Commit
feat(security): Add audit logging and secure password reset tokens
Commit details
Commit notes
Admin Audit Logging: - Add audit-log service for tracking sensitive operations - Log admin user deletion actions with details - Log admin payout processing actions - Stores events in analytics_events table with structured metadata
Password Reset Token Security: - Hash tokens before database storage using SHA-256 - Store hash instead of plaintext token (prevents DB leak exposure) - Hash incoming token before lookup (timing-safe verification) - Use generateSecureToken(32) for 256-bit entropy
Both changes address HIGH priority items from security review.
Co-authored-by: armin.naimi <[email redacted]>
- Files changed
- 4
- Lines added
- +329
- Lines removed
- −10