cs_betty/cartsnitch-fork-test
1
0
Fork 0
forked from cartsnitch/cartsnitch
Code Pull Requests Activity
260 Commits 166 Branches 71 Tags
betty/fix-session-token-hash
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Barcode Betty 138033be9b fix(api): hash session token with SHA-256 before DB lookup 
Better-Auth v1.2+ stores SHA-256(raw_token) in the sessions.token
column. The cookie/Bearer header carries the raw token, so the API was
doing a plain-text lookup that would never match a hashed value —
causing all authenticated endpoints to return 401.

- Add hashlib import and hash token in _validate_session_token()
- Update conftest._create_test_user_and_session() to store hashed tokens
- Update test_expired_session_rejected() to store hashed tokens

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-04 19:00:09 +00:00
.github/workflows
fix(ci): use full SHA in docker/metadata-action tags
2026-04-04 05:31:04 +00:00
api
fix(api): hash session token with SHA-256 before DB lookup
2026-04-04 19:00:09 +00:00
auth
fix(auth): add UAT hostname to trustedOrigins
2026-04-04 04:18:03 +00:00
common
fix(api): escape percent signs in alembic database URL for configparser
2026-04-04 06:31:48 +00:00
content/marketing
Add shrinkflation consumer FAQ for April 1 series launch
2026-03-28 14:54:32 +00:00
docs
docs: add UAT runbook v1
2026-03-30 20:20:07 +00:00
e2e
fix(e2e): correct smoke test heading assertion to match Login page
2026-03-31 18:15:07 +00:00
public
feat(ci): add Lighthouse CI performance checks (#85)
2026-03-31 15:45:22 +00:00
receiptwitness
fix(receiptwitness): handle invalid timestamp in Mailgun webhook verification
2026-04-03 12:09:51 +00:00
scripts
feat(scripts): add dev environment seed script and K8s Job (#99)
2026-04-01 19:51:45 +00:00
src
fix: move email-in-address endpoint from /auth to /api/v1 prefix
2026-04-03 11:44:31 +00:00
.dockerignore
feat: add multi-stage Dockerfile for PWA
2026-03-18 13:26:57 +00:00
.gitignore
feat: migrate authentication to Better-Auth (Phase 1)
2026-03-28 04:46:10 +00:00
CLAUDE.md
feat: migrate authentication to Better-Auth (Phase 1)
2026-03-28 04:46:10 +00:00
Dockerfile
fix: add explicit USER 101 to prod stage Dockerfile
2026-03-22 16:06:00 +00:00
eslint.config.js
feat: add core PWA screens (auth, dashboard, purchases, products, alerts, settings)
2026-03-17 12:24:31 +00:00
index.html
feat: add core PWA screens (auth, dashboard, purchases, products, alerts, settings)
2026-03-17 12:24:31 +00:00
lighthouserc.json
fix(ci): disable FullPageScreenshot gatherer to prevent Chrome crash
2026-03-31 21:58:30 +00:00
nginx.conf
fix: update nginx listen port to 8080 for non-root operation
2026-03-22 01:27:31 +00:00
package-lock.json
fix(deps): resolve npm audit vulnerabilities (brace-expansion, lodash) (#108)
2026-04-03 13:23:20 +00:00
package.json
fix(deps): resolve npm audit vulnerabilities (brace-expansion, lodash) (#108)
2026-04-03 13:23:20 +00:00
playwright.config.ts
feat(e2e): add J1 and J8 journey tests
2026-03-31 16:49:36 +00:00
README.md
test
2026-03-30 00:50:51 +00:00
renovate.json
feat: add Renovate dependency update config
2026-03-18 18:21:31 +00:00
tsconfig.app.json
feat: add core PWA screens (auth, dashboard, purchases, products, alerts, settings)
2026-03-17 12:24:31 +00:00
tsconfig.json
feat: add core PWA screens (auth, dashboard, purchases, products, alerts, settings)
2026-03-17 12:24:31 +00:00
tsconfig.node.json
feat: add core PWA screens (auth, dashboard, purchases, products, alerts, settings)
2026-03-17 12:24:31 +00:00
vite.config.ts
feat: add core PWA screens (auth, dashboard, purchases, products, alerts, settings)
2026-03-17 12:24:31 +00:00
vitest.config.ts
fix(ci): exclude e2e tests from vitest
2026-03-30 19:49:23 +00:00

README.md

CartSnitch

View Git Blame Copy Permalink
S
Description
Consumer savings platform with grocery coupon tracking, deal alerts, and price comparison
Readme 1.9 MiB
Languages
Python 85.2%
TypeScript 13.5%
Shell 0.5%
Dockerfile 0.5%
Mako 0.1%