Fix case-insensitive auth and harden for production

- Fix login/register to treat usernames case-insensitively (HeagBoKaT == heagbokat) using LOWER() in SQL with JS .toLowerCase() for Unicode safety
- Add helmet for HTTP security headers and express-rate-limit on auth endpoints (20 req / 15 min) to prevent brute-force
- Lock CORS to ALLOWED_ORIGIN env var; warn if JWT_SECRET is the default dev key
- Serve built client/dist from Express so a single PM2 process handles everything
- Add deploy.sh, README.md with full first-run and auto-restart instructions, and server/.env.example

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-06-25 23:29:06 +03:00
parent 68c17b16fe
commit e0247bc288
9 changed files with 231 additions and 16 deletions

20
deploy.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
set -e
echo "==> Pulling latest changes..."
git pull
echo "==> Installing server dependencies..."
npm install --prefix server
echo "==> Installing client dependencies..."
npm install --prefix client
echo "==> Building client..."
npm run build
echo "==> Restarting PM2 process..."
sudo pm2 restart cats
sudo pm2 save
echo "==> Done! Site updated at http://cats.heagbokat-server.ru"