Files
WealthySmart/backend/app
Carlos Escalante 15ea1ef4c2 Fail fast on missing or weak auth secrets; 7-day tokens
SECRET_KEY, ADMIN_USERNAME, and ADMIN_PASSWORD no longer have working
defaults: the backend refuses to boot if they are unset, default, or
weak (SEC-01). Token expiry drops from 30 to 7 days (SEC-05). New
COOKIE_SECURE (default true) and CORS_ORIGINS settings. Dev compose now
sources credentials from .env with required-var errors instead of
hardcoding them (ARCH-14); .env.example documents the template.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-09 19:13:19 -06:00
..