Simon/lifeforge
1
0
Fork 0
mirror of https://github.com/Lifeforge-app/lifeforge.git synced 2026-06-28 14:55:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): decrypt api key master password before hashing in createOrUpdate mutation

Browse Source
This commit is contained in:
Melvin Chia
2025-11-28 16:34:29 +08:00
parent 5dbddda391
commit 8a756b0f86
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/lib/apiKeys/routes/auth.ts
View File

@@ -33,7 +33,9 @@ const createOrUpdate = forgeController
.callback(async ({ pb, body: { password } }) => {
const salt = await bcrypt.genSalt(10)
const APIKeysMasterPasswordHash = await bcrypt.hash(password, salt)
const decryptedMaster = decrypt2(password, challenge)
const APIKeysMasterPasswordHash = await bcrypt.hash(decryptedMaster, salt)
const id = pb.instance.authStore.record!.id