Add utils package with Web Crypto password hashing

- Create @reviq/utils package with PBKDF2-SHA256 password hashing compatible with Cloudflare Workers (uses crypto.subtle) - Update api-server and CLI to use new utils package for consistent password hashing format across the codebase - Add pino logging to api-server for better request debugging - Make login request tokens cryptographically secure base58 strings instead of database IDs - Add migration to make login_requests.token non-nullable with unique constraint - Fix RPCLink URL construction for client-side API calls - Add db:codegen script to root package.json Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 18:12:33 +08:00
parent cee700f063
commit c1afc39062
25 changed files with 512 additions and 142 deletions
--- a/apps/api-server/src/index.ts
+++ b/apps/api-server/src/index.ts
@@ -1,6 +1,8 @@
 import type { APIContext } from "./context.js";
+import { LoggingHandlerPlugin } from "@orpc/experimental-pino";
 import { RPCHandler } from "@orpc/server/fetch";
 import { createDb } from "@reviq/db";
+import pino from "pino";
 import {
  DEFAULT_PORT,
  DEFAULT_RP_NAME,
@@ -8,8 +10,24 @@ import {
 } from "./constants.js";
 import { router } from "./router.js";

+const logger = pino({
+  transport: {
+    target: "pino-pretty",
+    options: {
+      colorize: true,
+    },
+  },
+});
+
 const db = createDb();
-const handler = new RPCHandler(router);
+const handler = new RPCHandler(router, {
+  plugins: [
+    new LoggingHandlerPlugin({
+      logger,
+      logRequestResponse: true,
+    }),
+  ],
+});

 const port = Bun.env.PORT ?? DEFAULT_PORT;
 const allowedOrigins = getAllowedOrigins();
@@ -56,4 +74,4 @@ Bun.serve({
  },
 });

-console.log("API server running on port", port);
+logger.info({ port }, "API server running");