auth/api_token.ts

API token generation and hashing utilities.
Tokens use the format secret_fuz_token_<base64url> and are stored
as blake3 hashes. These are pure cryptographic operations with no
framework dependency — the bearer auth middleware that validates
tokens lives in bearer_auth.ts.

Declarations
#

3 declarations

view source

API_TOKEN_PREFIX
#

auth/api_token.ts view source

"secret_fuz_token_"

Prefix for all fuz API tokens (enables secret scanning).

generate_api_token
#

auth/api_token.ts view source

(): { token: string; id: string; token_hash: string; }

Generate a new API token with its hash and public id.
The raw token is returned exactly once — callers must present it
to the user immediately.

returns

{ token: string; id: string; token_hash: string; }

the raw token, a public id, and the blake3 hash for storage

hash_api_token
#

auth/api_token.ts view source

(token: string): string

Hash an API token for storage using blake3.

`token`

the raw API token

type string

returns

string

hex-encoded blake3 hash

Depends on
#

crypto.ts