Skip to main content

Production Checklist

Before deploying to production:

Environment Variables

Set these environment variables in your production environment: 
PORT=3000
JWT_SECRET=<secure-random-string>
JWT_EXPIRY=30d
SOLANA_RPC_URL=<your-dedicated-rpc-url>
NODE_ENV=production

Generate Secure JWT Secret

node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"

Deployment Options

Render

  1. Connect your repository to Render
  2. Set environment variables
  3. Deploy
The render.yaml file in the repository provides a configuration example.

Railway

  1. Create a new project on Railway
  2. Connect your repository
  3. Set environment variables
  4. Deploy

Heroku

heroku create your-app-name
heroku config:set JWT_SECRET=$(node -e "console.log(require('crypto').randomBytes(32).toString('hex'))")
heroku config:set SOLANA_RPC_URL=your-rpc-url
git push heroku main

Docker

Create a Dockerfile: 
FROM node:18-alpine

WORKDIR /app

COPY package*.json ./
RUN npm ci --only=production

COPY . .

EXPOSE 3000

CMD ["npm", "start"]
Build and run: 
docker build -t magenx404-server .
docker run -p 3000:3000 \
  -e JWT_SECRET=your-secret \
  -e SOLANA_RPC_URL=your-rpc-url \
  magenx404-server

CORS Configuration

Update CORS settings in server/index.ts: 
app.use(
  cors({
    origin: process.env.FRONTEND_URL || "https://yourdomain.com",
    credentials: true,
    exposedHeaders: ["X-404-Nonce", "X-404-Mechanism"],
  })
);

Rate Limiting

Add rate limiting middleware: 
npm install express-rate-limit

import rateLimit from "express-rate-limit";

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // limit each IP to 100 requests per windowMs
});

app.use("/x404_auth", limiter);

Monitoring

Health Check Endpoint

The server includes a health check endpoint: 
curl https://your-server.com/health

Logging

Add structured logging: 
npm install winston

import winston from "winston";

const logger = winston.createLogger({
  level: "info",
  format: winston.format.json(),
  transports: [
    new winston.transports.File({ filename: "error.log", level: "error" }),
    new winston.transports.File({ filename: "combined.log" }),
  ],
});

// Use in routes
logger.info("Authentication successful", { publicKey, feature });

Security Best Practices

  1. Use HTTPS: Always use HTTPS in production
  2. Secure Headers: Add security headers middleware
  3. Input Validation: Validate all input parameters
  4. Error Handling: Don’t expose sensitive error details
  5. Regular Updates: Keep dependencies updated

Next Steps

Server Setup

Review server setup guide

API Reference

View complete API documentation