add registration security: bcrypt secret key, length validation, duplicate check, rate limiting

2026-06-25 11:55:55 +03:00
parent efe68ef9a2
commit 6797f3d3c8
6 changed files with 172 additions and 19 deletions
@@ -11,5 +11,5 @@ POSTGRES_USER="user"
 POSTGRES_PASSWORD="pwd"
 # TOKEN_LIFETIME in minutes
 TOKEN_LIFETIME=600
-# Secret key for registration (MD5 hash of this key must be sent by the user)
-REGISTRATION_SECRET_KEY=reg
+# Secret key for registration (bcrypt hash, client sends plaintext key)
+REGISTRATION_SECRET_KEY=$2a$10$example.bcrypt.hash.here