Michelle/redlight
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity

feat(caldav): add token_hash column and store SHA-256 hashed tokens
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m27s
Details

Browse Source
This commit is contained in:
Michelle
2026-03-04 09:17:31 +01:00
parent 6e301e2928
commit 2d919cdc67
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/config/database.js
View File

@@ -679,6 +679,12 @@ export async function initDatabase() {
`);
}
// CalDAV: add token_hash column for SHA-256 hashed token lookup
if (!(await db.columnExists('caldav_tokens', 'token_hash'))) {
await db.exec('ALTER TABLE caldav_tokens ADD COLUMN token_hash TEXT DEFAULT NULL');
await db.exec('CREATE INDEX IF NOT EXISTS idx_caldav_tokens_hash ON caldav_tokens(token_hash)');
}
// ── OAuth tables ────────────────────────────────────────────────────────
if (isPostgres) {
await db.exec(`

5
server/routes/calendar.js
View File

@@ -723,9 +723,10 @@ router.post('/caldav-tokens', authenticateToken, async (req, res) => {
return res.status(400).json({ error: 'Maximum of 10 tokens allowed' });
}
const token = crypto.randomBytes(32).toString('hex');
const tokenHash = crypto.createHash('sha256').update(token).digest('hex');
const result = await db.run(
'INSERT INTO caldav_tokens (user_id, token, name) VALUES (?, ?, ?)',
[req.user.id, token, name.trim()],
'INSERT INTO caldav_tokens (user_id, token, token_hash, name) VALUES (?, ?, ?, ?)',
[req.user.id, token, tokenHash, name.trim()],
);
res.status(201).json({
token: { id: result.lastInsertRowid, name: name.trim() },