Weak JWT Secret Key

ISSUE_NUMBER: GH-002
## Description
The `JWT_SECRET` is read from the environment variable `JWT_SECRET`, but a default value `'your-secret-key'` is provided. This is a potential security risk because if the environment variable is not set, the application will use a weak secret key.
**File:** `repositories/jobflowapi/controllers/auth.py`
**Line:** 34
**Severity:** critical
### Current Behavior
The application uses a weak default JWT secret if the `JWT_SECRET` environment variable is not set.
### Expected Behavior
The application should either:
1.  Raise an exception and refuse to start if the `JWT_SECRET` environment variable is not set.
2.  Generate a strong, random secret key at startup if the environment variable is not set.
### Suggested Fix
Remove the default value for `JWT_SECRET` and raise an exception if the environment variable is not set.
### Code Context
```python
JWT_SECRET = os.getenv('JWT_SECRET', 'your-secret-key')
```
### Additional Notes
This is a critical security vulnerability that could allow attackers to forge JWT tokens.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Weak JWT Secret Key #44

Description

Current Behavior

Expected Behavior

Suggested Fix

Code Context

Additional Notes

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Weak JWT Secret Key #44

Description

Description

Current Behavior

Expected Behavior

Suggested Fix

Code Context

Additional Notes

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions