Passwords are hashed with bcrypt; JWTs are signed with JWT_SECRET (set a long random value in production — see the comment in .env.example). ALLOWED_ORIGINS in .env whitelists exactly which domains ...
A full-featured REST API for a Twitter-like social media platform built with FastAPI and MySQL.