refactor: Consolidate JWT module configuration into a shared module

[Xhristin3]

Problem Statement

JwtModule is registered independently in two modules with different fallback secrets:

• api/src/auth/auth.module.ts:12 — secret: process.env.JWT_SECRET ?? "dev-secret-change-me"
• api/src/gateways/gateways.module.ts:15 — secret: secret ?? "dev-insecure-secret-change-me"

Two different secrets, two JwtModule instances, two signOption configs. The GatewaysModule uses registerAsync while AuthModule uses register.

Evidence

// AuthModule: 15min expiry
JwtModule.register({ secret: process.env.JWT_SECRET ?? "dev-secret-change-me", signOptions: { expiresIn: "15m" } })

// GatewaysModule: 1h expiry, async registration
JwtModule.registerAsync({ useFactory: () => { ... return { secret: secret ?? "dev-insecure-secret-change-me", signOptions: { expiresIn: "1h" } } } })

Impact

Maintenance burden, inconsistent expiry times (auth tokens 15min vs gateway verification expecting 1h), and two fallback secrets. If either module's config is updated independently, JWTs may be rejected by one but accepted by the other.

Proposed Solution

1. Create api/src/config/jwt.config.ts with a shared JwtModule.registerAsync factory
2. Import this shared config in both AuthModule and GatewaysModule
3. Use consistent expiry (15min for access tokens)
4. Single source of truth for JWT secret

Acceptance Criteria

• Single JWT configuration factory used by both modules
• Consistent token expiry across all JWT consumers
• No duplicate fallback secrets
• All existing auth and WebSocket tests pass

File Map

• api/src/config/jwt.config.ts — new shared config
• api/src/auth/auth.module.ts — use shared config
• api/src/gateways/gateways.module.ts — use shared config

---

Labels: refactoring
Priority: Medium | Difficulty: Intermediate | Estimated Effort: 1d

---

Labels: refactoring
Priority: Medium | Difficulty: Intermediate | Estimated Effort: 1d
Backlog ID: REPO-022

[shadrach68]

I would like to work on this issue because I am a full-stack developer skilled in both frontend and backend development. I focus on identifying root causes and delivering clean, efficient, and maintainable solutions, with thorough testing to ensure reliable results.

[Meet-hybrid]

CAN I WORK ON THIS PLEASE?

[OlaGreat]

I'd like to take this on.

I'm a software engineer with experience in blockchain, backend systems, and open-source contribution. I've reviewed the issue and I'm confident I can deliver a clean implementation with tests covering the acceptance criteria. Happy to follow the project's existing conventions.