cartsnitch/cartsnitch
12
0
Fork 1
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: cartsnitch/cartsnitch:fix/secure-cookie-name
Branches Tags
cartsnitch/cartsnitch:main cartsnitch/cartsnitch:uat cartsnitch/cartsnitch:dev cartsnitch/cartsnitch:barcode-betty/car-1374-checkout-ref-match-base cartsnitch/cartsnitch:barcode-betty/car-1370-deploy-base-dev cartsnitch/cartsnitch:barcode-betty/car-1303-widen-alembic-via-migration cartsnitch/cartsnitch:betty/car-1078-email-worker-dragonfly-reset cartsnitch/cartsnitch:betty/car-1218-lighthouse-ci cartsnitch/cartsnitch:betty/car-1319-sha-tag-fix cartsnitch/cartsnitch:betty/car-1318-frontend-kustomize-bump-target cartsnitch/cartsnitch:betty/car-1276-auth-image-build-fix cartsnitch/cartsnitch:betty/car-1276-auth-health-error-log cartsnitch/cartsnitch:betty/car-1216-deploy-non-fail-merge cartsnitch/cartsnitch:betty/car-1215-react-router-audit cartsnitch/cartsnitch:barcode-betty/car-1078-email-worker-dragonfly-reset cartsnitch/cartsnitch:betty/car-964-gitea-registry-v2 cartsnitch/cartsnitch:barcode-betty/gitea-registry cartsnitch/cartsnitch:fix/dispose-engine-import cartsnitch/cartsnitch:carl/car-933-gitea-registry cartsnitch/cartsnitch:barcode-betty/fix-dispose-engine-import cartsnitch/cartsnitch:betty/fix-dead-dispose-engine-import cartsnitch/cartsnitch:betty/car-900-gitea-workflows cartsnitch/cartsnitch:barcode-betty/move-workflows-to-gitea cartsnitch/cartsnitch:betty/fix-gitea-ci-secrets cartsnitch/cartsnitch:betty/car-869-gitea-actions-cartsnitch cartsnitch/cartsnitch:betty/car-862-fix-auth-build cartsnitch/cartsnitch:betty/car-812-uat-seed-tooling cartsnitch/cartsnitch:betty/car-555-health-check-db cartsnitch/cartsnitch:feature/dragonfly-rate-limiting cartsnitch/cartsnitch:betty/car-749-remove-auth-ci cartsnitch/cartsnitch:fix/car-741-login-redirect-race-clean cartsnitch/cartsnitch:fix/car-741-login-redirect-race-v2 cartsnitch/cartsnitch:fix/car-741-login-redirect-race cartsnitch/cartsnitch:fix/car-709-receiptwitness-grype-cves cartsnitch/cartsnitch:fix/car-620-grype-ignore-and-cache-bust cartsnitch/cartsnitch:fix/car-656-deploy-commit-guard cartsnitch/cartsnitch:fix/car-663-bcrypt-cost-factor cartsnitch/cartsnitch:fix/car-676-axe-color-contrast cartsnitch/cartsnitch:betty/car-673-fix-e2e-playwright-mock-auth cartsnitch/cartsnitch:fix/car-665-eslint-unused-vars cartsnitch/cartsnitch:betty/car-548-email-verification cartsnitch/cartsnitch:betty/car-552-redis-rate-limiting cartsnitch/cartsnitch:fix/car-620-remaining-docker-cves cartsnitch/cartsnitch:fix/car-620-grype-only-fixed cartsnitch/cartsnitch:fix/car-616-remediate-docker-cves cartsnitch/cartsnitch:feature/grype-image-scanning cartsnitch/cartsnitch:fix/car-608-auth-health-check cartsnitch/cartsnitch:fix/auth-config-validation cartsnitch/cartsnitch:betty/car-553-redis-cache cartsnitch/cartsnitch:betty/car-554-audit-logging cartsnitch/cartsnitch:betty/car-551-remove-mock-auth cartsnitch/cartsnitch:feature/trivy-image-scanning cartsnitch/cartsnitch:betty/car-599-vite-audit-fix cartsnitch/cartsnitch:betty/car-580-n1-normalization-query cartsnitch/cartsnitch:fix/receiptwitness-config-validation cartsnitch/cartsnitch:feature/cart-550-api-lifespan-pooling cartsnitch/cartsnitch:fix/cors-security-headers cartsnitch/cartsnitch:feature/public-endpoint-validation cartsnitch/cartsnitch:fix/rate-limit-token-hash cartsnitch/cartsnitch:fix/hardcoded-secrets cartsnitch/cartsnitch:betty/fix-alembic-create-all-commit cartsnitch/cartsnitch:betty/car-517-domain-tables-migration cartsnitch/cartsnitch:betty/fix-alembic-model-import cartsnitch/cartsnitch:betty/fix-session-cookie-parsing cartsnitch/cartsnitch:betty/fix-api-database-url-fallback cartsnitch/cartsnitch:betty/revert-sha256-session-hash cartsnitch/cartsnitch:betty/fix-session-token-hash cartsnitch/cartsnitch:betty/fix-secure-session-cookie cartsnitch/cartsnitch:fix/alembic-version-table-width cartsnitch/cartsnitch:betty/fix-uat-users-table-bootstrap cartsnitch/cartsnitch:betty/fix-alembic-fresh-db cartsnitch/cartsnitch:betty/fix-libpq5-dockerfile cartsnitch/cartsnitch:fix/alembic-percent-escape cartsnitch/cartsnitch:betty/fix-email-inbound-token-server-default cartsnitch/cartsnitch:betty/fix-sha-tag-format-long cartsnitch/cartsnitch:betty/fix-ci-dev-uat-branches cartsnitch/cartsnitch:betty/fix-alembic-dockerfile cartsnitch/cartsnitch:betty/fix-uat-trustedorigins cartsnitch/cartsnitch:feat/sync-common-email-inbound-token cartsnitch/cartsnitch:fix/ci-api-dockerfile-path cartsnitch/cartsnitch:fix/ci-deploy-race cartsnitch/cartsnitch:fix/email-in-address-hotfix cartsnitch/cartsnitch:feat/ci-deploy-uat cartsnitch/cartsnitch:fix/npm-audit-vulnerabilities cartsnitch/cartsnitch:pr108 cartsnitch/cartsnitch:fix/inbound-email-500 cartsnitch/cartsnitch:fix/email-in-address-routing cartsnitch/cartsnitch:feat/email-in-settings cartsnitch/cartsnitch:sync/api-2026-04-03 cartsnitch/cartsnitch:sync/receiptwitness-2026-04-03 cartsnitch/cartsnitch:fix/api-date-schema-types cartsnitch/cartsnitch:fix/dashboard-hardcoded-product-ids cartsnitch/cartsnitch:fix/remove-timestamp-mixin-from-mismatched-models cartsnitch/cartsnitch:feature/dev-seed-script cartsnitch/cartsnitch:fix/user-id-str-type cartsnitch/cartsnitch:fix/signed-cookie-parsing cartsnitch/cartsnitch:fix/restore-token-hash cartsnitch/cartsnitch:fix/secure-cookie-name cartsnitch/cartsnitch:fix/frontend-api-routes cartsnitch/cartsnitch:fix/session-token-hash cartsnitch/cartsnitch:fix/api-v1-prefix cartsnitch/cartsnitch:fix/registration-redirect cartsnitch/cartsnitch:fix/lighthouse-ci-crash cartsnitch/cartsnitch:fix/api-auto-migration cartsnitch/cartsnitch:feat/e2e-journey-tests cartsnitch/cartsnitch:fix/users-id-text cartsnitch/cartsnitch:feat/lighthouse-ci cartsnitch/cartsnitch:feat/axe-core-playwright cartsnitch/cartsnitch:fix/deploy-dev-resilient cartsnitch/cartsnitch:feat/ci-npm-audit cartsnitch/cartsnitch:fix/dockerhub-login-cicd