From ca43e4aee8872d9cb0c8f90cb7f273df4705563b Mon Sep 17 00:00:00 2001
From: rmoren97 <richardmoreno6697@gmail.com>
Date: Sat, 7 Feb 2026 15:33:08 -0800
Subject: [PATCH] updates

---
 src/lib/auth.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index 2b38cff..c000520 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -19,7 +19,7 @@ export async function verifyPassword(password: string, hashedPassword: string):
 // ─── JWT Tokens ──────────────────────────────────────────────────
 
 export function generateAccessToken(payload: SessionPayload): string {
-  return jwt.sign(payload, process.env.JWT_SECRET!, { expiresIn: '1h' })
+  return jwt.sign(payload, process.env.JWT_ACCESS_SECRET!, { expiresIn: '1h' })
 }
 
 export function generateRefreshToken(payload: SessionPayload): string {
@@ -28,7 +28,7 @@ export function generateRefreshToken(payload: SessionPayload): string {
 
 export function verifyAccessToken(token: string): SessionPayload | null {
   try {
-    return jwt.verify(token, process.env.JWT_SECRET!) as SessionPayload
+    return jwt.verify(token, process.env.JWT_ACCESS_SECRET!) as SessionPayload
   } catch {
     return null
   }
@@ -49,7 +49,7 @@ export function generate2FACode(): string {
 }
 
 export function hash2FACode(code: string): string {
-  const hmac = crypto.createHmac('sha256', process.env.JWT_SECRET!)
+  const hmac = crypto.createHmac('sha256', process.env.TWO_FACTOR_SECRET!)
   hmac.update(code)
   return hmac.digest('hex')
 }