisma client
  - Verify database schema matches Prisma schema
  - Add error handling/logging
  - Consider simplifying query if relations are problematic

### 3. Session Authentication Failure
**Problem:** Pages stuck on "Loading..." screen
- **Root Cause:** Session cookies failing validation
- **Issues:**
  - Cookie name uses `__Secure-` prefix (requires HTTPS)
  - Secure flag is `true` in production
  - Cookie domain may be misconfigured
  - Apache proxy (HTTPS) → Node.js (HTTP) connection may break cookie handling
  - NEXTAUTH_SECRET changes invalidate existing sessions
- **Impact:** 
  - All authenticated pages hang on loading
  - Users cannot access protected routes
  - `useSession()` hook stays in loading state
- **Fix Required:**
  - Verify NEXTAUTH_SECRET is consistent across all env files
  - Check COOKIE_DOMAIN configuration
  - Consider cookie settings for proxy setup
  - Clear invalid session cookies

### 4. Multiple Server Configuration Files
**Problem:** Multiple server files exist, unclear which is active
- **Files Found:**
  - `server-production.js`
  - `server-production-working.js`
  - `server-production-simple.js`
  - `server-production-simple-fixed.js`
  - `server-https-production.js`
  - `server-https-production-fixed.js`
  - `server-https.js`
- **Impact:** Configuration confusion, maintenance issues
- **Fix Required:** Identify active server file and remove unused ones

## 🟡 Medium Priority Issues

### 5. Database Schema Alignment
**Problem:** Prisma schema may not match actual database
- **Impact:** API queries may fail with relation errors
- **Fix Required:** Run `prisma db push` or `prisma migrate deploy` to sync

### 6. Environment Configuration
**Problem:** Multiple `.env` files may have inconsistent values
- **Files Found:**
  - `.env`
  - `.env.production`
  - `.env.production.backup`
- **Fix Required:** Verify NEXTAUTH_SECRET, COOKIE_DOMAIN, NODE_ENV are consistent

## 📋 Technical Details

### Server Configuration
- **Active Server:** Unknown (multiple options exist)
- **Port:** 3000 (HTTP), 3443 (HTTPS)
- **Hostname:** 0.0.0.0
- **Environment:** Production
- **HTTPS:** Handled by DirectAdmin/Apache proxy

### Authentication Configuration
- **Provider:** NextAuth.js with Credentials
- **Session Strategy:** JWT
- **Cookie Name (Production):** `__Secure-next-auth.session-token`
- **Cookie Secure:** `true` (requires HTTPS)
- **Cookie Domain:** `.lavocat.quebec` (if set in env)

### Database
- **ORM:** Prisma
- **Model:** `LegalCase` (mapped to `legal_cases` table)
- **Relations:** `leadLawyer`, `creator`, `offers`, `registrations`, `supporters`, `comments`

### API Endpoints
- **Live Cases:** `/api/live-cases` (❌ Failing)
- **Auth:** `/api/auth/*` (⚠️ Session issues)
- **Other APIs:** Status unknown

## 🔧 Recommended Fix Order

1. **Build the application**
   ```bash
   npm run build:production
   ```

2. **Regenerate Prisma client**
   ```bash
   npm run prisma:generate
   ```

3. **Verify environment variables**
   - Check `.env.production` for NEXTAUTH_SECRET
   - Verify COOKIE_DOMAIN is correct
   - Ensure NODE_ENV=production

4. **Fix live-cases API**
   - Add error logging
   - Simplify query if relations fail
   - Test with database directly

5. **Fix session cookies**
   - Clear all session cookies
   - Verify cookie settings work with proxy
   - Test authentication flow

6. **Cleanup server files**
   - Identify which server file is actually used
   - Remove unused server files
   - Update package.json scripts if needed

## 📊 Current Status Summary

| Component | Status | Notes |
|-----------|--------|-------|
| Build | ❌ Missing | Need to run build |
| Server | ⚠️ Unknown | Multiple server files exist |
| Database | ✅ Connected | SQLite working |
| Prisma Client | ⚠️ Unknown | May need regeneration |
| Authentication | ❌ Failing | Session cookies invalid |
| Live Cases API | ❌ Failing | 500 error |
| Static Assets | ✅ Working | CSS/JS loading |
| Login Page | ✅ Working | Can authenticate |
| Protected Pages | ❌ Stuck | Loading screen |

## 🎯 Next Steps

1. Build the application
2. Fix session authentication
3. Fix live-cases API
4. Test all critical paths
5. Cleanup configuration files

CasperSecurity Mini