From 689a398522a54acdcf883476d6063d139620da83 Mon Sep 17 00:00:00 2001
From: Yaqin <135983909+Yaqin23@users.noreply.github.com>
Date: Thu, 21 Aug 2025 22:45:57 +0100
Subject: [PATCH] Update app/config/config.py in branch Precogs-fix-k9lwcddc

---
 app/config/config.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/app/config/config.py b/app/config/config.py
index 37e7d26..c259ff5 100644
--- a/app/config/config.py
+++ b/app/config/config.py
@@ -3,7 +3,14 @@
 
 load_dotenv()
 
+import os
+
 class Config:
-    SECRET_KEY = os.getenv("SECRET_KEY", "default-secret-key")
-    DEBUG = os.getenv("DEBUG", False)
+    # FIX: Do not use a hardcoded default for SECRET_KEY. Raise an error if not set.
+    SECRET_KEY = os.getenv("SECRET_KEY")
+    if not SECRET_KEY:
+        raise RuntimeError("SECRET_KEY environment variable must be set and not empty!")
+    DEBUG = os.getenv("DEBUG", "False").lower() in ("true", "1", "yes")
     CORS_ORIGINS = os.getenv("CORS_ORIGINS", "*")
+
+# FIX EXPLANATION: The fix removes the insecure hardcoded default for SECRET_KEY and enforces that it must be set in the environment. This prevents accidental use of a known, weak key in any environment, ensuring cryptographic operations remain secure. Additionally, DEBUG is now parsed as a boolean for correctness.