fix: strengthen password security - increase bcrypt rounds to 14, add notNull constraint to password field, add pull_policy to docker-compose

docker-compose.prod.yml

@@ -3,6 +3,7 @@ services:
     image: postgres:16-alpine
     container_name: wishlist-postgres
     restart: unless-stopped
+    pull_policy: always
     environment:
       POSTGRES_USER: ${POSTGRES_USER}
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}

src/lib/server/schema.ts

@@ -11,7 +11,7 @@ export const users = pgTable('user', {
 	email: text('email').unique(),
 	emailVerified: timestamp('emailVerified', { mode: 'date' }),
 	image: text('image'),
-	password: text('password'),
+	password: text('password').notNull(),
 	username: text('username').unique(),
 	dashboardTheme: text('dashboard_theme').default('none'),
 	dashboardColor: text('dashboard_color'),

src/routes/signup/+page.server.ts

@@ -62,7 +62,7 @@ export const actions: Actions = {
 			return fail(400, { error: 'Username already taken', name, username });
 		}
 
-		const hashedPassword = await bcrypt.hash(password, 10);
+		const hashedPassword = await bcrypt.hash(password, 14);
 
 		await db.insert(users).values({
 			name: sanitizedName,