Add security comments to path handling in various scripts to clarify internal constant usage and mitigate path traversal risks. Update logging in registration and verification processes for improved clarity.

server/api/auth/register-passkey.post.js

@@ -161,7 +161,7 @@ export default defineEventHandler(async (event) => {
     })
   } catch (verifyError) {
     const verifyDuration = Date.now() - verifyStart
-    console.error(`[DEBUG] Verification error (${verifyDuration}ms):`, {
+    console.error('[DEBUG] Verification error:', { verifyDurationMs: verifyDuration,
       error: verifyError,
       message: verifyError?.message,
       cause: verifyError?.cause?.message,
@@ -175,7 +175,7 @@ export default defineEventHandler(async (event) => {
   const verifyDuration = Date.now() - verifyStart
   const { verified, registrationInfo } = verification
     
-    console.log(`[DEBUG] Verification completed (${verifyDuration}ms)`, {
+    console.log('[DEBUG] Verification completed', { verifyDurationMs: verifyDuration,
       verified,
       hasRegistrationInfo: !!registrationInfo,
       credentialId: registrationInfo?.credentialID ? 'present' : 'missing',
@@ -246,7 +246,7 @@ export default defineEventHandler(async (event) => {
   await writeUsers(users)
   
   const totalDuration = Date.now() - requestStart
-  console.log(`[DEBUG] User created successfully (total: ${totalDuration}ms)`, {
+  console.log('[DEBUG] User created successfully', { totalDurationMs: totalDuration,
     userId: newUser.id,
     email: newUser.email.substring(0, 10) + '...',
     hasPasskey: newUser.passkeys?.length > 0,