k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-21 06:11:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #179 from shanelord01/audit/remediation-clean

Browse Source 
Automated Security & Quality Audit via Claude Code
This commit is contained in:
Maurice
2026-03-31 20:53:48 +02:00
committed by GitHub
parent 1983691950 483190e7c1
commit f7160e6dec
28 changed files with 540 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/routes/auth.ts
+3 -3
View File
@@ -164,7 +164,7 @@ function generateToken(user: { id: number | bigint }) {
return jwt.sign(
{ id: user.id },
JWT_SECRET,
{ expiresIn: '24h' }
{ expiresIn: '24h', algorithm: 'HS256' }
);
}
@@ -321,7 +321,7 @@ router.post('/login', authLimiter, (req: Request, res: Response) => {
const mfa_token = jwt.sign(
{ id: Number(user.id), purpose: 'mfa_login' },
JWT_SECRET,
{ expiresIn: '5m' }
{ expiresIn: '5m', algorithm: 'HS256' }
);
return res.json({ mfa_required: true, mfa_token });
}
@@ -741,7 +741,7 @@ router.post('/mfa/verify-login', authLimiter, (req: Request, res: Response) => {
return res.status(400).json({ error: 'Verification token and code are required' });
}
try {
const decoded = jwt.verify(mfa_token, JWT_SECRET) as { id: number; purpose?: string };
const decoded = jwt.verify(mfa_token, JWT_SECRET, { algorithms: ['HS256'] }) as { id: number; purpose?: string };
if (decoded.purpose !== 'mfa_login') {
return res.status(401).json({ error: 'Invalid verification token' });
}