fix: store bearer tokens as SHA-256 hashes instead of plaintext
Hash paired bearer tokens with SHA-256 before storing in config and in-memory. When authenticating, hash the incoming token and compare against stored hashes. Backward compatible: existing plaintext tokens (zc_ prefix) are detected and hashed on load; already-hashed tokens (64-char hex) are stored as-is. Closes #58 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
fettpl
parent
365692853c
commit
b3bfbaff4a
4 changed files with 93 additions and 12 deletions
|
|
@ -43,6 +43,9 @@ uuid = { version = "1.11", default-features = false, features = ["v4", "std"] }
|
|||
# Authenticated encryption (AEAD) for secret store
|
||||
chacha20poly1305 = "0.10"
|
||||
|
||||
# SHA-256 for bearer token hashing
|
||||
sha2 = "0.10"
|
||||
|
||||
# Async traits
|
||||
async-trait = "0.1"
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue