Compare commits
merge into: cartsnitch/cartsnitch:barcode-betty/car-1370-deploy-base-dev
cartsnitch/cartsnitch:main
cartsnitch/cartsnitch:uat
cartsnitch/cartsnitch:dev
cartsnitch/cartsnitch:barcode-betty/car-1374-checkout-ref-match-base
cartsnitch/cartsnitch:barcode-betty/car-1370-deploy-base-dev
cartsnitch/cartsnitch:barcode-betty/car-1303-widen-alembic-via-migration
cartsnitch/cartsnitch:betty/car-1078-email-worker-dragonfly-reset
cartsnitch/cartsnitch:betty/car-1218-lighthouse-ci
cartsnitch/cartsnitch:betty/car-1319-sha-tag-fix
cartsnitch/cartsnitch:betty/car-1318-frontend-kustomize-bump-target
cartsnitch/cartsnitch:betty/car-1276-auth-image-build-fix
cartsnitch/cartsnitch:betty/car-1276-auth-health-error-log
cartsnitch/cartsnitch:betty/car-1216-deploy-non-fail-merge
cartsnitch/cartsnitch:betty/car-1215-react-router-audit
cartsnitch/cartsnitch:barcode-betty/car-1078-email-worker-dragonfly-reset
cartsnitch/cartsnitch:betty/car-964-gitea-registry-v2
cartsnitch/cartsnitch:barcode-betty/gitea-registry
cartsnitch/cartsnitch:fix/dispose-engine-import
cartsnitch/cartsnitch:carl/car-933-gitea-registry
cartsnitch/cartsnitch:barcode-betty/fix-dispose-engine-import
cartsnitch/cartsnitch:betty/fix-dead-dispose-engine-import
cartsnitch/cartsnitch:betty/car-900-gitea-workflows
cartsnitch/cartsnitch:barcode-betty/move-workflows-to-gitea
cartsnitch/cartsnitch:betty/fix-gitea-ci-secrets
cartsnitch/cartsnitch:betty/car-869-gitea-actions-cartsnitch
cartsnitch/cartsnitch:betty/car-862-fix-auth-build
cartsnitch/cartsnitch:betty/car-812-uat-seed-tooling
cartsnitch/cartsnitch:betty/car-555-health-check-db
cartsnitch/cartsnitch:feature/dragonfly-rate-limiting
cartsnitch/cartsnitch:betty/car-749-remove-auth-ci
cartsnitch/cartsnitch:fix/car-741-login-redirect-race-clean
cartsnitch/cartsnitch:fix/car-741-login-redirect-race-v2
cartsnitch/cartsnitch:fix/car-741-login-redirect-race
cartsnitch/cartsnitch:fix/car-709-receiptwitness-grype-cves
cartsnitch/cartsnitch:fix/car-620-grype-ignore-and-cache-bust
cartsnitch/cartsnitch:fix/car-656-deploy-commit-guard
cartsnitch/cartsnitch:fix/car-663-bcrypt-cost-factor
cartsnitch/cartsnitch:fix/car-676-axe-color-contrast
cartsnitch/cartsnitch:betty/car-673-fix-e2e-playwright-mock-auth
cartsnitch/cartsnitch:fix/car-665-eslint-unused-vars
cartsnitch/cartsnitch:betty/car-548-email-verification
cartsnitch/cartsnitch:betty/car-552-redis-rate-limiting
cartsnitch/cartsnitch:fix/car-620-remaining-docker-cves
cartsnitch/cartsnitch:fix/car-620-grype-only-fixed
cartsnitch/cartsnitch:fix/car-616-remediate-docker-cves
cartsnitch/cartsnitch:feature/grype-image-scanning
cartsnitch/cartsnitch:fix/car-608-auth-health-check
cartsnitch/cartsnitch:fix/auth-config-validation
cartsnitch/cartsnitch:betty/car-553-redis-cache
cartsnitch/cartsnitch:betty/car-554-audit-logging
cartsnitch/cartsnitch:betty/car-551-remove-mock-auth
cartsnitch/cartsnitch:feature/trivy-image-scanning
cartsnitch/cartsnitch:betty/car-599-vite-audit-fix
cartsnitch/cartsnitch:betty/car-580-n1-normalization-query
cartsnitch/cartsnitch:fix/receiptwitness-config-validation
cartsnitch/cartsnitch:feature/cart-550-api-lifespan-pooling
cartsnitch/cartsnitch:fix/cors-security-headers
cartsnitch/cartsnitch:feature/public-endpoint-validation
cartsnitch/cartsnitch:fix/rate-limit-token-hash
cartsnitch/cartsnitch:fix/hardcoded-secrets
cartsnitch/cartsnitch:betty/fix-alembic-create-all-commit
cartsnitch/cartsnitch:betty/car-517-domain-tables-migration
cartsnitch/cartsnitch:betty/fix-alembic-model-import
cartsnitch/cartsnitch:betty/fix-session-cookie-parsing
cartsnitch/cartsnitch:betty/fix-api-database-url-fallback
cartsnitch/cartsnitch:betty/revert-sha256-session-hash
cartsnitch/cartsnitch:betty/fix-session-token-hash
cartsnitch/cartsnitch:betty/fix-secure-session-cookie
cartsnitch/cartsnitch:fix/alembic-version-table-width
cartsnitch/cartsnitch:betty/fix-uat-users-table-bootstrap
cartsnitch/cartsnitch:betty/fix-alembic-fresh-db
cartsnitch/cartsnitch:betty/fix-libpq5-dockerfile
cartsnitch/cartsnitch:fix/alembic-percent-escape
cartsnitch/cartsnitch:betty/fix-email-inbound-token-server-default
cartsnitch/cartsnitch:betty/fix-sha-tag-format-long
cartsnitch/cartsnitch:betty/fix-ci-dev-uat-branches
cartsnitch/cartsnitch:betty/fix-alembic-dockerfile
cartsnitch/cartsnitch:betty/fix-uat-trustedorigins
cartsnitch/cartsnitch:feat/sync-common-email-inbound-token
cartsnitch/cartsnitch:fix/ci-api-dockerfile-path
cartsnitch/cartsnitch:fix/ci-deploy-race
cartsnitch/cartsnitch:fix/email-in-address-hotfix
cartsnitch/cartsnitch:feat/ci-deploy-uat
cartsnitch/cartsnitch:fix/npm-audit-vulnerabilities
cartsnitch/cartsnitch:pr108
cartsnitch/cartsnitch:fix/inbound-email-500
cartsnitch/cartsnitch:fix/email-in-address-routing
cartsnitch/cartsnitch:feat/email-in-settings
cartsnitch/cartsnitch:sync/api-2026-04-03
cartsnitch/cartsnitch:sync/receiptwitness-2026-04-03
cartsnitch/cartsnitch:fix/api-date-schema-types
cartsnitch/cartsnitch:fix/dashboard-hardcoded-product-ids
cartsnitch/cartsnitch:fix/remove-timestamp-mixin-from-mismatched-models
cartsnitch/cartsnitch:feature/dev-seed-script
cartsnitch/cartsnitch:fix/user-id-str-type
cartsnitch/cartsnitch:fix/signed-cookie-parsing
cartsnitch/cartsnitch:fix/restore-token-hash
cartsnitch/cartsnitch:fix/secure-cookie-name
cartsnitch/cartsnitch:fix/frontend-api-routes
cartsnitch/cartsnitch:fix/session-token-hash
cartsnitch/cartsnitch:fix/api-v1-prefix
cartsnitch/cartsnitch:fix/registration-redirect
cartsnitch/cartsnitch:fix/lighthouse-ci-crash
cartsnitch/cartsnitch:fix/api-auto-migration
cartsnitch/cartsnitch:feat/e2e-journey-tests
cartsnitch/cartsnitch:fix/users-id-text
cartsnitch/cartsnitch:feat/lighthouse-ci
cartsnitch/cartsnitch:feat/axe-core-playwright
cartsnitch/cartsnitch:fix/deploy-dev-resilient
cartsnitch/cartsnitch:feat/ci-npm-audit
cartsnitch/cartsnitch:fix/dockerhub-login-cicd
cartsnitch/cartsnitch:fix/deploy-dev-resilient-v2
cartsnitch/cartsnitch:fix/auth-session-table-mapping
cartsnitch/cartsnitch:fix/api-dockerfile-libpq
cartsnitch/cartsnitch:fix/deploy-dev-resilience
cartsnitch/cartsnitch:feat/ci-api-image-build-v3
cartsnitch/cartsnitch:feat/ci-api-image-build-v2
cartsnitch/cartsnitch:feat/playwright-setup
cartsnitch/cartsnitch:feat/msw-integration-tests
cartsnitch/cartsnitch:feat/ci-api-image-build
cartsnitch/cartsnitch:fix/remove-polyrepo-ci-leftovers
cartsnitch/cartsnitch:fix/receiptwitness-local-common
cartsnitch/cartsnitch:feat/api-alembic-dockerfile
cartsnitch/cartsnitch:feat/ci-receiptwitness-build
cartsnitch/cartsnitch:fix/alembic-in-dockerfile
cartsnitch/cartsnitch:docs/uat-runbook
cartsnitch/cartsnitch:fix/hashed-password-nullable
cartsnitch/cartsnitch:feat/utility-functions-tests
cartsnitch/cartsnitch:fix/auth-url-same-origin
cartsnitch/cartsnitch:fix/auth-contract-mismatch
cartsnitch/cartsnitch:feat/add-auth-image-to-deploy-dev
cartsnitch/cartsnitch:fix/deploy-dev-kustomize-install-clean
cartsnitch/cartsnitch:feat/uat-seed-user
cartsnitch/cartsnitch:fix/seed-uat-ctofixes
cartsnitch/cartsnitch:feature/better-auth
cartsnitch/cartsnitch:fix/deploy-dev-install-kustomize
cartsnitch/cartsnitch:fix/deploy-dev-github-app-token-cross-repo
cartsnitch/cartsnitch:remove-trigger-uat
cartsnitch/cartsnitch:charlie/ci-remove-trigger-uat
cartsnitch/cartsnitch:feat/deploy-dev-uat-trigger
cartsnitch/cartsnitch:feature/repo-consolidation
cartsnitch/cartsnitch:content/shrinkflation-consumer-faq
cartsnitch/cartsnitch:content/launch-marketing-pages
cartsnitch/cartsnitch:debbie/proper-cache-and-dockerhub-cleanup
cartsnitch/cartsnitch:debbie/fix-frontend-docker-cache
cartsnitch/cartsnitch:fix/dockerfile-numeric-uid
cartsnitch/cartsnitch:fix/frontend-dockerfile-user-101
cartsnitch/cartsnitch:content/what-is-unit-price
cartsnitch/cartsnitch:content/cartsnitch-vs-flipp
cartsnitch/cartsnitch:fix/non-root-nginx
cartsnitch/cartsnitch:content/shrinkflation-series-social-copy
cartsnitch/cartsnitch:content/shrinkflation-top-10
cartsnitch/cartsnitch:content/fix-launch-stats
cartsnitch/cartsnitch:content/email-welcome-sequence-links
cartsnitch/cartsnitch:content/pre-launch-social-mar25-26
cartsnitch/cartsnitch:content/shrinkflation-series-alignment
cartsnitch/cartsnitch:content/shrinkflation-series-1-cereal
cartsnitch/cartsnitch:content/founder-blog-post
cartsnitch/cartsnitch:content/launch-calendar
cartsnitch/cartsnitch:content/seo-comparison-article
cartsnitch/cartsnitch:content/phase-2-onboarding-faq
cartsnitch/cartsnitch:fix/dockerhub-auth-rate-limit
cartsnitch/cartsnitch:test/arc-runner-validation
cartsnitch/cartsnitch:calver-tagging
cartsnitch/cartsnitch:frankie/add-marketing-content
cartsnitch/cartsnitch:fix/runner-label
cartsnitch/cartsnitch:fix/ci-runner-and-mirrors
cartsnitch/cartsnitch:fix/ci-runner-label
cartsnitch/cartsnitch:revert-ghcr-mirrors
cartsnitch/cartsnitch:fix/dockerfile-use-dockerhub-images
cartsnitch/cartsnitch:fix/ghcr-mirror-base-images
cartsnitch/cartsnitch:fix/ci-remove-dockerhub-login
cartsnitch/cartsnitch:fix/ci-docker-ratelimit
cartsnitch/cartsnitch:feature/dockerfile
cartsnitch/cartsnitch:feature/core-screens
cartsnitch/cartsnitch:feature/renovate-config
cartsnitch/cartsnitch:ci/add-github-actions
cartsnitch/cartsnitch:v2026.06.08
cartsnitch/cartsnitch:v2026.06.07
cartsnitch/cartsnitch:v2026.06.06
cartsnitch/cartsnitch:v2026.06.04
cartsnitch/cartsnitch:v2026.05.04
cartsnitch/cartsnitch:v2026.04.20
cartsnitch/cartsnitch:v2026.04.19.4
cartsnitch/cartsnitch:v2026.04.19.3
cartsnitch/cartsnitch:v2026.04.19.2
cartsnitch/cartsnitch:v2026.04.19
cartsnitch/cartsnitch:v2026.04.15.2
cartsnitch/cartsnitch:v2026.04.15
cartsnitch/cartsnitch:v2026.04.14.4
cartsnitch/cartsnitch:v2026.04.14.3
cartsnitch/cartsnitch:v2026.04.14.2
cartsnitch/cartsnitch:v2026.04.14
cartsnitch/cartsnitch:v2026.04.05
cartsnitch/cartsnitch:v2026.04.03.8
cartsnitch/cartsnitch:v2026.04.03.7
cartsnitch/cartsnitch:v2026.04.03.6
cartsnitch/cartsnitch:v2026.04.03.5
cartsnitch/cartsnitch:v2026.04.03.4
cartsnitch/cartsnitch:v2026.04.03.3
cartsnitch/cartsnitch:v2026.04.03.2
cartsnitch/cartsnitch:v2026.04.03
cartsnitch/cartsnitch:v2026.04.02
cartsnitch/cartsnitch:v2026.04.01.9
cartsnitch/cartsnitch:v2026.04.01.8
cartsnitch/cartsnitch:v2026.04.01.7
cartsnitch/cartsnitch:v2026.04.01.6
cartsnitch/cartsnitch:v2026.04.01.5
cartsnitch/cartsnitch:v2026.04.01.4
cartsnitch/cartsnitch:v2026.04.01.3
cartsnitch/cartsnitch:v2026.04.01.2
cartsnitch/cartsnitch:v2026.04.01
cartsnitch/cartsnitch:v2026.03.31.8
cartsnitch/cartsnitch:v2026.03.31.7
cartsnitch/cartsnitch:v2026.03.31.6
cartsnitch/cartsnitch:v2026.03.31.5
cartsnitch/cartsnitch:v2026.03.31.4
cartsnitch/cartsnitch:v2026.03.31.3
cartsnitch/cartsnitch:v2026.03.31.2
cartsnitch/cartsnitch:v2026.03.31
cartsnitch/cartsnitch:v2026.03.30.10
cartsnitch/cartsnitch:v2026.03.30.9
cartsnitch/cartsnitch:v2026.03.30.8
cartsnitch/cartsnitch:v2026.03.30.7
cartsnitch/cartsnitch:v2026.03.30.6
cartsnitch/cartsnitch:v2026.03.30.5
cartsnitch/cartsnitch:v2026.03.30.4
cartsnitch/cartsnitch:v2026.03.30.3
cartsnitch/cartsnitch:v2026.03.30.2
cartsnitch/cartsnitch:v2026.03.30
cartsnitch/cartsnitch:v2026.03.29.5
cartsnitch/cartsnitch:v2026.03.29.4
cartsnitch/cartsnitch:v2026.03.29.3
cartsnitch/cartsnitch:v2026.03.29.2
cartsnitch/cartsnitch:v2026.03.29
cartsnitch/cartsnitch:v2026.03.28.6
cartsnitch/cartsnitch:v2026.03.28.5
cartsnitch/cartsnitch:v2026.03.28.4
cartsnitch/cartsnitch:v2026.03.28.3
cartsnitch/cartsnitch:v2026.03.28.2
cartsnitch/cartsnitch:v2026.03.28
cartsnitch/cartsnitch:v2026.03.24.2
cartsnitch/cartsnitch:v2026.03.24
cartsnitch/cartsnitch:v2026.03.22.2
cartsnitch/cartsnitch:v2026.03.22
cartsnitch/cartsnitch:v2026.03.21.4
cartsnitch/cartsnitch:v2026.03.21.3
cartsnitch/cartsnitch:v2026.03.21.2
cartsnitch/cartsnitch:v2026.03.21
cartsnitch/cartsnitch:v2026.03.20.3
cartsnitch/cartsnitch:v2026.03.20.2
cartsnitch/cartsnitch:v2026.03.20
...
pull from: cartsnitch/cartsnitch:fix/restore-token-hash
cartsnitch/cartsnitch:main
cartsnitch/cartsnitch:uat
cartsnitch/cartsnitch:dev
cartsnitch/cartsnitch:barcode-betty/car-1374-checkout-ref-match-base
cartsnitch/cartsnitch:barcode-betty/car-1370-deploy-base-dev
cartsnitch/cartsnitch:barcode-betty/car-1303-widen-alembic-via-migration
cartsnitch/cartsnitch:betty/car-1078-email-worker-dragonfly-reset
cartsnitch/cartsnitch:betty/car-1218-lighthouse-ci
cartsnitch/cartsnitch:betty/car-1319-sha-tag-fix
cartsnitch/cartsnitch:betty/car-1318-frontend-kustomize-bump-target
cartsnitch/cartsnitch:betty/car-1276-auth-image-build-fix
cartsnitch/cartsnitch:betty/car-1276-auth-health-error-log
cartsnitch/cartsnitch:betty/car-1216-deploy-non-fail-merge
cartsnitch/cartsnitch:betty/car-1215-react-router-audit
cartsnitch/cartsnitch:barcode-betty/car-1078-email-worker-dragonfly-reset
cartsnitch/cartsnitch:betty/car-964-gitea-registry-v2
cartsnitch/cartsnitch:barcode-betty/gitea-registry
cartsnitch/cartsnitch:fix/dispose-engine-import
cartsnitch/cartsnitch:carl/car-933-gitea-registry
cartsnitch/cartsnitch:barcode-betty/fix-dispose-engine-import
cartsnitch/cartsnitch:betty/fix-dead-dispose-engine-import
cartsnitch/cartsnitch:betty/car-900-gitea-workflows
cartsnitch/cartsnitch:barcode-betty/move-workflows-to-gitea
cartsnitch/cartsnitch:betty/fix-gitea-ci-secrets
cartsnitch/cartsnitch:betty/car-869-gitea-actions-cartsnitch
cartsnitch/cartsnitch:betty/car-862-fix-auth-build
cartsnitch/cartsnitch:betty/car-812-uat-seed-tooling
cartsnitch/cartsnitch:betty/car-555-health-check-db
cartsnitch/cartsnitch:feature/dragonfly-rate-limiting
cartsnitch/cartsnitch:betty/car-749-remove-auth-ci
cartsnitch/cartsnitch:fix/car-741-login-redirect-race-clean
cartsnitch/cartsnitch:fix/car-741-login-redirect-race-v2
cartsnitch/cartsnitch:fix/car-741-login-redirect-race
cartsnitch/cartsnitch:fix/car-709-receiptwitness-grype-cves
cartsnitch/cartsnitch:fix/car-620-grype-ignore-and-cache-bust
cartsnitch/cartsnitch:fix/car-656-deploy-commit-guard
cartsnitch/cartsnitch:fix/car-663-bcrypt-cost-factor
cartsnitch/cartsnitch:fix/car-676-axe-color-contrast
cartsnitch/cartsnitch:betty/car-673-fix-e2e-playwright-mock-auth
cartsnitch/cartsnitch:fix/car-665-eslint-unused-vars
cartsnitch/cartsnitch:betty/car-548-email-verification
cartsnitch/cartsnitch:betty/car-552-redis-rate-limiting
cartsnitch/cartsnitch:fix/car-620-remaining-docker-cves
cartsnitch/cartsnitch:fix/car-620-grype-only-fixed
cartsnitch/cartsnitch:fix/car-616-remediate-docker-cves
cartsnitch/cartsnitch:feature/grype-image-scanning
cartsnitch/cartsnitch:fix/car-608-auth-health-check
cartsnitch/cartsnitch:fix/auth-config-validation
cartsnitch/cartsnitch:betty/car-553-redis-cache
cartsnitch/cartsnitch:betty/car-554-audit-logging
cartsnitch/cartsnitch:betty/car-551-remove-mock-auth
cartsnitch/cartsnitch:feature/trivy-image-scanning
cartsnitch/cartsnitch:betty/car-599-vite-audit-fix
cartsnitch/cartsnitch:betty/car-580-n1-normalization-query
cartsnitch/cartsnitch:fix/receiptwitness-config-validation
cartsnitch/cartsnitch:feature/cart-550-api-lifespan-pooling
cartsnitch/cartsnitch:fix/cors-security-headers
cartsnitch/cartsnitch:feature/public-endpoint-validation
cartsnitch/cartsnitch:fix/rate-limit-token-hash
cartsnitch/cartsnitch:fix/hardcoded-secrets
cartsnitch/cartsnitch:betty/fix-alembic-create-all-commit
cartsnitch/cartsnitch:betty/car-517-domain-tables-migration
