fix: resolve 7 audit issues - webhook tokens, cookie security, avatar save, TUI fallback, dead code, valkey default
This commit is contained in:
@@ -189,6 +189,9 @@ CREATE INDEX IF NOT EXISTS idx_webhooks_token ON webhooks(token);
|
||||
ALTER TABLE webhooks ADD COLUMN IF NOT EXISTS token_hash VARCHAR(64);
|
||||
CREATE INDEX IF NOT EXISTS idx_webhooks_token_hash ON webhooks(token_hash);
|
||||
|
||||
-- Drop plaintext token column — token_hash is the only stored credential
|
||||
ALTER TABLE webhooks DROP COLUMN IF EXISTS token;
|
||||
|
||||
-- Ensure reply_to column exists on messages (added after initial table creation)
|
||||
ALTER TABLE messages ADD COLUMN IF NOT EXISTS reply_to UUID REFERENCES messages(id) ON DELETE SET NULL;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user