goodgo-platform

admin/goodgo-platform

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ho Ngoc Hai	402b5b6810	fix(auth): remove hardcoded JWT fallback secret — fail fast on missing env var The auth module fell back to a publicly-known secret string when JWT_SECRET was unset, creating a critical authentication bypass risk. Both jwt.strategy.ts and auth.module.ts now throw at startup if JWT_SECRET is missing. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-08 04:01:21 +07:00
Ho Ngoc Hai	e1e5fa6252	feat: scaffold monorepo with Turborepo + NestJS + Next.js - Turborepo monorepo with pnpm workspaces - apps/api: NestJS 11.x with CQRS module - apps/web: Next.js 14 App Router + TailwindCSS - src/modules/shared: base entities, Result pattern, value objects - TypeScript 5.7+ strict mode, shared tsconfig base - Build pipeline: dev, build, lint, test, typecheck Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-07 23:52:33 +07:00

Author

SHA1

Message

Date

Ho Ngoc Hai

402b5b6810

fix(auth): remove hardcoded JWT fallback secret — fail fast on missing env var

The auth module fell back to a publicly-known secret string when JWT_SECRET
was unset, creating a critical authentication bypass risk. Both jwt.strategy.ts
and auth.module.ts now throw at startup if JWT_SECRET is missing.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-08 04:01:21 +07:00

Ho Ngoc Hai

e1e5fa6252

feat: scaffold monorepo with Turborepo + NestJS + Next.js

- Turborepo monorepo with pnpm workspaces
- apps/api: NestJS 11.x with CQRS module
- apps/web: Next.js 14 App Router + TailwindCSS
- src/modules/shared: base entities, Result pattern, value objects
- TypeScript 5.7+ strict mode, shared tsconfig base
- Build pipeline: dev, build, lint, test, typecheck

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-07 23:52:33 +07:00

2 Commits