* Derives a stable, opaque user ID from an API key. * Uses the first 16 hex chars of SHA-256(key) — short enough to be readable, * long enough to be unique.
(apiKey: string)
| 140 | * long enough to be unique. |
| 141 | */ |
| 142 | function deriveUserId(apiKey: string): string { |
| 143 | return createHash("sha256").update(apiKey).digest("hex").slice(0, 16); |
| 144 | } |
| 145 | |
| 146 | // Fallback inline login page used when public/login.html is not present. |
| 147 | const INLINE_LOGIN_HTML = `<!DOCTYPE html> |