fix(security): add JWT_SECRET validation at startup

Server now validates that JWT_SECRET environment variable exists and has at least 32 characters before starting. This prevents the server from running with weak or missing JWT secrets. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-26 16:42:30 -08:00 · 2026-01-26 16:42:30 -08:00 · e90518a629
commit e90518a629
parent a74d6d5e92
1 changed files with 8 additions and 0 deletions
--- a/backend/src/index.js
+++ b/backend/src/index.js
@ -1,4 +1,12 @@
 require('dotenv').config();
+
+// ============ SECURITY VALIDATION ============
+// Validate JWT_SECRET at startup
+if (!process.env.JWT_SECRET || process.env.JWT_SECRET.length < 32) {
+  console.error('JWT_SECRET must be at least 32 characters!');
+  process.exit(1);
+}
+
 const express = require('express');
 const cors = require('cors');
 const helmet = require('helmet');