fix:/ add api protections :3
This commit is contained in:
@@ -33,8 +33,18 @@ npm run build
|
||||
pm2 start ecosystem.config.cjs
|
||||
```
|
||||
|
||||
The production server runs on <http://localhost:3001> and proxies `/api/*` plus
|
||||
`/health` to `API_UPSTREAM`, which defaults to `http://127.0.0.1:6000`.
|
||||
The production server runs on <http://localhost:3010>. It serves `/health`
|
||||
locally and only proxies the API routes used by the app:
|
||||
|
||||
- `GET /api/tss/leaderboard/teams?limit=1..100`
|
||||
- `GET /api/tss/teams/resolve?name=...`
|
||||
- `GET /api/tss/teams/:team`
|
||||
- `GET /api/tss/teams/:team/history`
|
||||
- `GET /api/tss/teams/:team/games`
|
||||
|
||||
The proxy blocks cross-origin/API-navigation requests, strips CORS headers from
|
||||
the upstream response, rate limits callers, and caches successful GET responses
|
||||
briefly so public page traffic does not hammer the upstream API.
|
||||
|
||||
Override the API target before starting PM2 if needed:
|
||||
|
||||
@@ -42,6 +52,21 @@ Override the API target before starting PM2 if needed:
|
||||
API_UPSTREAM=http://127.0.0.1:8080 pm2 start ecosystem.config.cjs
|
||||
```
|
||||
|
||||
Set `PUBLIC_ORIGIN` to the public site origin in production, especially behind a
|
||||
reverse proxy:
|
||||
|
||||
```sh
|
||||
PUBLIC_ORIGIN=https://your-domain.example pm2 start ecosystem.config.cjs
|
||||
```
|
||||
|
||||
Optional API protection tuning:
|
||||
|
||||
```sh
|
||||
API_CACHE_TTL_MS=15000
|
||||
API_RATE_LIMIT_WINDOW_MS=60000
|
||||
API_RATE_LIMIT_MAX=120
|
||||
```
|
||||
|
||||
## GitHub webhook
|
||||
|
||||
The webhook process listens on port `3011` at `/github`. Configure GitHub to send
|
||||
|
||||
Reference in New Issue
Block a user