cartsnitch/cartsnitch:betty/fix-alembic-model-import
cartsnitch/cartsnitch:betty/fix-session-cookie-parsing
cartsnitch/cartsnitch:betty/fix-api-database-url-fallback
cartsnitch/cartsnitch:betty/revert-sha256-session-hash
cartsnitch/cartsnitch:betty/fix-session-token-hash
cartsnitch/cartsnitch:betty/fix-secure-session-cookie
cartsnitch/cartsnitch:fix/alembic-version-table-width
cartsnitch/cartsnitch:betty/fix-uat-users-table-bootstrap
cartsnitch/cartsnitch:betty/fix-alembic-fresh-db
cartsnitch/cartsnitch:betty/fix-libpq5-dockerfile
cartsnitch/cartsnitch:fix/alembic-percent-escape
cartsnitch/cartsnitch:betty/fix-email-inbound-token-server-default
cartsnitch/cartsnitch:betty/fix-sha-tag-format-long
cartsnitch/cartsnitch:betty/fix-ci-dev-uat-branches
cartsnitch/cartsnitch:betty/fix-alembic-dockerfile
cartsnitch/cartsnitch:betty/fix-uat-trustedorigins
cartsnitch/cartsnitch:feat/sync-common-email-inbound-token
cartsnitch/cartsnitch:fix/ci-api-dockerfile-path
cartsnitch/cartsnitch:fix/ci-deploy-race
cartsnitch/cartsnitch:fix/email-in-address-hotfix
cartsnitch/cartsnitch:feat/ci-deploy-uat
cartsnitch/cartsnitch:fix/npm-audit-vulnerabilities
cartsnitch/cartsnitch:pr108
cartsnitch/cartsnitch:fix/inbound-email-500
cartsnitch/cartsnitch:fix/email-in-address-routing
cartsnitch/cartsnitch:feat/email-in-settings
cartsnitch/cartsnitch:sync/api-2026-04-03
cartsnitch/cartsnitch:sync/receiptwitness-2026-04-03
cartsnitch/cartsnitch:fix/api-date-schema-types
cartsnitch/cartsnitch:fix/dashboard-hardcoded-product-ids
cartsnitch/cartsnitch:fix/remove-timestamp-mixin-from-mismatched-models
cartsnitch/cartsnitch:feature/dev-seed-script
cartsnitch/cartsnitch:fix/user-id-str-type
cartsnitch/cartsnitch:fix/signed-cookie-parsing
cartsnitch/cartsnitch:fix/restore-token-hash
cartsnitch/cartsnitch:fix/secure-cookie-name
cartsnitch/cartsnitch:fix/frontend-api-routes
cartsnitch/cartsnitch:fix/session-token-hash
cartsnitch/cartsnitch:fix/api-v1-prefix
cartsnitch/cartsnitch:fix/registration-redirect
cartsnitch/cartsnitch:fix/lighthouse-ci-crash
cartsnitch/cartsnitch:fix/api-auto-migration
cartsnitch/cartsnitch:feat/e2e-journey-tests
cartsnitch/cartsnitch:fix/users-id-text
cartsnitch/cartsnitch:feat/lighthouse-ci
cartsnitch/cartsnitch:feat/axe-core-playwright
cartsnitch/cartsnitch:fix/deploy-dev-resilient
cartsnitch/cartsnitch:feat/ci-npm-audit
cartsnitch/cartsnitch:fix/dockerhub-login-cicd
cartsnitch/cartsnitch:fix/deploy-dev-resilient-v2
cartsnitch/cartsnitch:fix/auth-session-table-mapping
cartsnitch/cartsnitch:fix/api-dockerfile-libpq
cartsnitch/cartsnitch:fix/deploy-dev-resilience
cartsnitch/cartsnitch:feat/ci-api-image-build-v3
cartsnitch/cartsnitch:feat/ci-api-image-build-v2
cartsnitch/cartsnitch:feat/playwright-setup
cartsnitch/cartsnitch:feat/msw-integration-tests
cartsnitch/cartsnitch:feat/ci-api-image-build
cartsnitch/cartsnitch:fix/remove-polyrepo-ci-leftovers
cartsnitch/cartsnitch:fix/receiptwitness-local-common
cartsnitch/cartsnitch:feat/api-alembic-dockerfile
cartsnitch/cartsnitch:feat/ci-receiptwitness-build
cartsnitch/cartsnitch:fix/alembic-in-dockerfile
cartsnitch/cartsnitch:docs/uat-runbook
cartsnitch/cartsnitch:fix/hashed-password-nullable
cartsnitch/cartsnitch:feat/utility-functions-tests
cartsnitch/cartsnitch:fix/auth-url-same-origin
cartsnitch/cartsnitch:fix/auth-contract-mismatch
cartsnitch/cartsnitch:feat/add-auth-image-to-deploy-dev
cartsnitch/cartsnitch:fix/deploy-dev-kustomize-install-clean
cartsnitch/cartsnitch:feat/uat-seed-user
cartsnitch/cartsnitch:fix/seed-uat-ctofixes
cartsnitch/cartsnitch:feature/better-auth
cartsnitch/cartsnitch:fix/deploy-dev-install-kustomize
cartsnitch/cartsnitch:fix/deploy-dev-github-app-token-cross-repo
cartsnitch/cartsnitch:remove-trigger-uat
cartsnitch/cartsnitch:charlie/ci-remove-trigger-uat
cartsnitch/cartsnitch:feat/deploy-dev-uat-trigger
cartsnitch/cartsnitch:feature/repo-consolidation
cartsnitch/cartsnitch:content/shrinkflation-consumer-faq
cartsnitch/cartsnitch:content/launch-marketing-pages
cartsnitch/cartsnitch:debbie/proper-cache-and-dockerhub-cleanup
cartsnitch/cartsnitch:debbie/fix-frontend-docker-cache
cartsnitch/cartsnitch:fix/dockerfile-numeric-uid
cartsnitch/cartsnitch:fix/frontend-dockerfile-user-101
cartsnitch/cartsnitch:content/what-is-unit-price
cartsnitch/cartsnitch:content/cartsnitch-vs-flipp
cartsnitch/cartsnitch:fix/non-root-nginx
cartsnitch/cartsnitch:content/shrinkflation-series-social-copy
cartsnitch/cartsnitch:content/shrinkflation-top-10
cartsnitch/cartsnitch:content/fix-launch-stats
cartsnitch/cartsnitch:content/email-welcome-sequence-links
cartsnitch/cartsnitch:content/pre-launch-social-mar25-26
cartsnitch/cartsnitch:content/shrinkflation-series-alignment
cartsnitch/cartsnitch:content/shrinkflation-series-1-cereal
cartsnitch/cartsnitch:content/founder-blog-post
cartsnitch/cartsnitch:content/launch-calendar
cartsnitch/cartsnitch:content/seo-comparison-article
cartsnitch/cartsnitch:content/phase-2-onboarding-faq
cartsnitch/cartsnitch:fix/dockerhub-auth-rate-limit
cartsnitch/cartsnitch:test/arc-runner-validation
cartsnitch/cartsnitch:calver-tagging
cartsnitch/cartsnitch:frankie/add-marketing-content
cartsnitch/cartsnitch:fix/runner-label
cartsnitch/cartsnitch:fix/ci-runner-and-mirrors
cartsnitch/cartsnitch:fix/ci-runner-label
cartsnitch/cartsnitch:revert-ghcr-mirrors
cartsnitch/cartsnitch:fix/dockerfile-use-dockerhub-images
cartsnitch/cartsnitch:fix/ghcr-mirror-base-images
cartsnitch/cartsnitch:fix/ci-remove-dockerhub-login
cartsnitch/cartsnitch:fix/ci-docker-ratelimit
cartsnitch/cartsnitch:feature/dockerfile
cartsnitch/cartsnitch:feature/core-screens
cartsnitch/cartsnitch:feature/renovate-config
cartsnitch/cartsnitch:ci/add-github-actions
cartsnitch/cartsnitch:v2026.06.08
cartsnitch/cartsnitch:v2026.06.07
cartsnitch/cartsnitch:v2026.06.06
cartsnitch/cartsnitch:v2026.06.04
cartsnitch/cartsnitch:v2026.05.04
cartsnitch/cartsnitch:v2026.04.20
cartsnitch/cartsnitch:v2026.04.19.4
cartsnitch/cartsnitch:v2026.04.19.3
cartsnitch/cartsnitch:v2026.04.19.2
cartsnitch/cartsnitch:v2026.04.19
cartsnitch/cartsnitch:v2026.04.15.2
cartsnitch/cartsnitch:v2026.04.15
cartsnitch/cartsnitch:v2026.04.14.4
cartsnitch/cartsnitch:v2026.04.14.3
cartsnitch/cartsnitch:v2026.04.14.2
cartsnitch/cartsnitch:v2026.04.14
cartsnitch/cartsnitch:v2026.04.05
cartsnitch/cartsnitch:v2026.04.03.8
cartsnitch/cartsnitch:v2026.04.03.7
cartsnitch/cartsnitch:v2026.04.03.6
cartsnitch/cartsnitch:v2026.04.03.5
cartsnitch/cartsnitch:v2026.04.03.4
cartsnitch/cartsnitch:v2026.04.03.3
cartsnitch/cartsnitch:v2026.04.03.2
cartsnitch/cartsnitch:v2026.04.03
cartsnitch/cartsnitch:v2026.04.02
cartsnitch/cartsnitch:v2026.04.01.9
cartsnitch/cartsnitch:v2026.04.01.8
cartsnitch/cartsnitch:v2026.04.01.7
cartsnitch/cartsnitch:v2026.04.01.6
cartsnitch/cartsnitch:v2026.04.01.5
cartsnitch/cartsnitch:v2026.04.01.4
cartsnitch/cartsnitch:v2026.04.01.3
