Fixed some ratelimits that were hardcoded and ammended docker compose to take into consideration rate limits

Made the setup.sh regenerate the .env variables
modified nginx config for updates
2025-10-23 07:42:05 +00:00 · 2025-10-22 15:22:14 +01:00 · 2025-10-22 14:15:49 +01:00 · 2025-10-22 12:12:06 +01:00 · 2025-10-22 02:31:53 +01:00 · 2025-10-22 02:09:23 +01:00
6 changed files with 734 additions and 272 deletions
--- a/backend/env.example
+++ b/backend/env.example
@@ -1,23 +1,29 @@
 # Database Configuration
-DATABASE_URL="postgresql://patchmon_user:p@tchm0n_p@55@localhost:5432/patchmon_db"
+DATABASE_URL="postgresql://patchmon_user:your-password-here@localhost:5432/patchmon_db"
 PM_DB_CONN_MAX_ATTEMPTS=30
 PM_DB_CONN_WAIT_INTERVAL=2
-# Redis Configuration
+# JWT Configuration
-REDIS_HOST=localhost
+JWT_SECRET=your-secure-random-secret-key-change-this-in-production
-REDIS_PORT=6379
+JWT_EXPIRES_IN=1h
-REDIS_USER=your-redis-username-here
+JWT_REFRESH_EXPIRES_IN=7d
 REDIS_PASSWORD=your-redis-password-here
 REDIS_DB=0
 # Server Configuration
 PORT=3001
-NODE_ENV=development
+NODE_ENV=production
 # API Configuration
 API_VERSION=v1
 # CORS Configuration
 CORS_ORIGIN=http://localhost:3000
 # Session Configuration
 SESSION_INACTIVITY_TIMEOUT_MINUTES=30
 # User Configuration
 DEFAULT_USER_ROLE=user
 # Rate Limiting (times in milliseconds)
 RATE_LIMIT_WINDOW_MS=900000
 RATE_LIMIT_MAX=5000
@@ -26,20 +32,18 @@ AUTH_RATE_LIMIT_MAX=500
 AGENT_RATE_LIMIT_WINDOW_MS=60000
 AGENT_RATE_LIMIT_MAX=1000
 # Redis Configuration
 REDIS_HOST=localhost
 REDIS_PORT=6379
 REDIS_USER=your-redis-username-here
 REDIS_PASSWORD=your-redis-password-here
 REDIS_DB=0
 # Logging
 LOG_LEVEL=info
 ENABLE_LOGGING=true
-# User Registration
+# TFA Configuration (optional - used if TFA is enabled)
 DEFAULT_USER_ROLE=user
 # JWT Configuration
 JWT_SECRET=your-secure-random-secret-key-change-this-in-production
 JWT_EXPIRES_IN=1h
 JWT_REFRESH_EXPIRES_IN=7d
 SESSION_INACTIVITY_TIMEOUT_MINUTES=30
 # TFA Configuration
 TFA_REMEMBER_ME_EXPIRES_IN=30d
 TFA_MAX_REMEMBER_SESSIONS=5
 TFA_SUSPICIOUS_ACTIVITY_THRESHOLD=3
--- a/backend/src/server.js
+++ b/backend/src/server.js
@@ -295,7 +295,7 @@ app.disable("x-powered-by");
 // Rate limiting with monitoring
 const limiter = rateLimit({
 	windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS, 10) || 15 * 60 * 1000,
-	max: parseInt(process.env.RATE_LIMIT_MAX, 10) || 100,
+	max: parseInt(process.env.RATE_LIMIT_MAX, 10) || 5000,
 	message: {
 		error: "Too many requests from this IP, please try again later.",
 		retryAfter: Math.ceil(
@@ -424,7 +424,7 @@ const apiVersion = process.env.API_VERSION || "v1";
 const authLimiter = rateLimit({
 	windowMs:
 		parseInt(process.env.AUTH_RATE_LIMIT_WINDOW_MS, 10) || 10 * 60 * 1000,
-	max: parseInt(process.env.AUTH_RATE_LIMIT_MAX, 10) || 20,
+	max: parseInt(process.env.AUTH_RATE_LIMIT_MAX, 10) || 500,
 	message: {
 		error: "Too many authentication requests, please try again later.",
 		retryAfter: Math.ceil(
@@ -438,7 +438,7 @@ const authLimiter = rateLimit({
 });
 const agentLimiter = rateLimit({
 	windowMs: parseInt(process.env.AGENT_RATE_LIMIT_WINDOW_MS, 10) || 60 * 1000,
-	max: parseInt(process.env.AGENT_RATE_LIMIT_MAX, 10) || 120,
+	max: parseInt(process.env.AGENT_RATE_LIMIT_MAX, 10) || 1000,
 	message: {
 		error: "Too many agent requests, please try again later.",
 		retryAfter: Math.ceil(
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -50,6 +50,13 @@ services:
      SERVER_HOST: localhost
      SERVER_PORT: 3000
      CORS_ORIGIN: http://localhost:3000
      # Rate Limiting (times in milliseconds)
      RATE_LIMIT_WINDOW_MS: 900000
      RATE_LIMIT_MAX: 5000
      AUTH_RATE_LIMIT_WINDOW_MS: 600000
      AUTH_RATE_LIMIT_MAX: 500
      AGENT_RATE_LIMIT_WINDOW_MS: 60000
      AGENT_RATE_LIMIT_MAX: 1000
      # Redis Configuration
      REDIS_HOST: redis
      REDIS_PORT: 6379
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -56,6 +56,13 @@ services:
      SERVER_HOST: localhost
      SERVER_PORT: 3000
      CORS_ORIGIN: http://localhost:3000
      # Rate Limiting (times in milliseconds)
      RATE_LIMIT_WINDOW_MS: 900000
      RATE_LIMIT_MAX: 5000
      AUTH_RATE_LIMIT_WINDOW_MS: 600000
      AUTH_RATE_LIMIT_MAX: 500
      AGENT_RATE_LIMIT_WINDOW_MS: 60000
      AGENT_RATE_LIMIT_MAX: 1000
      # Redis Configuration
      REDIS_HOST: redis
      REDIS_PORT: 6379
--- a/frontend/env.example
+++ b/frontend/env.example
@@ -0,0 +1,10 @@
 # Frontend Environment Configuration
 # This file is used by Vite during build and runtime
 # API URL - Update this to match your backend server
 VITE_API_URL=http://localhost:3001/api/v1
 # Application Metadata
 VITE_APP_NAME=PatchMon
 VITE_APP_VERSION=1.3.0
--- a/setup.sh
+++ b/setup.sh
Author	SHA1	Message	Date
Muhammad Ibrahim	de449c547f	Fixed some ratelimits that were hardcoded and ammended docker compose to take into consideration rate limits	2025-10-22 15:22:14 +01:00
Muhammad Ibrahim	a8bd09be89	Made the setup.sh regenerate the .env variables	2025-10-22 14:15:49 +01:00
Muhammad Ibrahim	3ae8422487	modified nginx config for updates	2025-10-22 12:12:06 +01:00
Muhammad Ibrahim	c98203a997	Fixed bug on nginx configuration	2025-10-22 02:31:53 +01:00
Muhammad Ibrahim	37c8f5fa76	Modified setup.sh to handle the changes in version 1.3.0	2025-10-22 02:09:23 +01:00