RegExp Regex for the public API token id (e.g. tok_abC0_d-3xyzA). Twelve
base64url characters after the tok_ prefix. Matches the format produced
by generate_api_token.
auth/api_token.ts
API token generation and hashing utilities.
Tokens use the format secret_fuz_token_<base64url> and are stored
as blake3 hashes. These are pure cryptographic operations with no
framework dependency — the bearer auth middleware that validates
tokens lives in auth/bearer_auth.ts.
Declarations #
5 declarations
API_TOKEN_ID_REGEX #
API_TOKEN_ID_REGEX
API_TOKEN_PREFIX #
API_TOKEN_PREFIX
"secret_fuz_token_" Prefix for all fuz API tokens (enables secret scanning).
ApiTokenId #
ApiTokenId
ZodString Zod schema for the public API token id.
generate_api_token #
generate_api_token
(): { token: string; id: string; token_hash: string; } Generate a new API token with its hash and public id.
The raw token is returned exactly once — callers must present it to the user immediately.
returns
{ token: string; id: string; token_hash: string; } the raw token, a public id, and the blake3 hash for storage
hash_api_token #
hash_api_token
(token: string): string Hash an API token for storage using blake3.
token
the raw API token
type
stringreturns
string hex-encoded blake3 hash