harheimertc/server/utils/passkey-recovery.js

import crypto from 'crypto'

export function hashRecoveryToken(token) {
  return crypto.createHash('sha256').update(String(token), 'utf8').digest('hex')
}

export function generateRecoveryToken() {
  // URL-safe (hex)
  return crypto.randomBytes(32).toString('hex')
}

export function pruneRecoveryTokens(user, maxTokens = 10) {
  const list = Array.isArray(user.passkeyRecoveryTokens) ? user.passkeyRecoveryTokens : []
  const now = Date.now()
  const filtered = list.filter(t => t && t.tokenHash && t.expiresAt && new Date(t.expiresAt).getTime() > now)
  // keep newest first
  filtered.sort((a, b) => new Date(b.createdAt || 0) - new Date(a.createdAt || 0))
  user.passkeyRecoveryTokens = filtered.slice(0, maxTokens)
  return user.passkeyRecoveryTokens
}