- Fix login/register to treat usernames case-insensitively (HeagBoKaT == heagbokat) using LOWER() in SQL with JS .toLowerCase() for Unicode safety - Add helmet for HTTP security headers and express-rate-limit on auth endpoints (20 req / 15 min) to prevent brute-force - Lock CORS to ALLOWED_ORIGIN env var; warn if JWT_SECRET is the default dev key - Serve built client/dist from Express so a single PM2 process handles everything - Add deploy.sh, README.md with full first-run and auto-restart instructions, and server/.env.example Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
399 B
399 B