No description

Mitchell R bacf1d2fcb fix: use deterministic HKDF key for cookie signing ... cookieMac was using encryptString which generates a random IV per call, making the HMAC key non-deterministic. Cookie signed at login could never verify on subsequent requests. Now uses deriveKey(info) which uses HKDF — deterministic for same server key.		2026-05-10 02:59:04 +02:00
scripts	adding initial project	2026-05-10 01:09:13 +02:00
server	fix: use deterministic HKDF key for cookie signing	2026-05-10 02:59:04 +02:00
.gitignore	adding initial project	2026-05-10 01:09:13 +02:00
package-lock.json	build fixes for bsb	2026-05-10 01:46:11 +02:00
package.json	adding initial project	2026-05-10 01:09:13 +02:00
sec-config.yaml	fix: add cookieName and totpIssuer to sec-config explicitly	2026-05-10 02:55:21 +02:00
tsconfig.base.json	adding initial project	2026-05-10 01:09:13 +02:00