various improvements and performance enhancements

backend/src/main/resources/application.yml

@@ -16,8 +16,8 @@ spring:
   
   servlet:
     multipart:
-      max-file-size: 250MB
-      max-request-size: 250MB
+      max-file-size: 10MB  # Reduced for security (was 250MB)
+      max-request-size: 15MB  # Slightly higher to account for form data
 
 server:
   port: 8080
@@ -28,10 +28,10 @@ storycove:
   cors:
     allowed-origins: ${STORYCOVE_CORS_ALLOWED_ORIGINS:http://localhost:3000,http://localhost:6925}
   jwt:
-    secret: ${JWT_SECRET:default-secret-key}
+    secret: ${JWT_SECRET}  # REQUIRED: Must be at least 32 characters, no default for security
     expiration: 86400000  # 24 hours
   auth:
-    password: ${APP_PASSWORD:admin}
+    password: ${APP_PASSWORD}  # REQUIRED: No default password for security
   typesense:
     api-key: ${TYPESENSE_API_KEY:xyz}
     host: ${TYPESENSE_HOST:localhost}
@@ -43,5 +43,7 @@ storycove:
 
 logging:
   level:
-    com.storycove: DEBUG
-    org.springframework.security: DEBUG
+    com.storycove: ${LOG_LEVEL:INFO}  # Use INFO for production, DEBUG for development
+    org.springframework.security: WARN  # Reduce security logging
+    org.springframework.web: WARN
+    org.hibernate.SQL: ${SQL_LOG_LEVEL:WARN}  # Control SQL logging separately