HyperSpaceOut/jackboxpartypack-gamepicker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden secret handling: remove weak fallback defaults, fail fast on missing env vars

Browse Source 
JWT_SECRET and ADMIN_KEY no longer fall back to insecure defaults.
The app will throw at startup if these env vars are not set.
docker-compose.yml now uses :? syntax to require them.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
cottongin
2026-02-07 14:07:09 -05:00
parent 5cf5901001
commit 974f0e4a67
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/middleware/auth.js
View File

@@ -1,6 +1,9 @@
const jwt = require('jsonwebtoken');
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production';
if (!process.env.JWT_SECRET) {
throw new Error('JWT_SECRET environment variable is required');
}
const JWT_SECRET = process.env.JWT_SECRET;
function authenticateToken(req, res, next) {
const authHeader = req.headers['authorization'];