cartsnitch/cartsnitch:fix/deploy-dev-resilient-v2 cartsnitch/cartsnitch:fix/auth-session-table-mapping cartsnitch/cartsnitch:fix/api-dockerfile-libpq cartsnitch/cartsnitch:fix/deploy-dev-resilience cartsnitch/cartsnitch:feat/ci-api-image-build-v3 cartsnitch/cartsnitch:feat/ci-api-image-build-v2 cartsnitch/cartsnitch:feat/playwright-setup cartsnitch/cartsnitch:feat/msw-integration-tests cartsnitch/cartsnitch:feat/ci-api-image-build cartsnitch/cartsnitch:fix/remove-polyrepo-ci-leftovers cartsnitch/cartsnitch:fix/receiptwitness-local-common cartsnitch/cartsnitch:feat/api-alembic-dockerfile cartsnitch/cartsnitch:feat/ci-receiptwitness-build cartsnitch/cartsnitch:fix/alembic-in-dockerfile cartsnitch/cartsnitch:docs/uat-runbook cartsnitch/cartsnitch:fix/hashed-password-nullable cartsnitch/cartsnitch:feat/utility-functions-tests cartsnitch/cartsnitch:fix/auth-url-same-origin cartsnitch/cartsnitch:fix/auth-contract-mismatch cartsnitch/cartsnitch:feat/add-auth-image-to-deploy-dev cartsnitch/cartsnitch:fix/deploy-dev-kustomize-install-clean cartsnitch/cartsnitch:feat/uat-seed-user cartsnitch/cartsnitch:fix/seed-uat-ctofixes cartsnitch/cartsnitch:feature/better-auth cartsnitch/cartsnitch:fix/deploy-dev-install-kustomize cartsnitch/cartsnitch:fix/deploy-dev-github-app-token-cross-repo cartsnitch/cartsnitch:remove-trigger-uat cartsnitch/cartsnitch:charlie/ci-remove-trigger-uat cartsnitch/cartsnitch:feat/deploy-dev-uat-trigger cartsnitch/cartsnitch:feature/repo-consolidation cartsnitch/cartsnitch:content/shrinkflation-consumer-faq cartsnitch/cartsnitch:content/launch-marketing-pages cartsnitch/cartsnitch:debbie/proper-cache-and-dockerhub-cleanup cartsnitch/cartsnitch:debbie/fix-frontend-docker-cache cartsnitch/cartsnitch:fix/dockerfile-numeric-uid cartsnitch/cartsnitch:fix/frontend-dockerfile-user-101 cartsnitch/cartsnitch:content/what-is-unit-price cartsnitch/cartsnitch:content/cartsnitch-vs-flipp cartsnitch/cartsnitch:fix/non-root-nginx cartsnitch/cartsnitch:content/shrinkflation-series-social-copy cartsnitch/cartsnitch:content/shrinkflation-top-10 cartsnitch/cartsnitch:content/fix-launch-stats cartsnitch/cartsnitch:content/email-welcome-sequence-links cartsnitch/cartsnitch:content/pre-launch-social-mar25-26 cartsnitch/cartsnitch:content/shrinkflation-series-alignment cartsnitch/cartsnitch:content/shrinkflation-series-1-cereal cartsnitch/cartsnitch:content/founder-blog-post cartsnitch/cartsnitch:content/launch-calendar cartsnitch/cartsnitch:content/seo-comparison-article cartsnitch/cartsnitch:content/phase-2-onboarding-faq cartsnitch/cartsnitch:fix/dockerhub-auth-rate-limit cartsnitch/cartsnitch:test/arc-runner-validation cartsnitch/cartsnitch:calver-tagging cartsnitch/cartsnitch:frankie/add-marketing-content cartsnitch/cartsnitch:fix/runner-label cartsnitch/cartsnitch:fix/ci-runner-and-mirrors cartsnitch/cartsnitch:fix/ci-runner-label cartsnitch/cartsnitch:revert-ghcr-mirrors cartsnitch/cartsnitch:fix/dockerfile-use-dockerhub-images cartsnitch/cartsnitch:fix/ghcr-mirror-base-images cartsnitch/cartsnitch:fix/ci-remove-dockerhub-login cartsnitch/cartsnitch:fix/ci-docker-ratelimit cartsnitch/cartsnitch:feature/dockerfile cartsnitch/cartsnitch:feature/core-screens cartsnitch/cartsnitch:feature/renovate-config cartsnitch/cartsnitch:ci/add-github-actions
