Add utils package with Web Crypto password hashing

- Create @reviq/utils package with PBKDF2-SHA256 password hashing compatible with Cloudflare Workers (uses crypto.subtle) - Update api-server and CLI to use new utils package for consistent password hashing format across the codebase - Add pino logging to api-server for better request debugging - Make login request tokens cryptographically secure base58 strings instead of database IDs - Add migration to make login_requests.token non-nullable with unique constraint - Fix RPCLink URL construction for client-side API calls - Add db:codegen script to root package.json Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 18:12:33 +08:00
parent cee700f063
commit c1afc39062
25 changed files with 512 additions and 142 deletions
--- a/apps/api-server/package.json
+++ b/apps/api-server/package.json
@@ -15,13 +15,16 @@
  "dependencies": {
    "@formatjs/intl-durationformat": "^0.9.2",
    "@noble/hashes": "^2.0.1",
+    "@orpc/experimental-pino": "^1.13.2",
    "@orpc/server": "^1.13.2",
    "@reviq/api-contract": "workspace:*",
    "@reviq/db": "workspace:*",
    "@reviq/db-schema": "workspace:*",
+    "@reviq/utils": "workspace:*",
    "@simplewebauthn/server": "^13.2.2",
    "@simplewebauthn/types": "^12.0.0",
    "kysely": "^0.28.2",
+    "pino": "^10.1.0",
    "postmark": "^4.0.5",
    "zxcvbn": "^4.4.2"
  },
@@ -34,6 +37,7 @@
    "@types/zxcvbn": "^4.4.5",
    "eslint": "catalog:",
    "pg": "^8.16.3",
+    "pino-pretty": "^13.1.3",
    "typescript": "catalog:"
  }
 }