mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-07-24 15:49:39 +02:00
9336719242
- Replace API keys with OAuth2 tokens for mobile apps - Add device tracking and management for mobile sessions - Implement 30-day token expiration with refresh tokens - Add MFA/2FA support for mobile login - Create dedicated auth endpoints (signup/login/refresh) - Skip CSRF protection for API endpoints - Return plaintext tokens (not hashed) in responses - Track devices with unique IDs and metadata - Enable seamless native mobile experience without OAuth redirects This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
6 lines
183 B
Ruby
6 lines
183 B
Ruby
class AddSourceToApiKeys < ActiveRecord::Migration[7.2]
|
|
def change
|
|
add_column :api_keys, :source, :string, default: "web"
|
|
add_index :api_keys, [:user_id, :source]
|
|
end
|
|
end
|