- Fix login/register to treat usernames case-insensitively (HeagBoKaT == heagbokat) using LOWER() in SQL with JS .toLowerCase() for Unicode safety - Add helmet for HTTP security headers and express-rate-limit on auth endpoints (20 req / 15 min) to prevent brute-force - Lock CORS to ALLOWED_ORIGIN env var; warn if JWT_SECRET is the default dev key - Serve built client/dist from Express so a single PM2 process handles everything - Add deploy.sh, README.md with full first-run and auto-restart instructions, and server/.env.example Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
746 B
JSON
32 lines
746 B
JSON
{
|
|
"name": "catstagram-server",
|
|
"private": true,
|
|
"scripts": {
|
|
"dev": "tsx watch src/index.ts",
|
|
"start": "tsx src/index.ts",
|
|
"build": "tsc"
|
|
},
|
|
"dependencies": {
|
|
"bcryptjs": "^2.4.3",
|
|
"cors": "^2.8.5",
|
|
"dotenv": "^16.4.0",
|
|
"express": "^4.21.0",
|
|
"express-rate-limit": "^8.5.2",
|
|
"helmet": "^8.2.0",
|
|
"jsonwebtoken": "^9.0.2",
|
|
"multer": "^1.4.5-lts.1",
|
|
"sql.js": "^1.14.1"
|
|
},
|
|
"devDependencies": {
|
|
"@types/bcryptjs": "^2.4.6",
|
|
"@types/cors": "^2.8.17",
|
|
"@types/express": "^4.17.21",
|
|
"@types/express-rate-limit": "^5.1.3",
|
|
"@types/jsonwebtoken": "^9.0.7",
|
|
"@types/multer": "^1.4.12",
|
|
"@types/node": "^22.0.0",
|
|
"tsx": "^4.19.0",
|
|
"typescript": "^5.6.0"
|
|
}
|
|
}
|