Trek_CN/server
jubnl b515880adb
fix: encrypt Immich API key at rest using AES-256-GCM
Per-user Immich API keys were stored as plaintext in the users table,
giving any attacker with DB read access full control over each user's
Immich photo server. Keys are now encrypted on write with
maybe_encrypt_api_key() and decrypted at the point of use via a shared
getImmichCredentials() helper. A new migration (index 66) back-fills
encryption for any existing plaintext values on startup.
2026-04-01 07:57:29 +02:00
..
public Merge branch 'perf-test' of https://github.com/jubnl/TREK into dev 2026-03-31 23:10:02 +02:00
src fix: encrypt Immich API key at rest using AES-256-GCM 2026-04-01 07:57:29 +02:00
.env.example fix: replace JWT tokens in URL query params with short-lived ephemeral tokens 2026-04-01 07:57:14 +02:00
package-lock.json Merge branch 'pr-125' 2026-03-30 23:10:34 +02:00
package.json Merge branch 'pr-125' 2026-03-30 23:10:34 +02:00
reset-admin.js Stabilize core: better-sqlite3, versioned migrations, graceful shutdown 2026-03-22 17:52:24 +01:00
tsconfig.json some fixes 2026-03-30 06:59:24 +02:00