Skip to content

Commit 539d18b

Browse files
brandonkachenbrandonkachen
committed
Secure API key and session endpoints; hash session IDs; factor sha256
util. Enforce same-origin CSRF on mutating routes and fix GET handler structure; update UI to consume labels/hashes. Generated with Codebuff 🤖 Co-Authored-By: Codebuff <noreply@codebuff.com>
1 parent 6782ac0 commit 539d18b

File tree

23 files changed

+8338
-26623
lines changed

23 files changed

+8338
-26623
lines changed

bun.lock

Lines changed: 5267 additions & 26484 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

common/src/db/migrations/0026_chilly_mockingbird.sql renamed to common/src/db/migrations/0022_chilly_mockingbird.sql

File renamed without changes.

common/src/db/migrations/0027_sloppy_quasar.sql renamed to common/src/db/migrations/0023_sloppy_quasar.sql

File renamed without changes.

common/src/db/migrations/0028_lush_johnny_blaze.sql renamed to common/src/db/migrations/0024_lush_johnny_blaze.sql

File renamed without changes.

common/src/db/migrations/0025_milky_lila_cheney.sql

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
-- Session type simplification: from ['web', 'client', 'pat'] to ['web', 'pat', 'cli']
2+
-- Add type column and backfill existing data based on heuristics
3+
4+
-- 1. Create the enum type with simplified values
5+
CREATE TYPE "public"."session_type" AS ENUM('web', 'pat', 'cli');
6+
7+
-- 2. Add the column without a default (so we can backfill properly)
8+
ALTER TABLE "session" ADD COLUMN "type" "session_type";
9+
10+
-- 3. Backfill existing data based on heuristics
11+
-- First, set all sessions to 'web' as the base case
12+
UPDATE "session" SET "type" = 'web';
13+
14+
-- Then identify and mark CLIs (sessions with no fingerprint_id and far-future expiration)
15+
UPDATE "session" SET "type" = 'cli'
16+
WHERE "fingerprint_id" IS NULL
17+
AND "expires" > NOW() + INTERVAL '1 year';
18+
19+
-- 4. Set the column to NOT NULL and add default for future inserts
20+
ALTER TABLE "session" ALTER COLUMN "type" SET NOT NULL;
21+
ALTER TABLE "session" ALTER COLUMN "type" SET DEFAULT 'web';

common/src/db/migrations/meta/0026_snapshot.json renamed to common/src/db/migrations/meta/0022_snapshot.json

File renamed without changes.

common/src/db/migrations/meta/0027_snapshot.json renamed to common/src/db/migrations/meta/0023_snapshot.json

File renamed without changes.

common/src/db/migrations/meta/0028_snapshot.json renamed to common/src/db/migrations/meta/0024_snapshot.json

File renamed without changes.

0 commit comments

Comments
 (0)