From a891fb2489d8a533f2fe444102e6c503305052ba Mon Sep 17 00:00:00 2001 From: clawbot Date: Thu, 19 Feb 2026 20:16:32 -0800 Subject: [PATCH] fix: increase API token entropy from 128 to 256 bits Change token random bytes from 16 to 32, producing tokens with upaas_ prefix + 64 hex characters instead of 32. --- internal/models/api_token.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/models/api_token.go b/internal/models/api_token.go index 648d5fa..6697fb8 100644 --- a/internal/models/api_token.go +++ b/internal/models/api_token.go @@ -15,7 +15,7 @@ import ( ) // tokenRandomBytes is the number of random bytes for token generation. -const tokenRandomBytes = 16 +const tokenRandomBytes = 32 // tokenPrefix is prepended to generated API tokens. const tokenPrefix = "upaas_"