curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0af5e8cc24b22478ca65bf6bb417fd4e277561e4
Business-Management/backend/app/core/config.py
T
curo1305 0af5e8cc24 Harden JWT: 8-hour expiry, add JWT vulnerability checks 
- Reduce ACCESS_TOKEN_EXPIRE_MINUTES from 24h to 8h (no permanent sessions)
- Add JWT_PATTERNS to security_check.py: algorithm=none, verify_exp=False,
  multi-day timedelta, oversized EXPIRE_MINUTES, hardcoded secret
- Add JWT security checklist to security-auditor agent
- Document auth/session security items in TODO.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-13 22:54:53 +02:00

20 lines
499 B
Python
Raw Blame History

from pydantic_settings import BaseSettings
class Settings(BaseSettings):
PROJECT_NAME: str = "destroying_sap"
DATABASE_URL: str = "postgresql+asyncpg://postgres:password@localhost:5432/destroying_sap"
SECRET_KEY: str = "change-me-in-production"
ALGORITHM: str = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 8 # 8 hours — no permanent sessions
CORS_ORIGINS: list[str] = ["http://localhost:5173"]
class Config:
env_file = ".env"
settings = Settings()
Reference in New Issue View Git Blame Copy Permalink