security: add headers, fetch timeouts, Retry-After cap, env validation
All checks were successful
Build and Deploy / Build & Push (push) Successful in 3m50s
All checks were successful
Build and Deploy / Build & Push (push) Successful in 3m50s
- next.config.ts: CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy - sixflags.ts: cap Retry-After at 5 min; add 15s AbortSignal.timeout() - queuetimes.ts: add 10s AbortSignal.timeout() - rcdb.ts: add 15s AbortSignal.timeout() - lib/env.ts: parseStalenessHours() guards against NaN from invalid env vars - db.ts + park-meta.ts: use parseStalenessHours() for staleness window config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -107,12 +107,12 @@ async function fetchApi(
|
||||
): Promise<ApiResponse> {
|
||||
const fetchOpts: RequestInit & { next?: { revalidate: number } } = { headers: HEADERS };
|
||||
if (revalidate !== undefined) fetchOpts.next = { revalidate };
|
||||
const res = await fetch(url, fetchOpts);
|
||||
const res = await fetch(url, { ...fetchOpts, signal: AbortSignal.timeout(15_000) });
|
||||
|
||||
if (res.status === 429 || res.status === 503) {
|
||||
const retryAfter = res.headers.get("Retry-After");
|
||||
const waitMs = retryAfter
|
||||
? parseInt(retryAfter) * 1000
|
||||
? Math.min(parseInt(retryAfter, 10) * 1000, 5 * 60 * 1000) // cap at 5 min
|
||||
: BASE_BACKOFF_MS * Math.pow(2, attempt);
|
||||
console.log(
|
||||
` [rate-limited] HTTP ${res.status} — waiting ${waitMs / 1000}s (attempt ${attempt + 1}/${MAX_RETRIES})`
|
||||
|
||||
Reference in New Issue
Block a user