Commit Graph

3 Commits

Author SHA1 Message Date
julien 6245d1eabd fix(auth): replace fixed-salt bcrypt with HMAC-SHA256 for API key hashing
bcrypt with a fixed salt is deterministic but defeats the purpose of
bcrypt salting. API keys are high-entropy UUIDs (128 bits), making
brute-force resistance unnecessary — HMAC-SHA256 with the app secret
is the correct primitive for deterministic, secure key hashing.

Also fixes application.author.id → application.authorId in the API key
auth path, which was silently setting req.payload.id to undefined.
2026-04-26 20:31:06 +02:00
julien ba2899f683 Mise à jour de middlewares 2025-11-30 17:49:32 +01:00
julien 60feffd929 Refactoring et ajout de routes Hero Wars 2025-11-27 10:50:17 +01:00