feat: store auth tokens as SHA-256 hashes instead of plaintext #69

Merged

sneak merged 1 commits from feature/hash-auth-tokens into main

2026-03-10 12:44:29 +01:00

Author	SHA1	Message	Date
user	067e5403c4	feat: store auth tokens as SHA-256 hashes instead of plaintext All checks were successful check / check (push) Successful in 4s Details Hash client tokens with SHA-256 before storing in the database. When validating tokens, hash the incoming token and compare against the stored hash. This prevents token exposure if the database is compromised. Existing plaintext tokens are implicitly invalidated since they will not match the new hashed lookups. Changes: - Add hashToken() helper using crypto/sha256 - Hash tokens in CreateSession, RegisterUser, LoginUser before INSERT - Hash incoming token in GetSessionByToken before SELECT	2026-03-10 04:06:56 -07:00

Author

SHA1

Message

Date

user

067e5403c4

feat: store auth tokens as SHA-256 hashes instead of plaintext

check / check (push) Successful in 4s

Details

Hash client tokens with SHA-256 before storing in the database.
When validating tokens, hash the incoming token and compare against
the stored hash. This prevents token exposure if the database is
compromised.

Existing plaintext tokens are implicitly invalidated since they
will not match the new hashed lookups.

Changes:
- Add hashToken() helper using crypto/sha256
- Hash tokens in CreateSession, RegisterUser, LoginUser before INSERT
- Hash incoming token in GetSessionByToken before SELECT

2026-03-10 04:06:56 -07:00

feat: store auth tokens as SHA-256 hashes instead of plaintext #69

1 Commits