fix: production readiness bugfix batch

- Security: JWT fallback removed, auth checks on unprotected endpoints
- Build: tsconfig excludes tests, ESLint flat config fixed
- Money: Cashout deducts balance in transaction, UI refreshes
- Core Chat: Nur page wired to send/receive messages
- Profile: Replaced hardcoded data with useAuth()
- Forum: Fixed thread detail query, premium check on posts
- Misc: /dua→/prayer, forum thread API handles ?id= param

QA gate: pending
This commit is contained in:
FalahMobile
2026-07-06 20:20:31 +08:00
parent 9f33038c37
commit d7b2d19359
13 changed files with 382 additions and 53 deletions
+4 -1
View File
@@ -1,7 +1,10 @@
import { SignJWT, jwtVerify } from 'jose'
import bcrypt from 'bcryptjs'
const JWT_SECRET = process.env.JWT_SECRET || 'dev-secret-fallback'
const JWT_SECRET = process.env.JWT_SECRET
if (!JWT_SECRET && process.env.NODE_ENV === 'production') {
throw new Error('JWT_SECRET environment variable is required in production')
}
const secret = new TextEncoder().encode(JWT_SECRET)
export function hashPassword(password: string): string {