bcfc19e530
Code-review feedback: - Dummy hash for user-enumeration-defense timing was 63 chars (bcrypt strings are 60 chars). Worked by accident because bcrypt 5.x is lenient about trailing chars; a future tightening would silently regress the timing defense. Replaced with a real pre-computed bcrypt hash. - last_login_at UPDATE now logs errors instead of silently swallowing them, matching the pattern in requireAuth for api_tokens.last_used_at. - Removed dead import of comparePassword from auth.test.js. |
||
|---|---|---|
| .. | ||
| capture | ||
| mam-api | ||
| node-agent | ||
| premiere-plugin | ||
| web-ui | ||
| worker | ||