fix: resolve 7 audit issues - webhook tokens, cookie security, avatar save, TUI fallback, dead code, valkey default

This commit is contained in:
2026-06-30 13:29:34 -04:00
parent 6f43e4f3a0
commit 2caedc172b
9 changed files with 41 additions and 103 deletions
+3
View File
@@ -189,6 +189,9 @@ CREATE INDEX IF NOT EXISTS idx_webhooks_token ON webhooks(token);
ALTER TABLE webhooks ADD COLUMN IF NOT EXISTS token_hash VARCHAR(64);
CREATE INDEX IF NOT EXISTS idx_webhooks_token_hash ON webhooks(token_hash);
-- Drop plaintext token column — token_hash is the only stored credential
ALTER TABLE webhooks DROP COLUMN IF EXISTS token;
-- Ensure reply_to column exists on messages (added after initial table creation)
ALTER TABLE messages ADD COLUMN IF NOT EXISTS reply_to UUID REFERENCES messages(id) ON DELETE SET NULL;