sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
8194a02ac4
upaas/internal/database/migrations
History
clawbot 72786a9feb fix: use hashed webhook secrets for constant-time comparison 
Store a SHA-256 hash of the webhook secret in a new webhook_secret_hash
column. FindAppByWebhookSecret now hashes the incoming secret and queries
by hash, eliminating the SQL string comparison timing side-channel.

- Add migration 005_add_webhook_secret_hash.sql
- Add database.HashWebhookSecret() helper
- Backfill existing secrets on startup
- Update App model to include WebhookSecretHash in all queries
- Update app creation to compute hash at insert time
- Add TestHashWebhookSecret unit test
- Update all test fixtures to set WebhookSecretHash

Closes #13
2026-02-15 14:06:53 -08:00
..
001_initial.sql Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
002_remove_container_id.sql Use ULID for app IDs and Docker label for container lookup 2025-12-29 16:06:40 +07:00
003_add_ports.sql Add TCP/UDP port mapping support 2025-12-30 12:11:57 +07:00
004_add_commit_url.sql Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00
005_add_webhook_secret_hash.sql fix: use hashed webhook secrets for constant-time comparison 2026-02-15 14:06:53 -08:00