adamp/cookie-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update CLAUDE.md with helmet and rate limiting details

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
adamp 2026-02-09 22:08:05 -06:00
parent f083e2888c
commit bb2b43d1c1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CLAUDE.md
View File

@ -31,9 +31,9 @@ No test runner or linter is currently configured.
Full-stack monorepo: Express.js API + React 18 SPA (Vite + React Router v7). Full-stack monorepo: Express.js API + React 18 SPA (Vite + React Router v7).
**Server** (`server/`): **Server** (`server/`):
- `index.js` — Express entry point. Mounts all route groups under `/api`, applies auth middleware to non-auth routes. In production, serves the built client as static files with SPA fallback. - `index.js` — Express entry point. Applies `helmet()` for security headers, a global API rate limiter (100 req/min/IP via `express-rate-limit`), mounts all route groups under `/api`, and applies auth middleware to non-auth routes. In production, serves the built client as static files with SPA fallback.
- `db.js` — SQLite via `better-sqlite3` (synchronous). Auto-creates the `data/` directory and tables on first run. Foreign keys are enabled. - `db.js` — SQLite via `better-sqlite3` (synchronous). Auto-creates the `data/` directory and tables on first run. Foreign keys are enabled.
- `middleware/auth.js` — Optional HMAC-SHA256 session cookie auth. If `APP_PASSWORD` is not set in `.env`, authentication is disabled entirely (middleware passes through). - `middleware/auth.js` — Optional HMAC-SHA256 session cookie auth. If `APP_PASSWORD` is not set in `.env`, authentication is disabled entirely (middleware passes through). Login route has a dedicated rate limiter (5 attempts/min/IP).
- `utils.js` — Shared helpers (`parseId`, `isValidDate`, `parseLimit`) used across routes. - `utils.js` — Shared helpers (`parseId`, `isValidDate`, `parseLimit`) used across routes.
- `routes/` — CRUD for products, customers, orders, plus dashboard summary and reports endpoints. - `routes/` — CRUD for products, customers, orders, plus dashboard summary and reports endpoints.