add registration security: bcrypt secret key, length validation, duplicate check, rate limiting

2026-06-25 11:55:55 +03:00
parent efe68ef9a2
commit 6797f3d3c8
6 changed files with 172 additions and 19 deletions
@@ -11,5 +11,5 @@ POSTGRES_USER="postgres"
 POSTGRES_PASSWORD="postgres"
 # TOKEN_LIFETIME in minutes
 TOKEN_LIFETIME=600
-# Secret key for registration (MD5 hash of this key must be sent by the user)
-REGISTRATION_SECRET_KEY=FtracKer*1405.
+# Secret key for registration (bcrypt hash, client sends plaintext)
+REGISTRATION_SECRET_KEY=$2a$10$mSo1MvV6U7GazfxceLFDl.gBNPm6lnjClWYsFQesx0SalObvBLIF6