Merge pull request #208 from PatchMon/post1-3-0

Fixed some ratelimits that were hardcoded and ammended docker compose…
Fixed some ratelimits that were hardcoded and ammended docker compose to take into consideration rate limits
2025-10-22 23:32:03 +00:00 · 2025-10-22 15:37:50 +01:00 · 2025-10-22 15:22:14 +01:00 · 2025-10-22 14:33:18 +01:00 · 2025-10-22 14:15:49 +01:00 · 2025-10-22 13:47:03 +01:00
6 changed files with 734 additions and 272 deletions
--- a/backend/env.example
+++ b/backend/env.example
@@ -1,23 +1,29 @@
 # Database Configuration
-DATABASE_URL="postgresql://patchmon_user:p@tchm0n_p@55@localhost:5432/patchmon_db"
+DATABASE_URL="postgresql://patchmon_user:your-password-here@localhost:5432/patchmon_db"
 PM_DB_CONN_MAX_ATTEMPTS=30
 PM_DB_CONN_WAIT_INTERVAL=2

-# Redis Configuration
-REDIS_HOST=localhost
-REDIS_PORT=6379
-REDIS_USER=your-redis-username-here
-REDIS_PASSWORD=your-redis-password-here
-REDIS_DB=0
+# JWT Configuration
+JWT_SECRET=your-secure-random-secret-key-change-this-in-production
+JWT_EXPIRES_IN=1h
+JWT_REFRESH_EXPIRES_IN=7d

 # Server Configuration
 PORT=3001
-NODE_ENV=development
+NODE_ENV=production

 # API Configuration
 API_VERSION=v1
+
+# CORS Configuration
 CORS_ORIGIN=http://localhost:3000

+# Session Configuration
+SESSION_INACTIVITY_TIMEOUT_MINUTES=30
+
+# User Configuration
+DEFAULT_USER_ROLE=user
+
 # Rate Limiting (times in milliseconds)
 RATE_LIMIT_WINDOW_MS=900000
 RATE_LIMIT_MAX=5000
@@ -26,20 +32,18 @@ AUTH_RATE_LIMIT_MAX=500
 AGENT_RATE_LIMIT_WINDOW_MS=60000
 AGENT_RATE_LIMIT_MAX=1000

+# Redis Configuration
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_USER=your-redis-username-here
+REDIS_PASSWORD=your-redis-password-here
+REDIS_DB=0
+
 # Logging
 LOG_LEVEL=info
 ENABLE_LOGGING=true

-# User Registration
-DEFAULT_USER_ROLE=user
-
-# JWT Configuration
-JWT_SECRET=your-secure-random-secret-key-change-this-in-production
-JWT_EXPIRES_IN=1h
-JWT_REFRESH_EXPIRES_IN=7d
-SESSION_INACTIVITY_TIMEOUT_MINUTES=30
-
-# TFA Configuration
+# TFA Configuration (optional - used if TFA is enabled)
 TFA_REMEMBER_ME_EXPIRES_IN=30d
 TFA_MAX_REMEMBER_SESSIONS=5
 TFA_SUSPICIOUS_ACTIVITY_THRESHOLD=3
--- a/backend/src/server.js
+++ b/backend/src/server.js
@@ -295,7 +295,7 @@ app.disable("x-powered-by");
 // Rate limiting with monitoring
 const limiter = rateLimit({
 	windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS, 10) || 15 * 60 * 1000,
-	max: parseInt(process.env.RATE_LIMIT_MAX, 10) || 100,
+	max: parseInt(process.env.RATE_LIMIT_MAX, 10) || 5000,
 	message: {
 		error: "Too many requests from this IP, please try again later.",
 		retryAfter: Math.ceil(
@@ -424,7 +424,7 @@ const apiVersion = process.env.API_VERSION || "v1";
 const authLimiter = rateLimit({
 	windowMs:
 		parseInt(process.env.AUTH_RATE_LIMIT_WINDOW_MS, 10) || 10 * 60 * 1000,
-	max: parseInt(process.env.AUTH_RATE_LIMIT_MAX, 10) || 20,
+	max: parseInt(process.env.AUTH_RATE_LIMIT_MAX, 10) || 500,
 	message: {
 		error: "Too many authentication requests, please try again later.",
 		retryAfter: Math.ceil(
@@ -438,7 +438,7 @@ const authLimiter = rateLimit({
 });
 const agentLimiter = rateLimit({
 	windowMs: parseInt(process.env.AGENT_RATE_LIMIT_WINDOW_MS, 10) || 60 * 1000,
-	max: parseInt(process.env.AGENT_RATE_LIMIT_MAX, 10) || 120,
+	max: parseInt(process.env.AGENT_RATE_LIMIT_MAX, 10) || 1000,
 	message: {
 		error: "Too many agent requests, please try again later.",
 		retryAfter: Math.ceil(
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -50,6 +50,13 @@ services:
      SERVER_HOST: localhost
      SERVER_PORT: 3000
      CORS_ORIGIN: http://localhost:3000
+      # Rate Limiting (times in milliseconds)
+      RATE_LIMIT_WINDOW_MS: 900000
+      RATE_LIMIT_MAX: 5000
+      AUTH_RATE_LIMIT_WINDOW_MS: 600000
+      AUTH_RATE_LIMIT_MAX: 500
+      AGENT_RATE_LIMIT_WINDOW_MS: 60000
+      AGENT_RATE_LIMIT_MAX: 1000
      # Redis Configuration
      REDIS_HOST: redis
      REDIS_PORT: 6379
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -56,6 +56,13 @@ services:
      SERVER_HOST: localhost
      SERVER_PORT: 3000
      CORS_ORIGIN: http://localhost:3000
+      # Rate Limiting (times in milliseconds)
+      RATE_LIMIT_WINDOW_MS: 900000
+      RATE_LIMIT_MAX: 5000
+      AUTH_RATE_LIMIT_WINDOW_MS: 600000
+      AUTH_RATE_LIMIT_MAX: 500
+      AGENT_RATE_LIMIT_WINDOW_MS: 60000
+      AGENT_RATE_LIMIT_MAX: 1000
      # Redis Configuration
      REDIS_HOST: redis
      REDIS_PORT: 6379
--- a/frontend/env.example
+++ b/frontend/env.example
@@ -0,0 +1,10 @@
+# Frontend Environment Configuration
+# This file is used by Vite during build and runtime
+
+# API URL - Update this to match your backend server
+VITE_API_URL=http://localhost:3001/api/v1
+
+# Application Metadata
+VITE_APP_NAME=PatchMon
+VITE_APP_VERSION=1.3.0
+
--- a/setup.sh
+++ b/setup.sh
Author	SHA1	Message	Date
9 Technology Group LTD	8d372411be	Merge pull request #208 from PatchMon/post1-3-0 Fixed some ratelimits that were hardcoded and ammended docker compose…	2025-10-22 15:37:50 +01:00
Muhammad Ibrahim	de449c547f	Fixed some ratelimits that were hardcoded and ammended docker compose to take into consideration rate limits	2025-10-22 15:22:14 +01:00
9 Technology Group LTD	cd03f0e66a	Merge pull request #206 from PatchMon/post1-3-0 Made the setup.sh regenerate the .env variables	2025-10-22 14:33:18 +01:00
Muhammad Ibrahim	a8bd09be89	Made the setup.sh regenerate the .env variables	2025-10-22 14:15:49 +01:00
9 Technology Group LTD	deb6bed1a6	Merge pull request #204 from PatchMon/post1-3-0 Improving the setup.sh script to handle the nginx configuration changes on bare-metal type instances. Also amended the env.example files to suit.	2025-10-22 13:47:03 +01:00
Muhammad Ibrahim	3ae8422487	modified nginx config for updates	2025-10-22 12:12:06 +01:00
Muhammad Ibrahim	c98203a997	Fixed bug on nginx configuration	2025-10-22 02:31:53 +01:00
Muhammad Ibrahim	37c8f5fa76	Modified setup.sh to handle the changes in version 1.3.0	2025-10-22 02:09:23 +01:00