WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions
dragonflight/services/mam-api/test
History
Zac Gaetano bcfc19e530 fix(mam-api): real dummy bcrypt hash + log last_login_at failures 
Code-review feedback:
- Dummy hash for user-enumeration-defense timing was 63 chars (bcrypt strings
  are 60 chars). Worked by accident because bcrypt 5.x is lenient about
  trailing chars; a future tightening would silently regress the timing
  defense. Replaced with a real pre-computed bcrypt hash.
- last_login_at UPDATE now logs errors instead of silently swallowing them,
  matching the pattern in requireAuth for api_tokens.last_used_at.
- Removed dead import of comparePassword from auth.test.js.
2026-05-27 14:35:59 -04:00
..
auth feat(mam-api): auth utilities — password hash/compare + token gen/hash/parse 2026-05-27 13:51:15 -04:00
helpers chore(mam-api): wire node:test runner + test app + DB helper 2026-05-27 13:38:46 -04:00
middleware feat(mam-api): requireAuth middleware — session + bearer + idle/absolute timeout 2026-05-27 13:59:50 -04:00
routes fix(mam-api): real dummy bcrypt hash + log last_login_at failures 2026-05-27 14:35:59 -04:00
smoke.test.js chore(mam-api): wire node:test runner + test app + DB helper 2026-05-27 13:38:46 -04:00