feat: update local authentication mode to require a non-placeholder token of at least 50 characters

2026-02-11 19:30:25 +05:30
parent b87f56de7a
commit 571b4844d9
18 changed files with 363 additions and 54 deletions
--- a/docs/deployment/README.md
+++ b/docs/deployment/README.md
@@ -32,6 +32,9 @@ From repo root:
 ```bash
 cp .env.example .env

+# REQUIRED for local mode:
+# set LOCAL_AUTH_TOKEN in .env to a non-placeholder value with at least 50 characters.
+
 docker compose -f compose.yml --env-file .env up -d --build
 ```

@@ -125,7 +128,7 @@ Set in `.env` (repo root):

 ```env
 AUTH_MODE=local
-LOCAL_AUTH_TOKEN=replace-with-strong-random-token
+LOCAL_AUTH_TOKEN=replace-with-random-token-at-least-50-characters
 ```

 Set frontend mode (optional override in `frontend/.env`):
--- a/docs/production/README.md
+++ b/docs/production/README.md
@@ -60,7 +60,7 @@ Recommended approach:
 Secrets guidelines:

 - Choose auth mode explicitly:
-  - `AUTH_MODE=local`: set a strong `LOCAL_AUTH_TOKEN`
+  - `AUTH_MODE=local`: set `LOCAL_AUTH_TOKEN` to a random value with at least 50 characters
  - `AUTH_MODE=clerk`: configure Clerk keys
 - Never commit `LOCAL_AUTH_TOKEN` or Clerk secret key.
 - Prefer passing secrets as environment variables from the host (or use Docker secrets if you later