cartsnitch/cartsnitch:v2026.06.08 cartsnitch/cartsnitch:v2026.06.07 cartsnitch/cartsnitch:v2026.06.06 cartsnitch/cartsnitch:v2026.06.04 cartsnitch/cartsnitch:v2026.05.04 cartsnitch/cartsnitch:v2026.04.20 cartsnitch/cartsnitch:v2026.04.19.4 cartsnitch/cartsnitch:v2026.04.19.3 cartsnitch/cartsnitch:v2026.04.19.2 cartsnitch/cartsnitch:v2026.04.19 cartsnitch/cartsnitch:v2026.04.15.2 cartsnitch/cartsnitch:v2026.04.15 cartsnitch/cartsnitch:v2026.04.14.4 cartsnitch/cartsnitch:v2026.04.14.3 cartsnitch/cartsnitch:v2026.04.14.2 cartsnitch/cartsnitch:v2026.04.14 cartsnitch/cartsnitch:v2026.04.05 cartsnitch/cartsnitch:v2026.04.03.8 cartsnitch/cartsnitch:v2026.04.03.7 cartsnitch/cartsnitch:v2026.04.03.6 cartsnitch/cartsnitch:v2026.04.03.5 cartsnitch/cartsnitch:v2026.04.03.4 cartsnitch/cartsnitch:v2026.04.03.3 cartsnitch/cartsnitch:v2026.04.03.2 cartsnitch/cartsnitch:v2026.04.03 cartsnitch/cartsnitch:v2026.04.02 cartsnitch/cartsnitch:v2026.04.01.9 cartsnitch/cartsnitch:v2026.04.01.8 cartsnitch/cartsnitch:v2026.04.01.7 cartsnitch/cartsnitch:v2026.04.01.6 cartsnitch/cartsnitch:v2026.04.01.5 cartsnitch/cartsnitch:v2026.04.01.4 cartsnitch/cartsnitch:v2026.04.01.3 cartsnitch/cartsnitch:v2026.04.01.2 cartsnitch/cartsnitch:v2026.04.01 cartsnitch/cartsnitch:v2026.03.31.8 cartsnitch/cartsnitch:v2026.03.31.7 cartsnitch/cartsnitch:v2026.03.31.6 cartsnitch/cartsnitch:v2026.03.31.5 cartsnitch/cartsnitch:v2026.03.31.4 cartsnitch/cartsnitch:v2026.03.31.3 cartsnitch/cartsnitch:v2026.03.31.2 cartsnitch/cartsnitch:v2026.03.31 cartsnitch/cartsnitch:v2026.03.30.10 cartsnitch/cartsnitch:v2026.03.30.9 cartsnitch/cartsnitch:v2026.03.30.8 cartsnitch/cartsnitch:v2026.03.30.7 cartsnitch/cartsnitch:v2026.03.30.6 cartsnitch/cartsnitch:v2026.03.30.5 cartsnitch/cartsnitch:v2026.03.30.4 cartsnitch/cartsnitch:v2026.03.30.3 cartsnitch/cartsnitch:v2026.03.30.2 cartsnitch/cartsnitch:v2026.03.30 cartsnitch/cartsnitch:v2026.03.29.5 cartsnitch/cartsnitch:v2026.03.29.4 cartsnitch/cartsnitch:v2026.03.29.3 cartsnitch/cartsnitch:v2026.03.29.2 cartsnitch/cartsnitch:v2026.03.29 cartsnitch/cartsnitch:v2026.03.28.6 cartsnitch/cartsnitch:v2026.03.28.5 cartsnitch/cartsnitch:v2026.03.28.4 cartsnitch/cartsnitch:v2026.03.28.3 cartsnitch/cartsnitch:v2026.03.28.2 cartsnitch/cartsnitch:v2026.03.28 cartsnitch/cartsnitch:v2026.03.24.2 cartsnitch/cartsnitch:v2026.03.24 cartsnitch/cartsnitch:v2026.03.22.2 cartsnitch/cartsnitch:v2026.03.22 cartsnitch/cartsnitch:v2026.03.21.4 cartsnitch/cartsnitch:v2026.03.21.3 cartsnitch/cartsnitch:v2026.03.21.2 cartsnitch/cartsnitch:v2026.03.21 cartsnitch/cartsnitch:v2026.03.20.3 cartsnitch/cartsnitch:v2026.03.20.2 cartsnitch/cartsnitch:v2026.03.20
...
pull from: cartsnitch/cartsnitch:fix/signed-cookie-parsing
Branches Tags
cartsnitch/cartsnitch:main cartsnitch/cartsnitch:uat cartsnitch/cartsnitch:dev cartsnitch/cartsnitch:barcode-betty/car-1374-checkout-ref-match-base cartsnitch/cartsnitch:barcode-betty/car-1370-deploy-base-dev cartsnitch/cartsnitch:barcode-betty/car-1303-widen-alembic-via-migration cartsnitch/cartsnitch:betty/car-1078-email-worker-dragonfly-reset cartsnitch/cartsnitch:betty/car-1218-lighthouse-ci cartsnitch/cartsnitch:betty/car-1319-sha-tag-fix cartsnitch/cartsnitch:betty/car-1318-frontend-kustomize-bump-target cartsnitch/cartsnitch:betty/car-1276-auth-image-build-fix cartsnitch/cartsnitch:betty/car-1276-auth-health-error-log cartsnitch/cartsnitch:betty/car-1216-deploy-non-fail-merge cartsnitch/cartsnitch:betty/car-1215-react-router-audit cartsnitch/cartsnitch:barcode-betty/car-1078-email-worker-dragonfly-reset cartsnitch/cartsnitch:betty/car-964-gitea-registry-v2 cartsnitch/cartsnitch:barcode-betty/gitea-registry cartsnitch/cartsnitch:fix/dispose-engine-import cartsnitch/cartsnitch:carl/car-933-gitea-registry cartsnitch/cartsnitch:barcode-betty/fix-dispose-engine-import cartsnitch/cartsnitch:betty/fix-dead-dispose-engine-import cartsnitch/cartsnitch:betty/car-900-gitea-workflows cartsnitch/cartsnitch:barcode-betty/move-workflows-to-gitea cartsnitch/cartsnitch:betty/fix-gitea-ci-secrets cartsnitch/cartsnitch:betty/car-869-gitea-actions-cartsnitch cartsnitch/cartsnitch:betty/car-862-fix-auth-build cartsnitch/cartsnitch:betty/car-812-uat-seed-tooling cartsnitch/cartsnitch:betty/car-555-health-check-db cartsnitch/cartsnitch:feature/dragonfly-rate-limiting cartsnitch/cartsnitch:betty/car-749-remove-auth-ci cartsnitch/cartsnitch:fix/car-741-login-redirect-race-clean cartsnitch/cartsnitch:fix/car-741-login-redirect-race-v2 cartsnitch/cartsnitch:fix/car-741-login-redirect-race cartsnitch/cartsnitch:fix/car-709-receiptwitness-grype-cves cartsnitch/cartsnitch:fix/car-620-grype-ignore-and-cache-bust cartsnitch/cartsnitch:fix/car-656-deploy-commit-guard cartsnitch/cartsnitch:fix/car-663-bcrypt-cost-factor cartsnitch/cartsnitch:fix/car-676-axe-color-contrast cartsnitch/cartsnitch:betty/car-673-fix-e2e-playwright-mock-auth cartsnitch/cartsnitch:fix/car-665-eslint-unused-vars cartsnitch/cartsnitch:betty/car-548-email-verification cartsnitch/cartsnitch:betty/car-552-redis-rate-limiting cartsnitch/cartsnitch:fix/car-620-remaining-docker-cves cartsnitch/cartsnitch:fix/car-620-grype-only-fixed cartsnitch/cartsnitch:fix/car-616-remediate-docker-cves cartsnitch/cartsnitch:feature/grype-image-scanning cartsnitch/cartsnitch:fix/car-608-auth-health-check cartsnitch/cartsnitch:fix/auth-config-validation cartsnitch/cartsnitch:betty/car-553-redis-cache cartsnitch/cartsnitch:betty/car-554-audit-logging cartsnitch/cartsnitch:betty/car-551-remove-mock-auth cartsnitch/cartsnitch:feature/trivy-image-scanning cartsnitch/cartsnitch:betty/car-599-vite-audit-fix cartsnitch/cartsnitch:betty/car-580-n1-normalization-query cartsnitch/cartsnitch:fix/receiptwitness-config-validation cartsnitch/cartsnitch:feature/cart-550-api-lifespan-pooling cartsnitch/cartsnitch:fix/cors-security-headers cartsnitch/cartsnitch:feature/public-endpoint-validation cartsnitch/cartsnitch:fix/rate-limit-token-hash cartsnitch/cartsnitch:fix/hardcoded-secrets cartsnitch/cartsnitch:betty/fix-alembic-create-all-commit cartsnitch/cartsnitch:betty/car-517-domain-tables-migration