git/postgres
1
0
Fork 0
mirror of https://github.com/johndoe6345789/postgres.git synced 2026-04-25 14:25:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add enhanced security: validate table names, require JWT_SECRET, improve query validation

Browse Source 
Co-authored-by: johndoe6345789 <224850594+johndoe6345789@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-08 01:29:48 +00:00
parent 8765b6c589
commit e4ec2b7d18
4 changed files with 71 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/utils/session.ts
View File

@@ -3,16 +3,12 @@ import { cookies } from 'next/headers';
const SESSION_COOKIE_NAME = 'admin-session';
// Get JWT secret and throw error if not provided in production
// Get JWT secret and throw error if not provided
function getJwtSecret(): Uint8Array {
const secret = process.env.JWT_SECRET;
if (!secret) {
if (process.env.NODE_ENV === 'production') {
throw new Error('JWT_SECRET environment variable is required in production');
}
console.warn('JWT_SECRET not set, using development default');
return new TextEncoder().encode('development-secret-change-in-production');
throw new Error('JWT_SECRET environment variable is required');
}
return new TextEncoder().encode(secret);