joachim/coding-starter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Suppression-Check nutzt SHA256-Hash statt Klartext-E-Mail (Finding 1)

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Joachim Hummel
2026-04-17 17:36:11 +00:00
parent e5db71ead1
commit ee83705527
3 changed files with 45 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
migrations/pg/2026-04-17_suppression-list-hashed.sql Normal file
View File

@@ -0,0 +1,13 @@
-- Schritt 1: Hash-Spalte hinzufügen (additiv, kein Breaking Change)
ALTER TABLE suppression_list ADD COLUMN IF NOT EXISTS email_hash TEXT;
CREATE INDEX IF NOT EXISTS idx_suppression_list_email_hash ON suppression_list(email_hash);
-- Schritt 2: Bestehende Einträge hashen (PostgreSQL-native SHA256)
UPDATE suppression_list
SET email_hash = encode(sha256(lower(trim(email))::bytea), 'hex')
WHERE email_hash IS NULL;
-- Schritt 3 (nach Validierung separat ausführen):
-- ALTER TABLE suppression_list ALTER COLUMN email_hash SET NOT NULL;
-- ALTER TABLE suppression_list DROP COLUMN email;