[TILES-PW-2] PLU-672: crypto-related helpers

[pregnantboy]

Changes

Added authentication utilities for tile password hashing and view token management with JWT-based session tokens.

What changed?

Created auth-tiles.ts helper module with functions for:

• Password hashing using scrypt with tiles viewOnlyKey as salt (hashTilePassword, verifyTilePassword)
• Random token nonce generation (generateTokenNonce)
• JWT view token creation and verification (generateViewToken, verifyViewToken)

The view tokens include tileId, viewOnlyKey, and tokenNonce in the payload and expire after 24 hours. Password hashes are automatically invalidated when the viewOnlyKey or passwordNonce changes since it's used as the salt.

How to test?

Covered by unit tests

• Correct and incorrect password verification
• Valid and invalid view token scenarios (wrong parameters, malformed tokens, expired tokens, wrong signing secret)
• Edge cases like non-JWT errors

[pregnantboy]

• [TILES-PW-8] PLU-672: PR comments and styling changes #1463
• [TILES-PW-7] PLU-672: additional security #1459
• [TILES-PW-6] PLU-672: tiles password settings on frontend #1458
• [TILES-PW-5] PLU-672: (frontend) password prompt page #1457
• [TILES-PW-5] PLU-672: Error handling refactor #1456
• [TILES-PW-4] PLU-672: auth for mutations #1452
• [TILES-PW-3] PLU-672: backend mutations #1451
• [TILES-PW-2] PLU-672: crypto-related helpers #1450 👈 (View in Graphite)
• [TILES-PW-1] PLU-672: DB schema #1449
• develop-v2

This stack of pull requests is managed by Graphite. Learn more about stacking.

[linear]

PLU-672 Password protection for Tile shareable link

[kevinkim-ogp]

other than the comment from graphite, lgtm!

[pregnantboy]

Merge activity

• Mar 10, 6:25 AM UTC: A user started a stack merge that includes this pull request via Graphite.
• Mar 10, 6:27 AM UTC: A user started a stack merge that includes this pull request via Graphite.
• Mar 10, 6:29 AM UTC: Graphite rebased this pull request as part of a merge.
• Mar 10, 6:29 AM UTC: The Graphite merge of this pull request was cancelled.
• Mar 10, 6:29 AM UTC: @pregnantboy merged this pull request with Graphite.