cartsnitch/cartsnitch:v2026.04.01.2
cartsnitch/cartsnitch:v2026.04.01
cartsnitch/cartsnitch:v2026.03.31.8
cartsnitch/cartsnitch:v2026.03.31.7
cartsnitch/cartsnitch:v2026.03.31.6
cartsnitch/cartsnitch:v2026.03.31.5
cartsnitch/cartsnitch:v2026.03.31.4
cartsnitch/cartsnitch:v2026.03.31.3
cartsnitch/cartsnitch:v2026.03.31.2
cartsnitch/cartsnitch:v2026.03.31
cartsnitch/cartsnitch:v2026.03.30.10
cartsnitch/cartsnitch:v2026.03.30.9
cartsnitch/cartsnitch:v2026.03.30.8
cartsnitch/cartsnitch:v2026.03.30.7
cartsnitch/cartsnitch:v2026.03.30.6
cartsnitch/cartsnitch:v2026.03.30.5
cartsnitch/cartsnitch:v2026.03.30.4
cartsnitch/cartsnitch:v2026.03.30.3
cartsnitch/cartsnitch:v2026.03.30.2
cartsnitch/cartsnitch:v2026.03.30
cartsnitch/cartsnitch:v2026.03.29.5
cartsnitch/cartsnitch:v2026.03.29.4
cartsnitch/cartsnitch:v2026.03.29.3
cartsnitch/cartsnitch:v2026.03.29.2
cartsnitch/cartsnitch:v2026.03.29
cartsnitch/cartsnitch:v2026.03.28.6
cartsnitch/cartsnitch:v2026.03.28.5
cartsnitch/cartsnitch:v2026.03.28.4
cartsnitch/cartsnitch:v2026.03.28.3
cartsnitch/cartsnitch:v2026.03.28.2
cartsnitch/cartsnitch:v2026.03.28
cartsnitch/cartsnitch:v2026.03.24.2
cartsnitch/cartsnitch:v2026.03.24
cartsnitch/cartsnitch:v2026.03.22.2
cartsnitch/cartsnitch:v2026.03.22
cartsnitch/cartsnitch:v2026.03.21.4
cartsnitch/cartsnitch:v2026.03.21.3
cartsnitch/cartsnitch:v2026.03.21.2
cartsnitch/cartsnitch:v2026.03.21
cartsnitch/cartsnitch:v2026.03.20.3
cartsnitch/cartsnitch:v2026.03.20.2
cartsnitch/cartsnitch:v2026.03.20
2 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 CartSnitch Engineer Bot
|
e151873bb3 |
Merge main into fix/restore-token-hash
Sync with upstream changes (frontend API route alignment) while preserving the SHA-256 token hashing fix. Co-Authored-By: Paperclip <noreply@paperclip.ing> |
||
|
CartSnitch Engineer Bot
|
3f9c683522 |
fix(api): restore SHA-256 session token hashing (regression from PR #95)
Better-Auth v1.5.6+ stores tokens as SHA-256 hashes in the sessions table. The raw cookie value must be hashed before querying so that stored-hash == computed-hash, restoring auth on all data endpoints. Also adopts SESSION_COOKIE_NAMES list from PR #95 so both pending PRs (cookie fix and hash fix) can merge without conflict. Fixes CAR-322. Regression from PR #95 (fix/secure-cookie-name). Co-Authored-By: Paperclip <noreply@paperclip.ing> |
1 changed files with 5 additions and 1 deletions
@@ -5,6 +5,7 @@ Sessions are verified by querying the shared sessions table directly.
|
||||
"""
|
||||
|
||||
from datetime import UTC, datetime
|
||||
from hashlib import sha256
|
||||
from uuid import UUID
|
||||
|
||||
from fastapi import Cookie, Depends, Header, HTTPException, Request, status
|
||||
@@ -31,10 +32,13 @@ async def _validate_session_token(token: str, db: AsyncSession) -> UUID:
|
||||
"""Validate a Better-Auth session token against the sessions table.
|
||||
|
||||
Returns the user_id (as UUID) if the session is valid and not expired.
|
||||
Better-Auth v1.5.6+ stores tokens as SHA-256 hashes, so we hash the
|
||||
incoming raw token before querying.
|
||||
"""
|
||||
hashed_token = sha256(token.encode("utf-8")).hexdigest()
|
||||
result = await db.execute(
|
||||
text("SELECT user_id, expires_at FROM sessions WHERE token = :token"),
|
||||
{"token": token},
|
||||
{"token": hashed_token},
|
||||
)
|
||||
row = result.first()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.