cartsnitch/cartsnitch:betty/fix-alembic-model-import cartsnitch/cartsnitch:betty/fix-session-cookie-parsing cartsnitch/cartsnitch:betty/fix-api-database-url-fallback cartsnitch/cartsnitch:betty/revert-sha256-session-hash cartsnitch/cartsnitch:betty/fix-session-token-hash cartsnitch/cartsnitch:betty/fix-secure-session-cookie cartsnitch/cartsnitch:fix/alembic-version-table-width cartsnitch/cartsnitch:betty/fix-uat-users-table-bootstrap cartsnitch/cartsnitch:betty/fix-alembic-fresh-db cartsnitch/cartsnitch:betty/fix-libpq5-dockerfile cartsnitch/cartsnitch:fix/alembic-percent-escape cartsnitch/cartsnitch:betty/fix-email-inbound-token-server-default cartsnitch/cartsnitch:betty/fix-sha-tag-format-long cartsnitch/cartsnitch:betty/fix-ci-dev-uat-branches cartsnitch/cartsnitch:betty/fix-alembic-dockerfile cartsnitch/cartsnitch:betty/fix-uat-trustedorigins cartsnitch/cartsnitch:feat/sync-common-email-inbound-token cartsnitch/cartsnitch:fix/ci-api-dockerfile-path cartsnitch/cartsnitch:fix/ci-deploy-race cartsnitch/cartsnitch:fix/email-in-address-hotfix cartsnitch/cartsnitch:feat/ci-deploy-uat cartsnitch/cartsnitch:fix/npm-audit-vulnerabilities cartsnitch/cartsnitch:pr108 cartsnitch/cartsnitch:fix/inbound-email-500 cartsnitch/cartsnitch:fix/email-in-address-routing cartsnitch/cartsnitch:feat/email-in-settings cartsnitch/cartsnitch:sync/api-2026-04-03 cartsnitch/cartsnitch:sync/receiptwitness-2026-04-03 cartsnitch/cartsnitch:fix/api-date-schema-types cartsnitch/cartsnitch:fix/dashboard-hardcoded-product-ids cartsnitch/cartsnitch:fix/remove-timestamp-mixin-from-mismatched-models cartsnitch/cartsnitch:feature/dev-seed-script cartsnitch/cartsnitch:fix/user-id-str-type cartsnitch/cartsnitch:fix/signed-cookie-parsing cartsnitch/cartsnitch:fix/restore-token-hash cartsnitch/cartsnitch:fix/secure-cookie-name cartsnitch/cartsnitch:fix/frontend-api-routes cartsnitch/cartsnitch:fix/session-token-hash cartsnitch/cartsnitch:fix/api-v1-prefix cartsnitch/cartsnitch:fix/registration-redirect cartsnitch/cartsnitch:fix/lighthouse-ci-crash cartsnitch/cartsnitch:fix/api-auto-migration cartsnitch/cartsnitch:feat/e2e-journey-tests cartsnitch/cartsnitch:fix/users-id-text cartsnitch/cartsnitch:feat/lighthouse-ci cartsnitch/cartsnitch:feat/axe-core-playwright cartsnitch/cartsnitch:fix/deploy-dev-resilient cartsnitch/cartsnitch:feat/ci-npm-audit cartsnitch/cartsnitch:fix/dockerhub-login-cicd cartsnitch/cartsnitch:fix/deploy-dev-resilient-v2 cartsnitch/cartsnitch:fix/auth-session-table-mapping cartsnitch/cartsnitch:fix/api-dockerfile-libpq cartsnitch/cartsnitch:fix/deploy-dev-resilience cartsnitch/cartsnitch:feat/ci-api-image-build-v3 cartsnitch/cartsnitch:feat/ci-api-image-build-v2 cartsnitch/cartsnitch:feat/playwright-setup cartsnitch/cartsnitch:feat/msw-integration-tests cartsnitch/cartsnitch:feat/ci-api-image-build cartsnitch/cartsnitch:fix/remove-polyrepo-ci-leftovers cartsnitch/cartsnitch:fix/receiptwitness-local-common cartsnitch/cartsnitch:feat/api-alembic-dockerfile cartsnitch/cartsnitch:feat/ci-receiptwitness-build cartsnitch/cartsnitch:fix/alembic-in-dockerfile cartsnitch/cartsnitch:docs/uat-runbook cartsnitch/cartsnitch:fix/hashed-password-nullable cartsnitch/cartsnitch:feat/utility-functions-tests cartsnitch/cartsnitch:fix/auth-url-same-origin cartsnitch/cartsnitch:fix/auth-contract-mismatch cartsnitch/cartsnitch:feat/add-auth-image-to-deploy-dev cartsnitch/cartsnitch:fix/deploy-dev-kustomize-install-clean cartsnitch/cartsnitch:feat/uat-seed-user cartsnitch/cartsnitch:fix/seed-uat-ctofixes cartsnitch/cartsnitch:feature/better-auth cartsnitch/cartsnitch:fix/deploy-dev-install-kustomize cartsnitch/cartsnitch:fix/deploy-dev-github-app-token-cross-repo cartsnitch/cartsnitch:remove-trigger-uat cartsnitch/cartsnitch:charlie/ci-remove-trigger-uat cartsnitch/cartsnitch:feat/deploy-dev-uat-trigger cartsnitch/cartsnitch:feature/repo-consolidation cartsnitch/cartsnitch:content/shrinkflation-consumer-faq cartsnitch/cartsnitch:content/launch-marketing-pages cartsnitch/cartsnitch:debbie/proper-cache-and-dockerhub-cleanup cartsnitch/cartsnitch:debbie/fix-frontend-docker-cache cartsnitch/cartsnitch:fix/dockerfile-numeric-uid cartsnitch/cartsnitch:fix/frontend-dockerfile-user-101 cartsnitch/cartsnitch:content/what-is-unit-price cartsnitch/cartsnitch:content/cartsnitch-vs-flipp cartsnitch/cartsnitch:fix/non-root-nginx cartsnitch/cartsnitch:content/shrinkflation-series-social-copy cartsnitch/cartsnitch:content/shrinkflation-top-10 cartsnitch/cartsnitch:content/fix-launch-stats cartsnitch/cartsnitch:content/email-welcome-sequence-links cartsnitch/cartsnitch:content/pre-launch-social-mar25-26 cartsnitch/cartsnitch:content/shrinkflation-series-alignment cartsnitch/cartsnitch:content/shrinkflation-series-1-cereal cartsnitch/cartsnitch:content/founder-blog-post cartsnitch/cartsnitch:content/launch-calendar cartsnitch/cartsnitch:content/seo-comparison-article cartsnitch/cartsnitch:content/phase-2-onboarding-faq cartsnitch/cartsnitch:fix/dockerhub-auth-rate-limit cartsnitch/cartsnitch:test/arc-runner-validation cartsnitch/cartsnitch:calver-tagging cartsnitch/cartsnitch:frankie/add-marketing-content cartsnitch/cartsnitch:fix/runner-label cartsnitch/cartsnitch:fix/ci-runner-and-mirrors cartsnitch/cartsnitch:fix/ci-runner-label cartsnitch/cartsnitch:revert-ghcr-mirrors cartsnitch/cartsnitch:fix/dockerfile-use-dockerhub-images cartsnitch/cartsnitch:fix/ghcr-mirror-base-images cartsnitch/cartsnitch:fix/ci-remove-dockerhub-login cartsnitch/cartsnitch:fix/ci-docker-ratelimit cartsnitch/cartsnitch:feature/dockerfile cartsnitch/cartsnitch:feature/core-screens cartsnitch/cartsnitch:feature/renovate-config cartsnitch/cartsnitch:ci/add-github-actions
cartsnitch/cartsnitch:v2026.06.08 cartsnitch/cartsnitch:v2026.06.07 cartsnitch/cartsnitch:v2026.06.06 cartsnitch/cartsnitch:v2026.06.04 cartsnitch/cartsnitch:v2026.05.04 cartsnitch/cartsnitch:v2026.04.20 cartsnitch/cartsnitch:v2026.04.19.4 cartsnitch/cartsnitch:v2026.04.19.3 cartsnitch/cartsnitch:v2026.04.19.2 cartsnitch/cartsnitch:v2026.04.19 cartsnitch/cartsnitch:v2026.04.15.2 cartsnitch/cartsnitch:v2026.04.15 cartsnitch/cartsnitch:v2026.04.14.4 cartsnitch/cartsnitch:v2026.04.14.3 cartsnitch/cartsnitch:v2026.04.14.2 cartsnitch/cartsnitch:v2026.04.14 cartsnitch/cartsnitch:v2026.04.05 cartsnitch/cartsnitch:v2026.04.03.8 cartsnitch/cartsnitch:v2026.04.03.7 cartsnitch/cartsnitch:v2026.04.03.6 cartsnitch/cartsnitch:v2026.04.03.5 cartsnitch/cartsnitch:v2026.04.03.4 cartsnitch/cartsnitch:v2026.04.03.3 cartsnitch/cartsnitch:v2026.04.03.2 cartsnitch/cartsnitch:v2026.04.03 cartsnitch/cartsnitch:v2026.04.02 cartsnitch/cartsnitch:v2026.04.01.9 cartsnitch/cartsnitch:v2026.04.01.8 cartsnitch/cartsnitch:v2026.04.01.7 cartsnitch/cartsnitch:v2026.04.01.6 cartsnitch/cartsnitch:v2026.04.01.5 cartsnitch/cartsnitch:v2026.04.01.4 cartsnitch/cartsnitch:v2026.04.01.3 cartsnitch/cartsnitch:v2026.04.01.2 