feat: hash client secret

internal/apiservices/routes.go

@@ -79,9 +79,15 @@ func (h *ApiServicesHandler) Add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	hashSecret, err := util.HashPassword(clientSecret)
+	if err != nil {
+		web.Error(w, "failed to create client secret", http.StatusInternalServerError)
+		return
+	}
+
 	service, err := h.repo.CreateApiService(r.Context(), repository.CreateApiServiceParams{
 		ClientID:     clientId,
-		ClientSecret: clientSecret,
+		ClientSecret: hashSecret,
 		Name:         req.Name,
 		RedirectUris: req.RedirectUris,
 		Scopes:       req.Scopes,
@@ -94,6 +100,8 @@ func (h *ApiServicesHandler) Add(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 
+	service.ClientSecret = clientSecret
+
 	encoder := json.NewEncoder(w)
 	if err := encoder.Encode(service); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)