Document secure secrets and prune unused assets

2026-02-20 20:10:14 +00:00 · 2025-12-13 01:35:56 +08:00
parent c4bb32b163
commit 1adf30d476
28 changed files with 157 additions and 1451 deletions
--- a/backend/utils.py
+++ b/backend/utils.py
@@ -13,7 +13,10 @@ import os
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

 # JWT settings
-SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-this")
+SECRET_KEY = os.getenv("SECRET_KEY")
+if not SECRET_KEY or len(SECRET_KEY) < 32:
+    raise ValueError("SECRET_KEY must be set and at least 32 characters long")
+
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24 * 7  # 7 days