From 9823dc35e12327e5a37535bb79d9353b4a4bef73 Mon Sep 17 00:00:00 2001
From: Luis Pater <webmaster@idotorg.org>
Date: Tue, 20 Jan 2026 11:37:52 +0800
Subject: [PATCH] feat(auth): hash account ID for improved uniqueness in
 credential filenames

---
 internal/api/handlers/management/auth_files.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/internal/api/handlers/management/auth_files.go b/internal/api/handlers/management/auth_files.go
index e018a054..63e75d88 100644
--- a/internal/api/handlers/management/auth_files.go
+++ b/internal/api/handlers/management/auth_files.go
@@ -3,6 +3,8 @@ package management
 import (
 	"bytes"
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -1389,6 +1391,11 @@ func (h *Handler) RequestCodexToken(c *gin.Context) {
 			accountID = claims.GetAccountID()
 			planType = strings.TrimSpace(claims.CodexAuthInfo.ChatgptPlanType)
 		}
+		hashAccountID := ""
+		if accountID != "" {
+			digest := sha256.Sum256([]byte(accountID))
+			hashAccountID = hex.EncodeToString(digest[:])[:8]
+		}
 		// Build bundle compatible with existing storage
 		bundle := &codex.CodexAuthBundle{
 			TokenData: codex.CodexTokenData{
@@ -1404,7 +1411,7 @@ func (h *Handler) RequestCodexToken(c *gin.Context) {
 
 		// Create token storage and persist
 		tokenStorage := openaiAuth.CreateTokenStorage(bundle)
-		fileName := codex.CredentialFileName(tokenStorage.Email, planType, true)
+		fileName := codex.CredentialFileName(tokenStorage.Email, planType, hashAccountID, true)
 		record := &coreauth.Auth{
 			ID:       fileName,
 			Provider: "codex",