Added checks to session secret.

src/config.js

@@ -27,22 +27,26 @@ function loadConfig() {
 
     const envConfig = config[NODE_ENV];
 
-    // Override secrets with environment variables if available
-    if (process.env.KEYCLOAK_CLIENT_SECRET) {
+    // Ensure auth config exists
     if (!envConfig.auth) {
       envConfig.auth = {};
     }
     if (!envConfig.auth.keycloak) {
       envConfig.auth.keycloak = {};
     }
+
+    // Override secrets with environment variables if available
+    if (process.env.KEYCLOAK_CLIENT_SECRET) {
       envConfig.auth.keycloak.clientSecret = process.env.KEYCLOAK_CLIENT_SECRET;
     }
 
+    // Session secret must be set - use env var or throw error
     if (process.env.SESSION_SECRET) {
-      if (!envConfig.auth) {
-        envConfig.auth = {};
-      }
       envConfig.auth.sessionSecret = process.env.SESSION_SECRET;
+    } else if (!envConfig.auth.sessionSecret) {
+      throw new Error(
+        'SESSION_SECRET environment variable is required. Please set SESSION_SECRET in your environment.'
+      );
     }
 
     return envConfig;