mirror of
https://github.com/escalante29/WealthySmart.git
synced 2026-07-17 10:08:46 +02:00
Fail fast on missing or weak auth secrets; 7-day tokens
SECRET_KEY, ADMIN_USERNAME, and ADMIN_PASSWORD no longer have working defaults: the backend refuses to boot if they are unset, default, or weak (SEC-01). Token expiry drops from 30 to 7 days (SEC-05). New COOKIE_SECURE (default true) and CORS_ORIGINS settings. Dev compose now sources credentials from .env with required-var errors instead of hardcoding them (ARCH-14); .env.example documents the template. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -13,6 +13,10 @@ Personal finance management web app.
|
||||
cd frontend && pnpm install && pnpm run dev
|
||||
```
|
||||
|
||||
The backend refuses to boot without `SECRET_KEY`, `ADMIN_USERNAME`, and
|
||||
`ADMIN_PASSWORD` (no insecure defaults). Copy `.env.example` to `.env` and fill
|
||||
it in; the dev docker-compose reads it.
|
||||
|
||||
## Local Docker
|
||||
|
||||
```bash
|
||||
|
||||
Reference in New Issue
Block a user