Auto-generate JWT_SECRET in all environments

No more crash on missing JWT_SECRET. A random secret is generated automatically with a warning that sessions won't persist across restarts.
2026-03-19 00:29:38 +01:00
parent 393f77850b
commit 2cad77c8fb
1 changed files with 1 additions and 5 deletions
--- a/server/src/config.js
+++ b/server/src/config.js
@@ -3,12 +3,8 @@ const crypto = require('crypto');
 let JWT_SECRET = process.env.JWT_SECRET;

 if (!JWT_SECRET) {
-  if (process.env.NODE_ENV === 'production') {
-    console.error('FATAL: JWT_SECRET environment variable is required in production.');
-    process.exit(1);
-  }
  JWT_SECRET = crypto.randomBytes(32).toString('hex');
-  console.warn('WARNING: No JWT_SECRET set — using auto-generated secret. Sessions will reset on server restart.');
+  console.warn('WARNING: No JWT_SECRET set — using auto-generated secret. Sessions will reset on server restart. Set JWT_SECRET for persistent sessions.');
 }

 module.exports = { JWT_SECRET };