Change API token prefix to XVDAI_

- Update token format to 'XVDAI_' + 26-char hex random part - Total token length exactly 32 characters - Maintain JWT mapping for security

Change API token prefix to XVDAI_
- Update token format to 'XVDAI_' + 26-char hex random part - Total token length exactly 32 characters - Maintain JWT mapping for security
ac4b73e0 · Stefy Lanza (nextime / spora ) · 815159e6 · ac4b73e0
Commit ac4b73e0 authored Oct 06, 2025 by Stefy Lanza (nextime / spora )
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 2 deletions

database.py vidai/database.py +9 -2

No files found.
--- a/vidai/database.py
+++ b/vidai/database.py
@@ -1110,8 +1110,8 @@ def create_user_api_token(user_id: int, name: str) -> str:
    secret_key = os.environ.get('JWT_SECRET_KEY', 'vidai-jwt-secret-key-change-in-production')
    jwt_token = jwt.encode(payload, secret_key, algorithm='HS256')

-    # Generate short public token
-    short_token = secrets.token_urlsafe(16)
+    # Generate short public token with prefix
+    short_token = f"XVDAI_{secrets.token_hex(13)}"

    conn = get_db_connection()
    cursor = conn.cursor()
@@ -1130,6 +1130,13 @@ def validate_user_api_token(token: str) -> Optional[Dict[str, Any]]:
    """Validate user API token and return user info."""
    import jwt

+    # Extract short token from prefixed token
+    if token.startswith('XVDAI_'):
+        short_token = token[7:]
+    else:
+        # For backward compatibility or invalid format
+        return None
+
    # Find JWT by short token
    conn = get_db_connection()
    cursor = conn.cursor()