gabriel / musehub public
fix BREAKING fix/auth-challenge-db #1 / 1
gabriel · 70 days ago · Apr 10, 2026 · Diff

fix: store auth challenges in Postgres for blue-green deploy resilience

Replace process-local in-memory dict (_pending_challenges) with a musehub_auth_challenges Postgres table. Any server instance can now verify a challenge regardless of which slot issued it.

Changes: - Add MusehubAuthChallenge ORM model (musehub_auth_models.py) - Alembic migration 0039 creates musehub_auth_challenges table - create_challenge() is now async and takes a session param - verify_and_authenticate() queries + deletes the challenge row atomically - Route handler awaits create_challenge(session, ...) - 6 new regression tests covering persistence, single-use, replay prevention, expiry, and blue-green session isolation - type-contracts.md updated

sha256:23300e4e38936ac3fdea561219b3aca3f34c6d87b897b03d44a0151341e5a3ec sha
sha256:ef9852f4c3bb67522bf604ae2291e505e93eec18bd202eceff295fbadda8cd79 parent
sha256:4baaaeca24fc2f30bbaa8300c275e334cb4e8dc512a0b4557c220dbcaa73387f snapshot
← Older Oldest on fix/auth-challenge-db
All commits
Newer → Latest on fix/auth-challenge-db

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:23300e4e38936ac3fdea561219b3aca3f34c6d87b897b03d44a0151341e5a3ec --body "your comment"