Ho Ngoc Hai 402b5b6810 fix(auth): remove hardcoded JWT fallback secret — fail fast on missing env var ...

The auth module fell back to a publicly-known secret string when JWT_SECRET
was unset, creating a critical authentication bypass risk. Both jwt.strategy.ts
and auth.module.ts now throw at startup if JWT_SECRET is missing.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-08 04:01:21 +07:00

3.0 KiB

Raw Blame History

View Raw