Alexej Wolff
68c2b129fa
Security: - DeepSeek API moved to server-side proxy with rate limiting (20 req/min) - Whitelist validation for all POST/PUT routes - Cookie security (secure, sameSite, httpOnly in production) - Input validation for messages, tokens, temperature - Sanitized hasOwnProperty to prevent prototype pollution Performance: - Lazy loading for chat messages (sliding window of 20) - Streaming response throttling (50ms batches) - Scroll optimization (only scroll on new messages) - AbortController fix for stop button Code organization: - GamePage refactored from ~1170 to ~750 lines - New hooks: useGameSession, useStreamingResponse, useCharacterDetection, useLazyMessages - New components: MessageList, ChatInput, SessionSelector, CharacterPanel - Fixed ESLint errors Features: - OOC mode button for direct AI instructions - Message versions (aiResponse) now persist to DB - playerId saved in sessions
24 lines
589 B
Bash
24 lines
589 B
Bash
# MongoDB
|
|
MONGODB_URI=mongodb://localhost:27017/resekai
|
|
|
|
# Discord OAuth2
|
|
DISCORD_CLIENT_ID=your_discord_client_id
|
|
DISCORD_CLIENT_SECRET=your_discord_client_secret
|
|
DISCORD_REDIRECT_URI=http://localhost:3001/auth/discord/callback
|
|
|
|
# Session
|
|
SESSION_SECRET=your_super_secret_session_key
|
|
|
|
# Frontend URL
|
|
FRONTEND_URL=http://localhost:5174
|
|
|
|
# Server
|
|
PORT=3001
|
|
NODE_ENV=development # 'production' for secure cookies and strict checks
|
|
|
|
# DeepSeek API (for story generation)
|
|
DEEPSEEK_API_KEY=your_deepseek_api_key
|
|
|
|
# GeminiGen API (for image generation)
|
|
GEMINIGEN_API_KEY=your_geminigen_api_key
|