feat: Fix C++ compilation and scale for 1000+ users

- Fix C++ executor compilation and execution flow
- Optimize nginx, queue system, and worker concurrency for high load
- Add production deployment scripts and monitoring tools
- Enhanced rate limiting and resource management

Fixes C++ compilation failures and scales system for 1000+ concurrent

Author: vikashkrdeveloper

.husky/pre-commit

@@ -1,4 +1,4 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"
 
-yarn lint-staged
+yarn lint-staged

Dockerfile

@@ -17,9 +17,9 @@ RUN apk add --no-cache \
 # Create app directory
 WORKDIR /app
 
-# Create non-root user and add to existing docker group (GID 999)
+# Create nodejs user 
 RUN addgroup -g 1001 -S nodejs && \
-  adduser -S nodejs -u 1001
+  adduser -S nodejs -u 1001 -G nodejs
 
 # Copy package files
 COPY package.json yarn.lock ./

README.md

@@ -225,6 +225,36 @@ yarn restart                # Restart development environment
 yarn reset                  # Complete reset (clean + setup)
 ```
 
+#### 🔧 Common Issues & Solutions
+
+**Docker Permission Errors (`EACCES /var/run/docker.sock`)**:
+
+```bash
+# Quick fix - Run the permission fix script
+yarn fix:docker
+
+# Manual fixes
+sudo usermod -aG docker $USER    # Add user to docker group
+sudo chmod 666 /var/run/docker.sock  # Set socket permissions
+newgrp docker                    # Apply group changes
+```
+
+**Docker Service Issues**:
+
+```bash
+sudo systemctl start docker      # Start Docker service
+sudo systemctl restart docker    # Restart Docker service
+sudo systemctl status docker     # Check Docker status
+```
+
+**Container Build Failures**:
+
+```bash
+yarn docker:clean               # Clean Docker system
+yarn docker:clean:all           # Complete Docker cleanup
+yarn build:executors            # Rebuild executor images
+```
+
 ---
 
 ## 🤝 Contributing to SafeExec

docker-compose.yml

@@ -73,25 +73,28 @@ services:
       MONGO_USERNAME: ${MONGO_USERNAME:-admin}
       MONGO_PASSWORD: ${MONGO_PASSWORD:-devpassword}
       MONGO_DB: ${MONGO_DB:-safeexec_dev}
-      MONGODB_URI: mongodb://${MONGO_USERNAME:-admin}:${MONGO_PASSWORD:-devpassword}@mongodb:27017/${MONGO_DB:-safeexec_dev}?authSource=admin
+      MONGODB_URI: mongodb://${MONGO_USERNAME:-admin}:${MONGO_PASSWORD:-devpassword}@mongodb:27017/${MONGO_DB:-safeexec_dev}?authSource=admin&maxPoolSize=50&minPoolSize=5
       REDIS_URI: redis://${REDIS_PASSWORD:+:${REDIS_PASSWORD}@}redis:6379
       JWT_SECRET: ${JWT_SECRET:-dev-jwt-secret-change-in-production}
       JWT_EXPIRES_IN: ${JWT_EXPIRES_IN:-24h}
       DOCKER_HOST: /var/run/docker.sock
       LOG_LEVEL: ${LOG_LEVEL:-info}
       ALLOWED_ORIGINS: ${ALLOWED_ORIGINS:-http://localhost:3000}
+      API_BASE_URL: ${API_BASE_URL:-http://localhost}
       SWAGGER_UI_ENABLED: ${SWAGGER_UI_ENABLED:-true}
-      MAX_SUBMISSIONS_PER_MINUTE: ${MAX_SUBMISSIONS_PER_MINUTE:-10}
-      MAX_SUBMISSIONS_PER_HOUR: ${MAX_SUBMISSIONS_PER_HOUR:-100}
-      MAX_SUBMISSIONS_PER_DAY: ${MAX_SUBMISSIONS_PER_DAY:-500}
+      MAX_SUBMISSIONS_PER_MINUTE: ${MAX_SUBMISSIONS_PER_MINUTE:-100}
+      MAX_SUBMISSIONS_PER_HOUR: ${MAX_SUBMISSIONS_PER_HOUR:-1000}
+      MAX_SUBMISSIONS_PER_DAY: ${MAX_SUBMISSIONS_PER_DAY:-10000}
       EXECUTOR_TIMEOUT_MS: ${EXECUTOR_TIMEOUT_MS:-30000}
-      EXECUTOR_MEMORY_LIMIT_MB: ${EXECUTOR_MEMORY_LIMIT_MB:-128}
-      EXECUTOR_CPU_LIMIT: ${EXECUTOR_CPU_LIMIT:-0.5}
+      EXECUTOR_MEMORY_LIMIT_MB: ${EXECUTOR_MEMORY_LIMIT_MB:-256}
