Barcode Betty 30e4c69ff6 fix(api): revert SHA-256 session token hashing — better-auth stores raw tokens ...

Better-auth v1.5.6 stores raw 32-char tokens in sessions.token, not SHA-256
hashes. The SHA-256 fix from PR #136 causes all authenticated API calls to
return 401 because the UAT sessions table contains raw tokens.

- Remove hashlib from dependencies.py; compare tokens directly
- Remove hashlib from conftest.py; store raw tokens in test DB
- Remove hashlib from test_expired_session_rejected; use raw tokens

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-04 19:21:26 +00:00

.github/workflows

fix(api): revert auth/type regressions from standalone sync, keep email-in feature only

2026-04-03 09:40:39 +00:00

alembic

fix(api): widen alembic version_table column to 128 chars

2026-04-04 18:32:36 +00:00

src/cartsnitch_api

fix(api): revert SHA-256 session token hashing — better-auth stores raw tokens

2026-04-04 19:21:26 +00:00

tests

fix(api): revert SHA-256 session token hashing — better-auth stores raw tokens

2026-04-04 19:21:26 +00:00

.dockerignore

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

.gitignore

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

alembic.ini

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

CLAUDE.md

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

Dockerfile

fix(api): make alembic migrations idempotent for fresh databases

2026-04-04 16:28:29 +00:00

pyproject.toml

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

renovate.json

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

S

Description

CartSnitch API gateway — frontend-facing REST API

942 KiB

Languages

Python 99.4%

Dockerfile 0.4%

Mako 0.2%