yusiboyz/platform
1
0
Fork 0
Code Issues 4 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(trips): enforce password protection on shared trips (#3)

Browse Source 
- handle_share_api now checks X-Share-Password header against bcrypt hash
  before returning trip data. Returns 401 with {protected: true} if password
  required but not provided/incorrect
- share_password now stored as bcrypt hash, not plaintext
- All plaintext password logging removed from handle_share_verify
- handle_share_verify uses bcrypt.checkpw instead of string equality
- Migration invalidates existing plaintext share passwords (< 50 chars)
- Removed dead hash_password function (used hashlib.sha256)
- Added bcrypt to trips Dockerfile

Closes #3
This commit is contained in:
Yusuf Suleman
2026-03-29 08:50:45 -05:00
parent 6bd23e7e8b
commit d700ba7569
3 changed files with 91 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/trips/Dockerfile
View File

@@ -4,7 +4,7 @@ WORKDIR /app
ENV PYTHONUNBUFFERED=1
RUN pip install --no-cache-dir PyPDF2
RUN pip install --no-cache-dir PyPDF2 bcrypt
COPY . .