Add rate limiting and extend JWT expiry

- Wire in Fastify rate-limit (backend) and add dependency
- Update JWT expiresIn to 24h in config
- Remove legacy auth middleware
- Add healthcheck to deployment (deploy.sh)
- Minor frontend tweaks: include average time per round in logs
- Remove Dashboard link from dashboard.html

backend/src/config/jwt.js

@@ -12,7 +12,7 @@ config({ path: resolve(rootDir, '.env') })
 export const jwtConfig = {
   secret: process.env.JWT_SECRET || 'fallback-secret-for-development',
   algorithm: 'HS512',
-  expiresIn: '15m',
+  expiresIn: '24h',
   refreshExpiresIn: '7d',
   issuer: 'edh-stats',
   audience: 'edh-stats-users'
@@ -23,12 +23,6 @@ export const corsConfig = {
   credentials: true
 }
 
-export const rateLimitConfig = {
-  max: parseInt(process.env.RATE_LIMIT_MAX) || 100,
-  timeWindow: parseInt(process.env.RATE_LIMIT_WINDOW) || 15 * 60 * 1000, // 15 minutes
-  skipOnError: false
-}
-
 export const serverConfig = {
   port: parseInt(process.env.PORT) || 3000,
   host: process.env.HOST || '0.0.0.0',
@@ -37,14 +31,6 @@ export const serverConfig = {
   }
 }
 
-export const securityConfig = {
-  bcryptSaltRounds: 12,
-  passwordMinLength: 8,
-  usernameMinLength: 3,
-  commanderNameMinLength: 2,
-  maxNotesLength: 1000
-}
-
 export const registrationConfig = {
   allowRegistration: process.env.ALLOW_REGISTRATION !== 'false'
 }