add now features

This commit is contained in:
Matthias Hochmeister
2026-03-01 14:41:45 +01:00
parent e76946ed8a
commit 5b8f40ab9a
14 changed files with 2044 additions and 84 deletions

View File

@@ -20,26 +20,28 @@ app.use(cors({
credentials: true,
}));
// Rate limiting - general API routes
const limiter = rateLimit({
windowMs: environment.rateLimit.windowMs,
max: environment.rateLimit.max,
message: 'Too many requests from this IP, please try again later.',
standardHeaders: true,
legacyHeaders: false,
});
// Rate limiting - general API routes (applied below, after auth limiter)
// Rate limiting - auth routes (more generous to avoid blocking logins)
// Rate limiting - auth routes (generous to avoid blocking logins during
// normal use; each OAuth flow = 1 callback + token exchange)
const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 30, // 30 auth attempts per window
max: 60, // 60 auth attempts per window (allows ~20 full login cycles)
message: 'Zu viele Anmeldeversuche. Bitte versuchen Sie es später erneut.',
standardHeaders: true,
legacyHeaders: false,
});
app.use('/api/auth', authLimiter);
app.use('/api', limiter);
// General rate limiter — skip auth routes (they have their own limiter above)
app.use('/api', rateLimit({
windowMs: environment.rateLimit.windowMs,
max: environment.rateLimit.max,
message: 'Too many requests from this IP, please try again later.',
standardHeaders: true,
legacyHeaders: false,
skip: (req) => req.path.startsWith('/auth'),
}));
// Body parsing middleware
app.use(express.json({ limit: '10mb' }));
@@ -74,16 +76,18 @@ import trainingRoutes from './routes/training.routes';
import vehicleRoutes from './routes/vehicle.routes';
import incidentRoutes from './routes/incident.routes';
import equipmentRoutes from './routes/equipment.routes';
import nextcloudRoutes from './routes/nextcloud.routes';
import nextcloudRoutes from './routes/nextcloud.routes';
import atemschutzRoutes from './routes/atemschutz.routes';
app.use('/api/auth', authRoutes);
app.use('/api/user', userRoutes);
app.use('/api/members', memberRoutes);
app.use('/api/admin', adminRoutes);
app.use('/api/training', trainingRoutes);
app.use('/api/vehicles', vehicleRoutes);
app.use('/api/incidents', incidentRoutes);
app.use('/api/equipment', equipmentRoutes);
app.use('/api/auth', authRoutes);
app.use('/api/user', userRoutes);
app.use('/api/members', memberRoutes);
app.use('/api/admin', adminRoutes);
app.use('/api/training', trainingRoutes);
app.use('/api/vehicles', vehicleRoutes);
app.use('/api/incidents', incidentRoutes);
app.use('/api/equipment', equipmentRoutes);
app.use('/api/atemschutz', atemschutzRoutes);
app.use('/api/nextcloud/talk', nextcloudRoutes);
// 404 handler