mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 22:00:31 +00:00
DevITWay | Pavel Volkov
432e8d35af
* docs: add DCO, governance model, roles, vulnerability credit policy * security: migrate token hashing from SHA256 to Argon2id - Replace unsalted SHA256 with Argon2id (salted) for API token hashing - Fix TOCTOU race: replace exists()+read() with read()+match on error - Set chmod 600 on token files and 700 on token storage directory - Auto-migrate legacy SHA256 tokens to Argon2id on first verification - Add regression tests: argon2 format, legacy migration, file permissions
1.5 KiB
1.5 KiB