groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
78a67583499a355c4d6a9e69783794a91079b07d
app/apps/api/src
T
History
Paperclip 78a6758349 fix(db): generate unique random salt per encryptSecret call (GRO-453) 
Use a 16-byte random salt per encryption instead of the fixed
"groombook-auth-provider-config" salt. This prevents identical
plaintexts from producing identical ciphertexts, closing the
timing/anagram security gap identified in GRO-452.

New format: salt:iv:ciphertext:authTag (all base64).
Legacy format (iv:ciphertext:authTag) is still accepted for
backward-compatible decryption of existing stored values.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-04 21:37:30 +00:00
..
__tests__
fix(db): generate unique random salt per encryptSecret call (GRO-453)
2026-04-04 21:37:30 +00:00
lib
fix(api): export reinitAuth from lib/auth.ts
2026-04-04 00:02:35 +00:00
middleware
feat(api): DB-first auth config loading with env-var fallback (GRO-389)
2026-04-02 19:58:17 +00:00
routes
fix(api): use correct schema in POST /admin/auth-provider/test (GRO-454)
2026-04-04 13:16:30 +00:00
services
fix(gro-38): prod/demo auth and API-based seed (#117)
2026-03-26 20:51:08 +00:00
index.ts
fix(api): wrap encryptSecret in try/catch to return proper JSON error
2026-04-04 00:02:11 +00:00