sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
6475389280
upaas/internal/models
History
clawbot 72786a9feb fix: use hashed webhook secrets for constant-time comparison 
Store a SHA-256 hash of the webhook secret in a new webhook_secret_hash
column. FindAppByWebhookSecret now hashes the incoming secret and queries
by hash, eliminating the SQL string comparison timing side-channel.

- Add migration 005_add_webhook_secret_hash.sql
- Add database.HashWebhookSecret() helper
- Backfill existing secrets on startup
- Update App model to include WebhookSecretHash in all queries
- Update app creation to compute hash at insert time
- Add TestHashWebhookSecret unit test
- Update all test fixtures to set WebhookSecretHash

Closes #13
2026-02-15 14:06:53 -08:00
..
app.go fix: use hashed webhook secrets for constant-time comparison 2026-02-15 14:06:53 -08:00
deployment.go Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00
env_var.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
label.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
models_test.go fix: use hashed webhook secrets for constant-time comparison 2026-02-15 14:06:53 -08:00
port.go Add TCP/UDP port mapping support 2025-12-30 12:11:57 +07:00
user.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
volume.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
webhook_event.go Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00