README in German with universal framing (class, study group, cohort)
rather than INFO1-specific wording. MIT license. Update package.json
with description, keywords, repository URL, proper license field,
start script. Add .env.example documenting required environment
variables.
- Require JWT_SECRET env var (fatal exit if missing)
- Add helmet middleware with custom CSP
- Cookie Secure flag when NODE_ENV=production
- requireAuth re-verifies user.status from DB on every request
- class_events DELETE restricted to creator or admin
- Rate limit /register (5/hr) and PUT /me/password (5/15min)
- Password minimum 6 to 8 chars
- crudRoutes truncates strings to 1000 chars
- Remove application/octet-stream from allowed upload MIMEs
Simon