cccb3123ed
- Add Redis-based sliding window rate limiting on login, register, forgot-password, reset-password - Fix user enumeration: register returns generic 200 for both new and existing emails - Add Redis authentication (requirepass) and password in .env - Docker network isolation: postgres/redis on internal-only network - Whitelist Stripe redirect origins (prevent open redirect) - Add 10MB request size limit on trace ingestion - Limit API keys to 10 per user - Add CORS headers via middleware (whitelist agentlens.vectry.tech + localhost) - Reduce JWT max age from 30 days to 7 days
10 lines
208 B
TypeScript
10 lines
208 B
TypeScript
import type { NextAuthConfig } from "next-auth";
|
|
|
|
export default {
|
|
providers: [],
|
|
session: { strategy: "jwt", maxAge: 7 * 24 * 60 * 60 },
|
|
pages: {
|
|
signIn: "/login",
|
|
},
|
|
} satisfies NextAuthConfig;
|