kasperj/turftracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

asdlfk

Browse Source
This commit is contained in:
Jake Kasper
2025-09-02 07:28:28 -05:00
parent 4476c6f6f7
commit 714f90bb1a
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
backend/src/app.js
View File

@@ -28,6 +28,7 @@ const PORT = process.env.PORT || 5000;
app.set('trust proxy', 1); app.set('trust proxy', 1);
// Security middleware // Security middleware
// Loosen CSP slightly to support CRA dev server/HMR behind proxy
app.use(helmet({ app.use(helmet({
contentSecurityPolicy: { contentSecurityPolicy: {
directives: { directives: {
@@ -36,7 +37,9 @@ app.use(helmet({
styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"], styleSrc: ["'self'", "'unsafe-inline'", "https://fonts.googleapis.com"],
fontSrc: ["'self'", "https://fonts.gstatic.com"], fontSrc: ["'self'", "https://fonts.gstatic.com"],
imgSrc: ["'self'", "data:", "https://maps.googleapis.com", "https://maps.gstatic.com"], imgSrc: ["'self'", "data:", "https://maps.googleapis.com", "https://maps.gstatic.com"],
connectSrc: ["'self'", "https://api.openweathermap.org"] connectSrc: ["'self'", "https:", "wss:", "ws:", "https://api.openweathermap.org"],
// Allow eval for development source maps if needed (not for production)
// 'unsafe-eval' is not added here by default
} }
} }
})); }));
@@ -51,13 +54,18 @@ const limiter = rateLimit({
}); });
app.use(limiter); app.use(limiter);
// Stricter rate limiting for auth routes // Stricter rate limiting for auth routes (but skip harmless public checks)
const authLimiter = rateLimit({ const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes windowMs: 15 * 60 * 1000, // 15 minutes
max: 200, // Increased to 200 auth requests per 15 minutes for development max: parseInt(process.env.AUTH_RATE_LIMIT_MAX || '2000', 10),
message: 'Too many authentication attempts, please try again later.', message: 'Too many authentication attempts, please try again later.',
standardHeaders: true, standardHeaders: true,
legacyHeaders: false, legacyHeaders: false,
skip: (req) => {
// Skip rate limiting for public, low-risk endpoints that the UI may poll
const p = req.path || '';
return p === '/registration-status' || p.startsWith('/authentik');
}
}); });
// Middleware // Middleware
@@ -118,4 +126,4 @@ process.on('SIGINT', () => {
app.listen(PORT, '0.0.0.0', () => { app.listen(PORT, '0.0.0.0', () => {
console.log(`TurfTracker API server running on port ${PORT}`); console.log(`TurfTracker API server running on port ${PORT}`);
console.log(`Environment: ${process.env.NODE_ENV || 'development'}`); console.log(`Environment: ${process.env.NODE_ENV || 'development'}`);
}); });

4
docker-compose.yml
View File

@@ -67,7 +67,7 @@ services:
- FRONTEND_URL=https://turftracker.kaspers.us - FRONTEND_URL=https://turftracker.kaspers.us
volumes: volumes:
- ./backend:/app - ./backend:/app
- /app/node_modules - backend_node_modules:/app/node_modules
depends_on: depends_on:
- db - db
networks: networks:
@@ -105,7 +105,7 @@ services:
- FLYWAY_USER=${DB_USER:-turftracker} - FLYWAY_USER=${DB_USER:-turftracker}
- FLYWAY_PASSWORD=${DB_PASSWORD:-password123} - FLYWAY_PASSWORD=${DB_PASSWORD:-password123}
# Uncomment if you need to baseline an existing DB without schema history # Uncomment if you need to baseline an existing DB without schema history
# - FLYWAY_BASELINE_ON_MIGRATE=true - FLYWAY_BASELINE_ON_MIGRATE=true
command: -locations=filesystem:/migrations migrate command: -locations=filesystem:/migrations migrate
volumes: volumes:
- ./database/migrations:/migrations:ro - ./database/migrations:/migrations:ro