ai generated solutions to our ai generated problems

This commit is contained in:
2026-06-20 00:05:10 +01:00
parent 736fe40e75
commit a60999a54e
3 changed files with 254 additions and 7 deletions
+9 -2
View File
@@ -85,8 +85,11 @@ Vehicle icon PNGs are served statically at `/vehicle-icons` from `VEHICLE_ICONS_
(populated at deploy from `SHARED/ICONS/VEHICLES`).
The proxy blocks cross-origin/API-navigation requests, strips CORS headers from
the upstream response, rate limits callers, and caches successful GET responses
briefly so public page traffic does not hammer the upstream API. All responses
the upstream response, rate limits callers, and caches successful GET responses.
Public TSS reads are also written to a bounded JSON snapshot cache and served at
both their `/api/tss/*` route and matching `/data/*` path. Fresh snapshots return
without touching the backend; stale snapshots are served immediately while the
server refreshes them in the background. All responses
ship `X-Content-Type-Options`, `X-Frame-Options: DENY`, `Referrer-Policy`,
`Permissions-Policy`, `Cross-Origin-Opener-Policy`, `Cross-Origin-Resource-Policy`,
HSTS (over HTTPS), and HTML responses include a Content Security Policy that
@@ -109,6 +112,10 @@ Optional API protection tuning:
```sh
API_CACHE_TTL_MS=15000
PUBLIC_DATA_CACHE_DIR=~/tsswebstorage/public-data
PUBLIC_DATA_CACHE_FRESH_MS=60000
PUBLIC_DATA_CACHE_STALE_MS=86400000
PUBLIC_DATA_PREWARM_INTERVAL_MS=60000
API_RATE_LIMIT_WINDOW_MS=60000
API_RATE_LIMIT_MAX=120
```