Void-Homelab

Hynes/Void-Homelab

Fork 0

Commit Graph

Author	SHA1	Message	Date
root	aa9cf0917e	fix(auth): O(1) selector+verifier token verification verifyToken loaded every non-revoked token and bcrypt-compared each (O(n) per request — auth-latency DoS + linear scaling). New token format vk_<selector>.<verifier>: the non-secret selector is indexed and locates exactly one row; only the verifier is bcrypt-hashed. Legacy NULL-selector tokens still verify via a fallback scan. Dropped the useless idx_agent_tokens_hash. - migration 010_token_selector.sql (adds selector col + unique partial index) - createToken/verifyToken reworked; also adds listTokenMeta (read for Yerin's token_audit tool) - tests/repos/token_selector.test.js Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 00:17:45 +10:00
root	1d799105ac	feat(repos): agents (+ tokens + caps), conversations, messages	2026-05-31 10:36:40 +10:00

Author

SHA1

Message

Date

root

aa9cf0917e

fix(auth): O(1) selector+verifier token verification

verifyToken loaded every non-revoked token and bcrypt-compared each (O(n) per
request — auth-latency DoS + linear scaling). New token format
vk_<selector>.<verifier>: the non-secret selector is indexed and locates exactly
one row; only the verifier is bcrypt-hashed. Legacy NULL-selector tokens still
verify via a fallback scan. Dropped the useless idx_agent_tokens_hash.

- migration 010_token_selector.sql (adds selector col + unique partial index)
- createToken/verifyToken reworked; also adds listTokenMeta (read for Yerin's
  token_audit tool)
- tests/repos/token_selector.test.js

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-02 00:17:45 +10:00

root

1d799105ac

feat(repos): agents (+ tokens + caps), conversations, messages

2026-05-31 10:36:40 +10:00

2 Commits