fix(security): fail fast when download HMAC secret is missing

Resolves the issue where getSecret() silently fell back to the literal
string "dev-secret" when neither DOWNLOAD_SIGNING_SECRET nor
SUPABASE_SECRET_KEY was set. Because the codebase is public, that
fallback let anyone forge valid /download/:token signatures against a
mis-configured deployment.

- Throw at first call instead of returning the hardcoded string, with a
  message pointing the operator at `openssl rand -hex 32`.
- Document DOWNLOAD_SIGNING_SECRET in backend/.env.example so deployers
  following the README know to set it (and that it should be distinct
  from SUPABASE_SECRET_KEY).

Closes #7

backend/.env.example

@@ -1,5 +1,10 @@
 PORT=3001
 FRONTEND_URL=http://localhost:3000
+
+# HMAC key used to sign /download/:token URLs. Required at startup.
+# Generate with: openssl rand -hex 32
+# Use a dedicated secret distinct from SUPABASE_SECRET_KEY.
+DOWNLOAD_SIGNING_SECRET=replace-with-a-random-32-byte-hex-string
 SUPABASE_URL=https://your-project.supabase.co
 SUPABASE_SECRET_KEY=your-supabase-service-role-key
 

backend/src/lib/downloadTokens.ts

@@ -10,11 +10,16 @@ import crypto from "crypto";
  */
 
 function getSecret(): string {
-    return (
+    const secret =
         process.env.DOWNLOAD_SIGNING_SECRET ??
-        process.env.SUPABASE_SECRET_KEY ??
-        "dev-secret"
-    );
+        process.env.SUPABASE_SECRET_KEY;
+    if (!secret) {
+        throw new Error(
+            "DOWNLOAD_SIGNING_SECRET (or SUPABASE_SECRET_KEY as a fallback) must be set. " +
+                "Generate a strong random value (e.g. `openssl rand -hex 32`) and set it in the environment.",
+        );
+    }
+    return secret;
 }
 
 function b64urlEncode(buf: Buffer): string {