Merge pull request #179 from shanelord01/audit/remediation-clean

Automated Security & Quality Audit via Claude Code
2026-06-20 22:01:45 +00:00 · 2026-03-31 20:53:48 +02:00
parent 1983691950 483190e7c1
commit f7160e6dec
28 changed files with 540 additions and 81 deletions
@@ -90,7 +90,7 @@ function verifyToken(authHeader: string | undefined): User | null {

  // Short-lived JWT
  try {
-    const decoded = jwt.verify(token, JWT_SECRET) as { id: number };
+    const decoded = jwt.verify(token, JWT_SECRET, { algorithms: ['HS256'] }) as { id: number };
    const user = db.prepare(
      'SELECT id, username, email, role FROM users WHERE id = ?'
    ).get(decoded.id) as User | undefined;