Barcode Betty 89293d1811 fix(api): hash session token with SHA-256 before DB lookup ...

Better-Auth v1.2+ stores SHA-256(raw_token) in the sessions.token
column. The cookie/Bearer header carries the raw token, so the API was
doing a plain-text lookup that would never match a hashed value —
causing all authenticated endpoints to return 401.

- Add hashlib import and hash token in _validate_session_token()
- Update conftest._create_test_user_and_session() to store hashed tokens
- Update test_expired_session_rejected() to store hashed tokens

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-04 19:00:09 +00:00

.github/workflows

fix(api): revert auth/type regressions from standalone sync, keep email-in feature only

2026-04-03 09:40:39 +00:00

alembic

fix(api): bootstrap users table in migration 007 + harden create_all

2026-04-04 17:10:29 +00:00

src/cartsnitch_api

fix(api): hash session token with SHA-256 before DB lookup

2026-04-04 19:00:09 +00:00

tests

fix(api): hash session token with SHA-256 before DB lookup

2026-04-04 19:00:09 +00:00

.dockerignore

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

.gitignore

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

alembic.ini

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

CLAUDE.md

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

Dockerfile

fix(api): make alembic migrations idempotent for fresh databases

2026-04-04 16:28:29 +00:00

pyproject.toml

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

renovate.json

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

S

Description

CartSnitch API gateway — frontend-facing REST API

266 KiB

Languages

Python 99.4%

Dockerfile 0.4%

Mako 0.2%