taiars/nora - nora - Gitea: Git with a cup of tea

taiars/nora

Fork 0

mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 15:00:31 +00:00

Commit Graph

Author	SHA1	Message	Date
DevITWay \| Pavel Volkov	432e8d35af	security: migrate token hashing from SHA256 to Argon2id (#55 ) * docs: add DCO, governance model, roles, vulnerability credit policy * security: migrate token hashing from SHA256 to Argon2id - Replace unsalted SHA256 with Argon2id (salted) for API token hashing - Fix TOCTOU race: replace exists()+read() with read()+match on error - Set chmod 600 on token files and 700 on token storage directory - Auto-migrate legacy SHA256 tokens to Argon2id on first verification - Add regression tests: argon2 format, legacy migration, file permissions	2026-03-24 22:56:43 +00:00
DevITWay	f82e252e39	docs: add CONTRIBUTING.md and SECURITY.md	2026-01-31 12:39:41 +00:00

Author

SHA1

Message

Date

DevITWay | Pavel Volkov

432e8d35af

security: migrate token hashing from SHA256 to Argon2id (#55 )

* docs: add DCO, governance model, roles, vulnerability credit policy

* security: migrate token hashing from SHA256 to Argon2id

- Replace unsalted SHA256 with Argon2id (salted) for API token hashing
- Fix TOCTOU race: replace exists()+read() with read()+match on error
- Set chmod 600 on token files and 700 on token storage directory
- Auto-migrate legacy SHA256 tokens to Argon2id on first verification
- Add regression tests: argon2 format, legacy migration, file permissions

2026-03-24 22:56:43 +00:00

DevITWay

f82e252e39

docs: add CONTRIBUTING.md and SECURITY.md

2026-01-31 12:39:41 +00:00

2 Commits