Major refactor: security, performance, and code organization
Security: - DeepSeek API moved to server-side proxy with rate limiting (20 req/min) - Whitelist validation for all POST/PUT routes - Cookie security (secure, sameSite, httpOnly in production) - Input validation for messages, tokens, temperature - Sanitized hasOwnProperty to prevent prototype pollution Performance: - Lazy loading for chat messages (sliding window of 20) - Streaming response throttling (50ms batches) - Scroll optimization (only scroll on new messages) - AbortController fix for stop button Code organization: - GamePage refactored from ~1170 to ~750 lines - New hooks: useGameSession, useStreamingResponse, useCharacterDetection, useLazyMessages - New components: MessageList, ChatInput, SessionSelector, CharacterPanel - Fixed ESLint errors Features: - OOC mode button for direct AI instructions - Message versions (aiResponse) now persist to DB - playerId saved in sessions
This commit is contained in:
Alexej Wolff
@@ -14,3 +14,10 @@ FRONTEND_URL=http://localhost:5174
|
||||
|
||||
# Server
|
||||
PORT=3001
|
||||
NODE_ENV=development # 'production' for secure cookies and strict checks
|
||||
|
||||
# DeepSeek API (for story generation)
|
||||
DEEPSEEK_API_KEY=your_deepseek_api_key
|
||||
|
||||
# GeminiGen API (for image generation)
|
||||
GEMINIGEN_API_KEY=your_geminigen_api_key
|
||||
|
||||
Reference in New Issue
Block a user