Fix case-insensitive auth and harden for production
- Fix login/register to treat usernames case-insensitively (HeagBoKaT == heagbokat) using LOWER() in SQL with JS .toLowerCase() for Unicode safety - Add helmet for HTTP security headers and express-rate-limit on auth endpoints (20 req / 15 min) to prevent brute-force - Lock CORS to ALLOWED_ORIGIN env var; warn if JWT_SECRET is the default dev key - Serve built client/dist from Express so a single PM2 process handles everything - Add deploy.sh, README.md with full first-run and auto-restart instructions, and server/.env.example Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
3
server/.env.example
Normal file
3
server/.env.example
Normal file
@@ -0,0 +1,3 @@
|
||||
PORT=3040
|
||||
JWT_SECRET=замените_на_случайную_строку_32_символа
|
||||
ALLOWED_ORIGIN=http://cats.heagbokat-server.ru
|
||||
Reference in New Issue
Block a user