Ole-Morten Duesund
ef02b3f585
New CLI: bun run reset-password <email> Two modes selected interactively: - Recovery mode: if you still have the user's recovery code, unwrap the existing DEK with it and re-wrap with the new password. No data loss; the recovery code stays valid (mirrors /auth/recovery-complete). - Nuke mode: if both password AND recovery code are gone, generate a fresh DEK + new recovery code (printed once), and DELETE the user's private activities — their ciphertext is permanently unrecoverable. Public/semi/friends rows and engagement (hearts/bookmarks/done) are preserved. Both modes invalidate the user's sessions. Password length matches the signup/recovery rule (12 chars min). Wrong-recovery-code path aborts before any DB writes. Hand-rolled line reader sidesteps a Bun quirk where node:readline only delivers the first answer when stdin is piped. Also expand README's "Deployment" section: container snippet stays, plus new subsections for env vars, TLS termination (with a Caddyfile example), backup/restore via sqlite3 .backup, the /api/health healthcheck, upgrade flow, and a walkthrough of the reset CLI. |
||
|---|---|---|
| .. | ||
| activities.ts | ||
| admin.ts | ||
| auth.ts | ||
| db.ts | ||
| feedback.ts | ||
| friends.ts | ||
| index.ts | ||
| invites.ts | ||
| og.ts | ||
| reset-password.ts | ||
| roles.ts | ||
| session.ts | ||
| settings.ts | ||
| tags.ts | ||
| users.ts | ||