[Feature Request] Update API key generation to use argon2id

[matoszz]

Similar to the way we persist a hash of the user's inputted password here, we should update the API token and Personal Access Tokens schema and token creation to leverage the same hashing.

You can use utils.CreateDerivedKey, the same way the user password is done today:

core/internal/ent/hooks/user.go

Line 49 in b6d81f2

hash, err := passwd.CreateDerivedKey(password)

Instead of a hook here, you would update the default function on both the api and personal access token schemas, e.g. here on api tokens

core/internal/ent/schema/apitoken.go

Line 63 in b6d81f2

token := keygen.PrefixedSecret("tola") // api token prefix

Additionally, the auth middleware needs to be updated to use derived key instead of the token in the request:

core/pkg/middleware/auth/auth.go

Line 289 in b6d81f2

func checkToken(ctx context.Context, conf *Options, token, orgFromHeader string) (*auth.AuthenticatedUser, string, error) {

Example from user password login:

core/internal/httpserve/handlers/login.go

Lines 59 to 63 in b6d81f2

	valid, err := passwd.VerifyDerivedKey(*user.Password, req.Password)
	if err != nil || !valid {
	metrics.RecordLogin(false)
	return h.BadRequest(ctx, rout.ErrInvalidCredentials, openapi)
	}

[Achiket123]

Hey @golanglemonade can i get assigned to this as well ? ☝️

[golanglemonade]

Definitely @Achiket123! 🙏

[golanglemonade]

Closing in favor of #1475