Trek_CN/server/src/db
jubnl b515880adb
fix: encrypt Immich API key at rest using AES-256-GCM
Per-user Immich API keys were stored as plaintext in the users table,
giving any attacker with DB read access full control over each user's
Immich photo server. Keys are now encrypted on write with
maybe_encrypt_api_key() and decrypted at the point of use via a shared
getImmichCredentials() helper. A new migration (index 66) back-fills
encryption for any existing plaintext values on startup.
2026-04-01 07:57:29 +02:00
..
database.ts fix: route db helper functions through the null-safe proxy 2026-04-01 07:56:01 +02:00
migrations.ts fix: encrypt Immich API key at rest using AES-256-GCM 2026-04-01 07:57:29 +02:00
schema.ts feat: configurable trip reminders, admin full access, and enhanced audit logging 2026-03-31 22:23:38 +03:00
seeds.ts feat: configurable trip reminders, admin full access, and enhanced audit logging 2026-03-31 22:23:38 +03:00