+      EXECUTOR_CPU_LIMIT: ${EXECUTOR_CPU_LIMIT:-1.0}
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker.sock:/var/run/docker.sock:rw
       - app_logs:/app/logs
       # Development: Source code mounting disabled due to path with spaces
       # For development, rebuild the image after code changes using yarn docker:dev:build
+    # Run as root to access Docker socket - this is acceptable for development
+    user: 'root'
     depends_on:
       mongodb:
         condition: service_healthy
@@ -128,17 +131,19 @@ services:
       MONGO_USERNAME: ${MONGO_USERNAME:-admin}
       MONGO_PASSWORD: ${MONGO_PASSWORD:-devpassword}
       MONGO_DB: ${MONGO_DB:-safeexec_dev}
-      MONGODB_URI: mongodb://${MONGO_USERNAME:-admin}:${MONGO_PASSWORD:-devpassword}@mongodb:27017/${MONGO_DB:-safeexec_dev}?authSource=admin
+      MONGODB_URI: mongodb://${MONGO_USERNAME:-admin}:${MONGO_PASSWORD:-devpassword}@mongodb:27017/${MONGO_DB:-safeexec_dev}?authSource=admin&maxPoolSize=50&minPoolSize=5
       REDIS_URI: redis://${REDIS_PASSWORD:+:${REDIS_PASSWORD}@}redis:6379
       JWT_SECRET: ${JWT_SECRET:-dev-jwt-secret-change-in-production}
       DOCKER_HOST: /var/run/docker.sock
       LOG_LEVEL: ${LOG_LEVEL:-info}
       EXECUTOR_TIMEOUT_MS: ${EXECUTOR_TIMEOUT_MS:-30000}
-      EXECUTOR_MEMORY_LIMIT_MB: ${EXECUTOR_MEMORY_LIMIT_MB:-128}
-      EXECUTOR_CPU_LIMIT: ${EXECUTOR_CPU_LIMIT:-0.5}
+      EXECUTOR_MEMORY_LIMIT_MB: ${EXECUTOR_MEMORY_LIMIT_MB:-256}
+      EXECUTOR_CPU_LIMIT: ${EXECUTOR_CPU_LIMIT:-1.0}
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker.sock:/var/run/docker.sock:rw
       - app_logs:/app/logs
+    # Run as root to access Docker socket - this is acceptable for development
+    user: 'root'
     depends_on:
       mongodb:
         condition: service_healthy
@@ -148,7 +153,7 @@ services:
       - rce-network
     command: yarn worker
     deploy:
-      replicas: ${WORKER_REPLICAS:-1}
+      replicas: ${WORKER_REPLICAS:-4} # Increased default workers for better performance
 
   # Nginx Reverse Proxy
   nginx:

docker/executors/run_cpp.sh

@@ -5,59 +5,107 @@ set -e
 # Security: Set resource limits
 ulimit -t 30        # CPU time limit (30 seconds)
 ulimit -f 10240     # File size limit (10MB)
-ulimit -v 134217728 # Virtual memory limit (128MB)
+ulimit -v 268435456 # Virtual memory limit (256MB) - increased for C++
 ulimit -n 50        # Max open files
 ulimit -u 50        # Max user processes
 
-# Read JSON input from stdin
-input=$(cat)
-
-# Parse JSON to extract code and input
-code=$(echo "$input" | jq -r '.code // ""')
-test_input=$(echo "$input" | jq -r '.input // ""')
-
-# Validate code
-if [ -z "$code" ]; then
-    echo '{"success": false, "output": "", "error": "No code provided"}'
-    exit 0
+# Handle direct execution mode (when called from Docker executor)
+if [ $# -eq 0 ]; then
+    # Legacy JSON mode for backward compatibility
+    input=$(cat)
+    code=$(echo "$input" | jq -r '.code // ""')
+    test_input=$(echo "$input" | jq -r '.input // ""')
+    
+    if [ -z "$code" ]; then
+        echo '{"success": false, "output": "", "error": "No code provided"}'
+        exit 0
+    fi
+    
+    echo "$code" > /app/solution.cpp
+    echo "$test_input" > /app/input.txt
 fi
 
-# Create temporary file
-temp_file="/tmp/solution_$(date +%s%N).cpp"
-executable="/tmp/solution_$(date +%s%N)"
+# Check if solution file exists
+if [ ! -f "/app/solution.cpp" ]; then
