Skip to content

FOLLOW-UP: Generate bcrypt hashing for password fields (from PR #255) #256

New issue
New issue
Open
Open
FOLLOW-UP: Generate bcrypt hashing for password fields (from PR #255)#256
Labels
follow-upFollow-up task from PR reviewfrom-reviewIssue originated from PR review
@adnaan

Description

@adnaan
adnaan
opened on Mar 20, 2026

Context

This follow-up task was identified during the review of PR #255.

Source PR: #255
PR Title: feat: smart form validation with field types and HTML5 attrs
Suggested by: @claude[bot] (mentioned in 3 separate reviews)

Task Description

The password field type maps to SQLType: "TEXT" and the generated AddInput/UpdateInput structs pass the raw password string directly to the DB insert/update query. There is no hashing step generated anywhere in the handler.

Developers scaffolding a resource with secret:password will likely ship plaintext passwords unless they manually add hashing.

Options

  1. Generate a // TODO: hash this field with bcrypt before storing comment adjacent to any password field in the handler
  2. Generate the bcrypt.GenerateFromPassword call inline and add the golang.org/x/crypto/bcrypt import
  3. Generate a hashPassword() helper function in the handler

Option 2 or 3 is preferred since TODO comments are easily missed.

Original Comment

The generated handler stores the password value directly into the database with no hashing. The password type maps to SQLType: "TEXT" and the generated AddInput / UpdateInput structs will pass the raw string straight to the insert/update query.

This issue was automatically created by prmonitor from PR review comments.

Metadata

Metadata

Assignees

No one assigned

    Labels

    follow-upFollow-up task from PR reviewfrom-reviewIssue originated from PR review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions