fix shit

backend/src/app.js

@@ -28,7 +28,6 @@ const PORT = process.env.PORT || 5000;
 app.set('trust proxy', 1);
 
 // Security middleware
-// Loosen CSP slightly to support CRA dev server/HMR behind proxy
 app.use(helmet({
   contentSecurityPolicy: {
     directives: {
@@ -37,9 +36,7 @@ app.use(helmet({
       styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
       fontSrc: ["'self'", "https://fonts.gstatic.com"],
       imgSrc: ["'self'", "data:", "https://maps.googleapis.com", "https://maps.gstatic.com"],
-      connectSrc: ["'self'", "https:", "wss:", "ws:", "https://api.openweathermap.org"],
-      // Allow eval for development source maps if needed (not for production)
-      // 'unsafe-eval' is not added here by default
+      connectSrc: ["'self'", "https://api.openweathermap.org"]
     }
   }
 }));
@@ -54,18 +51,13 @@ const limiter = rateLimit({
 });
 app.use(limiter);
 
-// Stricter rate limiting for auth routes (but skip harmless public checks)
+// Stricter rate limiting for auth routes
 const authLimiter = rateLimit({
   windowMs: 15 * 60 * 1000, // 15 minutes
-  max: parseInt(process.env.AUTH_RATE_LIMIT_MAX || '2000', 10),
+  max: 200, // Increased to 200 auth requests per 15 minutes for development
   message: 'Too many authentication attempts, please try again later.',
   standardHeaders: true,
   legacyHeaders: false,
-  skip: (req) => {
-    // Skip rate limiting for public, low-risk endpoints that the UI may poll
-    const p = req.path || '';
-    return p === '/registration-status' || p.startsWith('/authentik');
-  }
 });
 
 // Middleware

docker-compose.yml

@@ -11,19 +11,11 @@ services:
     build:
       context: ./frontend
       dockerfile: Dockerfile
-    command: >-
-      sh -lc "
-      if [ ! -d node_modules ] || [ -z \"$(ls -A node_modules 2>/dev/null)\" ]; then
-        echo '[frontend] Installing dependencies...';
-        npm install --silent;
-      fi;
-      npm start
-      "
     environment:
       - REACT_APP_API_URL=https://turftracker.kaspers.us/api
     volumes:
       - ./frontend:/app
-      - frontend_node_modules:/app/node_modules
+      - /app/node_modules
     depends_on:
       - backend
     networks:
@@ -43,14 +35,6 @@ services:
     build:
       context: ./backend
       dockerfile: Dockerfile
-    command: >-
-      sh -lc "
-      if [ ! -d node_modules ] || [ -z \"$(ls -A node_modules 2>/dev/null)\" ]; then
-        echo '[backend] Installing production dependencies...';
-        npm install --only=production --silent;
-      fi;
-      npm start
-      "
     environment:
       - NODE_ENV=development
       - DB_HOST=db
@@ -67,7 +51,7 @@ services:
       - FRONTEND_URL=https://turftracker.kaspers.us
     volumes:
       - ./backend:/app
-      - backend_node_modules:/app/node_modules
+      - /app/node_modules
     depends_on:
       - db
     networks:
@@ -115,5 +99,3 @@ services:
 
 volumes:
   postgres_data:
-  frontend_node_modules:
-  backend_node_modules:

frontend/Dockerfile

@@ -28,4 +28,4 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
   CMD node healthcheck.js
 
 # Start the application
-CMD ["npm", "start"]
+CMD ["npm", "start"]