+    echo "Error: solution.cpp not found"
+    exit 1
+fi
 
-# Write code to file
-echo "$code" > "$temp_file"
+# Create unique identifiers to avoid conflicts
+timestamp=$(date +%s%N)
+executable="/tmp/solution_${timestamp}"
 
-# Compile with security flags
+# Compile C++ code with optimized flags
+compile_start=$(date +%s%N)
 compile_output=$(g++ -std=c++17 -Wall -Wextra -O2 \
     -fstack-protector-strong -D_FORTIFY_SOURCE=2 \
     -fno-exec-stack -fPIE -pie \
-    "$temp_file" -o "$executable" 2>&1) || {
+    -static-libgcc -static-libstdc++ \
+    /app/solution.cpp -o "$executable" 2>&1) || {
+    
+    # Clean compilation error output
+    clean_error=$(echo "$compile_output" | sed 's|/app/solution.cpp|solution.cpp|g' | head -20)
 
-    echo "{\"success\": false, \"output\": \"\", \"error\": \"Compilation Error: $compile_output\"}"
-    rm -f "$temp_file" "$executable"
-    exit 0
+    if [ $# -eq 0 ]; then
+        echo "{\"success\": false, \"output\": \"\", \"error\": \"Compilation Error: $clean_error\"}"
+    else
+        echo "Compilation Error: $clean_error"
+    fi
+    rm -f "$executable"
+    exit 1
 }
+compile_end=$(date +%s%N)
+compile_time=$(( (compile_end - compile_start) / 1000000 ))
+
+# Set executable permissions
+chmod +x "$executable"
+
+# Prepare input
+if [ -f "/app/input.txt" ]; then
+    input_data=$(cat /app/input.txt)
+else
+    input_data=""
+fi
 
 # Execute with timeout and capture output
-timeout 30s bash -c "echo '$test_input' | $executable" > /tmp/output.txt 2>&1 || {
+exec_start=$(date +%s%N)
+timeout 30s bash -c "echo '$input_data' | $executable" > /tmp/output.txt 2>&1 || {
     exit_code=$?
+    exec_end=$(date +%s%N)
+    exec_time=$(( (exec_end - exec_start) / 1000000 ))
+    
     if [ $exit_code -eq 124 ]; then
-        echo '{"success": false, "output": "", "error": "Time Limit Exceeded"}'
+        if [ $# -eq 0 ]; then
+            echo '{"success": false, "output": "", "error": "Time Limit Exceeded (30s)", "compilationTime": '$compile_time', "executionTime": 30000}'
+        else
+            echo "Time Limit Exceeded (30s)"
+        fi
     else
-        error_output=$(cat /tmp/output.txt 2>/dev/null || echo "Runtime Error")
-        echo "{\"success\": false, \"output\": \"\", \"error\": \"Runtime Error: $error_output\"}"
+        error_output=$(cat /tmp/output.txt 2>/dev/null | head -100 || echo "Runtime Error")
+        if [ $# -eq 0 ]; then
+            echo "{\"success\": false, \"output\": \"\", \"error\": \"Runtime Error: $error_output\", \"compilationTime\": $compile_time, \"executionTime\": $exec_time}"
+        else
+            echo "Runtime Error: $error_output"
+        fi
     fi
-    rm -f "$temp_file" "$executable" /tmp/output.txt
-    exit 0
+    rm -f "$executable" /tmp/output.txt
+    exit $exit_code
 }
+exec_end=$(date +%s%N)
+exec_time=$(( (exec_end - exec_start) / 1000000 ))
 
 # Get output
 output=$(cat /tmp/output.txt 2>/dev/null || echo "")
 
 # Clean up
-rm -f "$temp_file" "$executable" /tmp/output.txt
+rm -f "$executable" /tmp/output.txt
 
 # Return success result
-echo "{\"success\": true, \"output\": \"$output\", \"error\": \"\"}"
+if [ $# -eq 0 ]; then
+    # JSON mode
+    output_escaped=$(echo "$output" | sed 's/"/\\"/g' | sed 's/$/\\n/' | tr -d '\n' | sed 's/\\n$//')
+    echo "{\"success\": true, \"output\": \"$output_escaped\", \"error\": \"\", \"compilationTime\": $compile_time, \"executionTime\": $exec_time}"
