generatePasswordResetToken static method

Implementation

static Future<String?> generatePasswordResetToken(String email) async {
  final qb = QueryBuilder(table: config.table);
  final user = await qb.where(config.emailColumn, '=', email).first();

  if (user == null) {
    return null; // Don't reveal if user exists
  }
  await ensureFrameworkTablesExist();
  // Generate a secure random token
  final token = Hashing()
      .hash(DateTime.now().millisecondsSinceEpoch.toString() + email);
  final tokenHash =
      Hashing().hash(token); // Store hashed version for security

  // Store token in database with expiry (1 hour)
  final expiresAt = DateTime.now().add(Duration(hours: 1)).toIso8601String();

  await QueryBuilder(table: 'password_reset_tokens').insert({
    'email': email,
    'token': tokenHash,
    'expires_at': expiresAt,
    'created_at': DateTime.now().toIso8601String(),
  });

  return token;
}