Update auth validation code to hash incoming tokens

2025-12-26 23:12:06 +01:00
parent 4f6e5cd33a
commit 4becbcdea3
1 changed files with 3 additions and 1 deletions
--- a/mft/auth.py
+++ b/mft/auth.py
@@ -2,6 +2,7 @@ from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials

 from mft.database import get_db
+import hashlib


 security = HTTPBearer()
@@ -23,6 +24,7 @@ def verify_token(
        HTTPException: If token is invalid or disabled
    """
    token = credentials.credentials
+    token_hash = hashlib.sha256(token.encode()).hexdigest()

    with get_db() as conn:
        cursor = conn.cursor()
@@ -32,7 +34,7 @@ def verify_token(
            FROM auth
            WHERE token = ?
            """,
-            (token,),
+            (token_hash,),
        ).fetchone()

        if result is None or not result["enabled"]: