From 4becbcdea3ce3fc2350b32a5524f673fa00959d1 Mon Sep 17 00:00:00 2001
From: omicron <omicron.me@protonmail.com>
Date: Fri, 26 Dec 2025 23:12:06 +0100
Subject: [PATCH] Update auth validation code to hash incoming tokens

---
 mft/auth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mft/auth.py b/mft/auth.py
index c4c1fbc..307b25b 100644
--- a/mft/auth.py
+++ b/mft/auth.py
@@ -2,6 +2,7 @@ from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 
 from mft.database import get_db
+import hashlib
 
 
 security = HTTPBearer()
@@ -23,6 +24,7 @@ def verify_token(
         HTTPException: If token is invalid or disabled
     """
     token = credentials.credentials
+    token_hash = hashlib.sha256(token.encode()).hexdigest()
 
     with get_db() as conn:
         cursor = conn.cursor()
@@ -32,7 +34,7 @@ def verify_token(
             FROM auth
             WHERE token = ?
             """,
-            (token,),
+            (token_hash,),
         ).fetchone()
 
         if result is None or not result["enabled"]: