From dd8c453c547168b7c67ef30537fac6587f42e3f4 Mon Sep 17 00:00:00 2001
From: LandaMm <qwer.009771@gmail.com>
Date: Sun, 25 May 2025 16:43:17 +0200
Subject: [PATCH] feat: hash client secret

---
 internal/apiservices/routes.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/internal/apiservices/routes.go b/internal/apiservices/routes.go
index 74eca64..e76d2e2 100644
--- a/internal/apiservices/routes.go
+++ b/internal/apiservices/routes.go
@@ -79,9 +79,15 @@ func (h *ApiServicesHandler) Add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	hashSecret, err := util.HashPassword(clientSecret)
+	if err != nil {
+		web.Error(w, "failed to create client secret", http.StatusInternalServerError)
+		return
+	}
+
 	service, err := h.repo.CreateApiService(r.Context(), repository.CreateApiServiceParams{
 		ClientID:     clientId,
-		ClientSecret: clientSecret,
+		ClientSecret: hashSecret,
 		Name:         req.Name,
 		RedirectUris: req.RedirectUris,
 		Scopes:       req.Scopes,
@@ -94,6 +100,8 @@ func (h *ApiServicesHandler) Add(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 
+	service.ClientSecret = clientSecret
+
 	encoder := json.NewEncoder(w)
 	if err := encoder.Encode(service); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)