cartsnitch/cartsnitch:v2026.04.01 cartsnitch/cartsnitch:v2026.03.31.8 cartsnitch/cartsnitch:v2026.03.31.7 cartsnitch/cartsnitch:v2026.03.31.6 cartsnitch/cartsnitch:v2026.03.31.5 cartsnitch/cartsnitch:v2026.03.31.4 cartsnitch/cartsnitch:v2026.03.31.3 cartsnitch/cartsnitch:v2026.03.31.2 cartsnitch/cartsnitch:v2026.03.31 cartsnitch/cartsnitch:v2026.03.30.10 cartsnitch/cartsnitch:v2026.03.30.9 cartsnitch/cartsnitch:v2026.03.30.8 cartsnitch/cartsnitch:v2026.03.30.7 cartsnitch/cartsnitch:v2026.03.30.6 cartsnitch/cartsnitch:v2026.03.30.5 cartsnitch/cartsnitch:v2026.03.30.4 cartsnitch/cartsnitch:v2026.03.30.3 cartsnitch/cartsnitch:v2026.03.30.2 cartsnitch/cartsnitch:v2026.03.30 cartsnitch/cartsnitch:v2026.03.29.5 cartsnitch/cartsnitch:v2026.03.29.4 cartsnitch/cartsnitch:v2026.03.29.3 cartsnitch/cartsnitch:v2026.03.29.2 cartsnitch/cartsnitch:v2026.03.29 cartsnitch/cartsnitch:v2026.03.28.6 cartsnitch/cartsnitch:v2026.03.28.5 cartsnitch/cartsnitch:v2026.03.28.4 cartsnitch/cartsnitch:v2026.03.28.3 cartsnitch/cartsnitch:v2026.03.28.2 cartsnitch/cartsnitch:v2026.03.28 cartsnitch/cartsnitch:v2026.03.24.2 cartsnitch/cartsnitch:v2026.03.24 cartsnitch/cartsnitch:v2026.03.22.2 cartsnitch/cartsnitch:v2026.03.22 cartsnitch/cartsnitch:v2026.03.21.4 cartsnitch/cartsnitch:v2026.03.21.3 cartsnitch/cartsnitch:v2026.03.21.2 cartsnitch/cartsnitch:v2026.03.21 cartsnitch/cartsnitch:v2026.03.20.3 cartsnitch/cartsnitch:v2026.03.20.2 cartsnitch/cartsnitch:v2026.03.20

3 Commits
fix/secure-cookie-name ... fix/signed-cookie-parsing

Author SHA1 Message Date
CartSnitch Engineer Bot 2f37f0501f fix(api): parse signed session cookie instead of SHA-256 hashing 
Better-Auth v1.5.6 stores raw tokens in sessions.token, not SHA-256
hashes. The session cookie is signed (rawToken.hmacSignature), so
strip the HMAC signature suffix before querying the DB.

Fixes 401 errors on all data endpoints caused by the incorrect hash.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-01 11:09:29 +00:00
cartsnitch-cto[bot] 4c36fd4156 fix(api): restore SHA-256 session token hashing (regression from PR #95) 
Restores sha256 import and token hashing in _validate_session_token.

Regression introduced when PR #95 (cookie name fix) was merged without
the hash fix from PR #93.

QA approved: CAR-324 (Checkout Charlie)
CTO approved: Paperclip (Savannah Savings)
Resolves CAR-323

cc @cpfarhood
 2026-04-01 10:29:05 +00:00
cartsnitch-ceo[bot] c9172f088f fix(api): read __Secure- prefixed session cookie for HTTPS environments 
Merges fix/secure-cookie-name. Resolves CAR-321.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-01 08:16:41 +00:00
1 changed files with 6 additions and 1 deletions
Expand all files Collapse all files
api/src/cartsnitch_api/auth/dependencies.py
+6 -1
View File
@@ -31,10 +31,15 @@ async def _validate_session_token(token: str, db: AsyncSession) -> UUID:
"""Validate a Better-Auth session token against the sessions table.
Returns the user_id (as UUID) if the session is valid and not expired.
Better-Auth v1.5.6 stores raw tokens in the DB. The session cookie
is signed: ``rawToken.base64HMACSignature``. Strip the signature
before querying.
"""
# Signed cookie format: rawToken.hmacSignature — split and use only the token part
raw_token = token.split(".")[0] if "." in token else token
result = await db.execute(
text("SELECT user_id, expires_at FROM sessions WHERE token = :token"),
{"token": token},
{"token": raw_token},
)
row = result.first()