62 lines
8.1 KiB
Plaintext
62 lines
8.1 KiB
Plaintext
# Sensitive Data Handling - 20251123-104210
|
|
== Password storage columns ==
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/005_schema_separation.up.sql:124:-- "user=%s password=%s dbname=%s host=%s sslmode=%s search_path=%s",
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/005_schema_separation.up.sql:125:-- user, password, name, host, sslMode, schema
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:14:CREATE TYPE identity_type AS ENUM ('email_password', 'blockchain_address', 'did');
|
|
|
|
== bcrypt/hash usage (password hashing) ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:483: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:492: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:502: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:591: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:650: blockchain_tx_hash = $10, ipfs_document_cid = $11, notes = $12
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:754: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:763: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:788: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:798: p.blockchain_tx_hash, p.blockchain_network, p.payment_processor, p.processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:862: transaction_id, blockchain_tx_hash, blockchain_network,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:887: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:77: // Test hashing
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:78: hashed, err := hashPassword(password)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:80: t.Fatalf("hashPassword() error = %v", err)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:83: if hashed == "" {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:84: t.Error("hashPassword() returned empty string")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:87: if hashed == password {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:88: t.Error("hashPassword() did not hash the password")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:92: if !checkPasswordHash(password, hashed) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:97: if checkPasswordHash("wrongPassword", hashed) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:26: "golang.org/x/crypto/bcrypt"
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:170: maxPasswordLength = 72 // bcrypt limit
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:619: passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:621: http.Error(w, "Failed to hash password", http.StatusInternalServerError)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:848: if err := bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(req.Password)); err != nil {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1088: passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1090: http.Error(w, "Failed to hash password", http.StatusInternalServerError)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1416: // Hash the token before storing (we only store the hash)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1417: tokenHash, err := bcrypt.GenerateFromPassword([]byte(token), bcrypt.DefaultCost)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1419: return "", fmt.Errorf("failed to hash refresh token: %w", err)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1424: // Store hashed token in database
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1426: INSERT INTO refresh_tokens (user_id, token_hash, expires_at, client_ip, created_at)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1443: SELECT id, user_id, token_hash
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1459: // Compare token with hash
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1460: if bcrypt.CompareHashAndPassword([]byte(tokenHash), []byte(token)) == nil {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1591:func hashPassword(password string) (string, error) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1592: hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1596: return string(hash), nil
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1599:func checkPasswordHash(password, hash string) bool {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1600: return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
|
|
|
|
== Encryption columns ==
|
|
No encryption found
|
|
|
|
== PII columns (email, phone, address, ssn) ==
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:5: email VARCHAR(255) UNIQUE, -- Nullable for blockchain-only users
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:10:-- Create index on email for faster lookups
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:11:CREATE INDEX idx_users_email ON users(email) WHERE email IS NOT NULL;
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:14:CREATE TYPE identity_type AS ENUM ('email_password', 'blockchain_address', 'did');
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:21: identifier VARCHAR(500) NOT NULL, -- Email, blockchain address, or DID
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:73: user_email VARCHAR(255), -- Denormalized for when user is deleted
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:77: ip_address INET,
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:198: req.email AS requester_email,
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:201: cli.email AS client_email,
|