From 96fad1a4e78c7209e5a0f3496e8b59d591fbe500 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Sun, 15 Feb 2026 11:12:50 +0900
Subject: refactor(auth): replace JWT authentication with server-side sessions

Migrate from stateless JWT tokens to server-side session management
backed by PostgreSQL. Sessions are hashed with SHA-256 before storage,
cleaned up periodically, and invalidated on logout. This removes the
need for JWT_SECRET/COOKIE_SECRET environment variables and the
golang-jwt dependency.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 docs/DEV.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'docs/DEV.md')

diff --git a/docs/DEV.md b/docs/DEV.md
index c8a4686..be9aede 100644
--- a/docs/DEV.md
+++ b/docs/DEV.md
@@ -10,17 +10,15 @@
 
 * Docker
 * Docker Compose
-* Node.js 20.0.0 or later
+* Node.js 22 or later
 * Npm
-* Go 1.22.3 or later
+* Go 1.25 or later
 
 # Run
 
 1. Clone the repository.
 1. `cd path/to/the/repo`
-1. Copy `.env.example` to `.env` and configure:
-    * `ALBATROSS_JWT_SECRET`: Secret key for JWT tokens
-    * `ALBATROSS_COOKIE_SECRET`: Secret key for cookies
+1. Copy `.env.example` to `.env`.
 1. `direnv allow .` (optional)
 1. `just init`
 1. `just up`
-- 
cgit v1.3.1