add default value for jwt secret only on dev

.example.env

@@ -7,8 +7,8 @@ SITE_NAME=Kutt
 # The domain that this website is on
 DEFAULT_DOMAIN=localhost:3000
 
-# A passphrase to encrypt JWT. Use a long and secure key.
-JWT_SECRET=securekey
+# A passphrase to encrypt JWT. Use a random long string.
+JWT_SECRET=
 
 # Database client. Available clients for the supported databases:
 # pg | pg-native | sqlite3 | better-sqlite3 | mysql | mysql2 | oracledb | tedious

server/env.js

@@ -34,7 +34,7 @@ const env = cleanEnv(process.env, {
   DISALLOW_REGISTRATION: bool({ default: true }),
   SERVER_IP_ADDRESS: str({ default: "" }),
   CUSTOM_DOMAIN_USE_HTTPS: bool({ default: false }),
-  JWT_SECRET: str(),
+  JWT_SECRET: str({ devDefault: "securekey" }),
   GOOGLE_SAFE_BROWSING_KEY: str({ default: "" }),
   MAIL_ENABLED: bool({ default: false }),
   MAIL_HOST: str({ default: "" }),