MHSanaei 4813a2fe00 fix(api-token): hash tokens at rest and show plaintext only once ... Store API tokens as SHA-256 hashes instead of plaintext and return the token value only in the create response. List no longer exposes the token, and the UI drops the Show/Copy buttons in favor of a one-time reveal modal at creation. Match hashes the presented bearer token before the constant-time compare, and a migration hashes any pre-existing plaintext rows in place so existing tokens keep authenticating. Docs and translations updated.		2026-06-03 22:57:50 +02:00
..
controller	fix(nodes): Set Cert from Panel uses the node's own web cert for node inbounds	2026-06-03 16:41:02 +02:00
entity	fix(settings): allow pagination size of 0 to disable pagination	2026-06-02 14:54:11 +02:00
global	Feat/multi inbound clients (#4469)	2026-05-19 12:20:24 +02:00
job	fix(online): scope per-inbound online to inbounds that carried traffic	2026-06-03 16:19:00 +02:00
locale	v3	2026-05-10 02:13:42 +02:00
middleware	feat: complete Zod migration of frontend + bulk client batching (#4599)	2026-05-27 04:26:50 +02:00
network	docs: add comments for all functions	2025-09-20 09:35:50 +02:00
runtime	fix(nodes): Set Cert from Panel uses the node's own web cert for node inbounds	2026-06-03 16:41:02 +02:00
service	fix(api-token): hash tokens at rest and show plaintext only once	2026-06-03 22:57:50 +02:00
session	Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)	2026-05-13 12:52:52 +02:00
translation	fix(api-token): hash tokens at rest and show plaintext only once	2026-06-03 22:57:50 +02:00
websocket	fix(websocket): order register/unregister via single ops channel	2026-05-19 12:34:53 +02:00
web.go	feat(dashboard): more System History metrics, persistence & localized labels	2026-06-03 12:16:31 +02:00