From 6007cf6740d3deec588a9ca31a78f8b55e056fbb Mon Sep 17 00:00:00 2001 From: rever-tecnologia Date: Fri, 5 Dec 2025 09:12:30 -0300 Subject: [PATCH] Fix USB policy token hash bug MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The getPendingUsbPolicy and reportUsbPolicyStatus functions were comparing the plain token against the tokenHash in the database, which would never match. Now properly hashing the token before database lookup. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- convex/usbPolicy.ts | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/convex/usbPolicy.ts b/convex/usbPolicy.ts index ed3fc8f..ae1dca8 100644 --- a/convex/usbPolicy.ts +++ b/convex/usbPolicy.ts @@ -1,9 +1,20 @@ import { v } from "convex/values" import { mutation, query } from "./_generated/server" import type { Id, Doc } from "./_generated/dataModel" +import { sha256 } from "@noble/hashes/sha256" const DEFAULT_TENANT_ID = "default" +function toHex(input: Uint8Array) { + return Array.from(input) + .map((b) => b.toString(16).padStart(2, "0")) + .join("") +} + +function hashToken(token: string) { + return toHex(sha256(token)) +} + export const USB_POLICY_VALUES = ["ALLOW", "BLOCK_ALL", "READONLY"] as const export type UsbPolicyValue = (typeof USB_POLICY_VALUES)[number] @@ -63,7 +74,7 @@ export const reportUsbPolicyStatus = mutation({ currentPolicy: v.optional(v.string()), }, handler: async (ctx, args) => { - const tokenHash = args.machineToken + const tokenHash = hashToken(args.machineToken) const tokenRecord = await ctx.db .query("machineTokens") @@ -139,7 +150,7 @@ export const getPendingUsbPolicy = query({ machineToken: v.string(), }, handler: async (ctx, args) => { - const tokenHash = args.machineToken + const tokenHash = hashToken(args.machineToken) const tokenRecord = await ctx.db .query("machineTokens")