asdlfk
This commit is contained in:
Jake Kasper
@@ -28,6 +28,7 @@ const PORT = process.env.PORT || 5000;
|
||||
app.set('trust proxy', 1);
|
||||
|
||||
// Security middleware
|
||||
// Loosen CSP slightly to support CRA dev server/HMR behind proxy
|
||||
app.use(helmet({
|
||||
contentSecurityPolicy: {
|
||||
directives: {
|
||||
@@ -36,7 +37,9 @@ app.use(helmet({
|
||||
styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
|
||||
fontSrc: ["'self'", "https://fonts.gstatic.com"],
|
||||
imgSrc: ["'self'", "data:", "https://maps.googleapis.com", "https://maps.gstatic.com"],
|
||||
connectSrc: ["'self'", "https://api.openweathermap.org"]
|
||||
connectSrc: ["'self'", "https:", "wss:", "ws:", "https://api.openweathermap.org"],
|
||||
// Allow eval for development source maps if needed (not for production)
|
||||
// 'unsafe-eval' is not added here by default
|
||||
}
|
||||
}
|
||||
}));
|
||||
@@ -51,13 +54,18 @@ const limiter = rateLimit({
|
||||
});
|
||||
app.use(limiter);
|
||||
|
||||
// Stricter rate limiting for auth routes
|
||||
// Stricter rate limiting for auth routes (but skip harmless public checks)
|
||||
const authLimiter = rateLimit({
|
||||
windowMs: 15 * 60 * 1000, // 15 minutes
|
||||
max: 200, // Increased to 200 auth requests per 15 minutes for development
|
||||
max: parseInt(process.env.AUTH_RATE_LIMIT_MAX || '2000', 10),
|
||||
message: 'Too many authentication attempts, please try again later.',
|
||||
standardHeaders: true,
|
||||
legacyHeaders: false,
|
||||
skip: (req) => {
|
||||
// Skip rate limiting for public, low-risk endpoints that the UI may poll
|
||||
const p = req.path || '';
|
||||
return p === '/registration-status' || p.startsWith('/authentik');
|
||||
}
|
||||
});
|
||||
|
||||
// Middleware
|
||||
@@ -118,4 +126,4 @@ process.on('SIGINT', () => {
|
||||
app.listen(PORT, '0.0.0.0', () => {
|
||||
console.log(`TurfTracker API server running on port ${PORT}`);
|
||||
console.log(`Environment: ${process.env.NODE_ENV || 'development'}`);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -67,7 +67,7 @@ services:
|
||||
- FRONTEND_URL=https://turftracker.kaspers.us
|
||||
volumes:
|
||||
- ./backend:/app
|
||||
- /app/node_modules
|
||||
- backend_node_modules:/app/node_modules
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
@@ -105,7 +105,7 @@ services:
|
||||
- FLYWAY_USER=${DB_USER:-turftracker}
|
||||
- FLYWAY_PASSWORD=${DB_PASSWORD:-password123}
|
||||
# Uncomment if you need to baseline an existing DB without schema history
|
||||
# - FLYWAY_BASELINE_ON_MIGRATE=true
|
||||
- FLYWAY_BASELINE_ON_MIGRATE=true
|
||||
command: -locations=filesystem:/migrations migrate
|
||||
volumes:
|
||||
- ./database/migrations:/migrations:ro
|
||||
|
||||
Reference in New Issue
Block a user