updates

Backend/src/security/middleware/auth.py

@@ -50,6 +50,18 @@ def get_jwt_secret() -> str:
         else:
             logger.warning(error_msg)
     
+    # SECURITY: Validate JWT secret entropy (check for predictable patterns)
+    # Check if secret appears to be randomly generated (not a simple pattern)
+    if len(set(jwt_secret)) < len(jwt_secret) * 0.3:  # Less than 30% unique characters suggests low entropy
+        error_msg = 'JWT_SECRET appears to have low entropy. Please use a randomly generated secret.'
+        import logging
+        logger = logging.getLogger(__name__)
+        logger.error(error_msg)
+        if settings.is_production:
+            raise ValueError(error_msg)
+        else:
+            logger.warning(error_msg)
+    
     return jwt_secret
 
 def get_current_user(