feat(auth): harden token lifecycle and password policy

2026-03-19 14:51:18 +08:00
parent 41a83d2805
commit a78d0dc2db
26 changed files with 1047 additions and 53 deletions
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@@ -23,8 +23,9 @@ spring:

 app:
  jwt:
-    secret: change-me-change-me-change-me-change-me
-    expiration-seconds: 86400
+    secret: ${APP_JWT_SECRET:}
+    access-expiration-seconds: 900
+    refresh-expiration-seconds: 1209600
  storage:
    root-dir: ./storage
    max-file-size: 524288000