max / makenotwork
| 1 | -- Per-user feed key version, folded into the personal-feed URL HMAC. |
| 2 | -- |
| 3 | -- The personal RSS feed URL (`/feed/{user_id}?v={version}&sig={hmac}`) is |
| 4 | -- authenticated by an HMAC over `feed:{user_id}:{version}`. Bumping this column |
| 5 | -- changes the signed message, so the user's previously-issued feed URL stops |
| 6 | -- verifying — a leaked or compromised feed link can be revoked in isolation |
| 7 | -- without rotating the global signing secret (which would invalidate EVERY |
| 8 | -- user's feed at once). Starts at 0; the "Regenerate feed URL" action in |
| 9 | -- dashboard settings increments it. |
| 10 | users |
| 11 | ADD COLUMN IF NOT EXISTS feed_key_version INTEGER NOT NULL DEFAULT 0; |
| 12 |