pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-28 15:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

hash device codes

Browse Source
This commit is contained in:
miloschwartz
2025-11-03 17:03:46 -08:00
parent 5746d69f98
commit 0790f37f5e
3 changed files with 40 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/routers/auth/pollDeviceWebAuth.ts
View File

@@ -11,6 +11,8 @@ import {
createSession,
generateSessionToken
} from "@server/auth/sessions/app";
import { encodeHexLowerCase } from "@oslojs/encoding";
import { sha256 } from "@oslojs/crypto/sha2";
const paramsSchema = z.object({
code: z.string().min(1, "Code is required")
@@ -18,6 +20,13 @@ const paramsSchema = z.object({
export type PollDeviceWebAuthParams = z.infer<typeof paramsSchema>;
// Helper function to hash device code before querying database
function hashDeviceCode(code: string): string {
return encodeHexLowerCase(
sha256(new TextEncoder().encode(code))
);
}
export type PollDeviceWebAuthResponse = {
verified: boolean;
token?: string;
@@ -68,11 +77,14 @@ export async function pollDeviceWebAuth(
const now = Date.now();
const requestIp = extractIpFromRequest(req);
// Hash the code before querying
const hashedCode = hashDeviceCode(code);
// Find the code in the database
const [deviceCode] = await db
.select()
.from(deviceWebAuthCodes)
.where(eq(deviceWebAuthCodes.code, code))
.where(eq(deviceWebAuthCodes.code, hashedCode))
.limit(1);
if (!deviceCode) {