+else
+    # Direct output mode
+    echo "$output"
+fi

docker/nginx/Dockerfile

@@ -22,7 +22,10 @@ COPY docker/nginx/ssl /etc/nginx/ssl/
 
 # Create startup script
 RUN echo '#!/bin/sh' > /docker-entrypoint.sh && \
-    echo 'envsubst "$BACKEND_HOST $BACKEND_PORT" < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf' >> /docker-entrypoint.sh && \
+    echo '# Set default values if not provided' >> /docker-entrypoint.sh && \
+    echo 'export BACKEND_HOST=${BACKEND_HOST:-rce-api}' >> /docker-entrypoint.sh && \
+    echo 'export BACKEND_PORT=${BACKEND_PORT:-5000}' >> /docker-entrypoint.sh && \
+    echo 'envsubst "\$BACKEND_HOST \$BACKEND_PORT" < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf' >> /docker-entrypoint.sh && \
     echo 'exec nginx -g "daemon off;"' >> /docker-entrypoint.sh && \
     chmod +x /docker-entrypoint.sh
 

docker/nginx/conf.d/default.conf

@@ -4,7 +4,7 @@
 
 # Set backend upstream dynamically
 upstream backend {
-    server ${BACKEND_HOST:-rce-api}:${BACKEND_PORT:-5000};
+    server $BACKEND_HOST:$BACKEND_PORT;
 }
 
 server {
@@ -20,26 +20,15 @@ server {
     add_header X-Content-Type-Options nosniff always;
     add_header X-XSS-Protection "1; mode=block" always;
 
-    # CORS handling based on environment
-    set $cors_origin "";
-    if ($http_origin ~* "^https?://(localhost|127\.0\.0\.1|.*\.local)(:[0-9]+)?$") {
-        set $cors_origin $http_origin;
-    }
-
-    # Add CORS headers
-    add_header Access-Control-Allow-Origin $cors_origin always;
+    # CORS headers for development (allow all origins)
+    add_header Access-Control-Allow-Origin "*" always;
     add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
     add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
     add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;
-
+    add_header Access-Control-Max-Age 86400 always;
+    
     # Handle preflight requests
     if ($request_method = 'OPTIONS') {
-        add_header Access-Control-Allow-Origin $cors_origin;
-        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
-        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
-        add_header Access-Control-Max-Age 1728000;
-        add_header Content-Type "text/plain; charset=utf-8";
-        add_header Content-Length 0;
         return 204;
     }
 

docker/nginx/nginx.conf

@@ -6,9 +6,10 @@ error_log /var/log/nginx/error.log notice;
 pid /var/run/nginx.pid;
 
 events {
-    worker_connections 1024;
+    worker_connections 4096;  # Increased for 1000+ concurrent users
     use epoll;
     multi_accept on;
+    accept_mutex off;  # Better for high load
 }
 
 http {
@@ -47,27 +48,9 @@ http {
         application/atom+xml
         image/svg+xml;
 
-    # Security headers
-    add_header X-Frame-Options DENY always;
-    add_header X-Content-Type-Options nosniff always;
-    add_header X-XSS-Protection "1; mode=block" always;
-    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-
-    # Rate limiting
-    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
-    limit_req_zone $binary_remote_addr zone=auth:10m rate=1r/s;
-
-    # Health check endpoint
-    server {
-        listen 80;
-        server_name _;
-        
-        location /health {
-            access_log off;
-            return 200 "healthy\n";
-            add_header Content-Type text/plain;
-        }
-    }
+    # Rate limiting - optimized for high concurrent users
+    limit_req_zone $binary_remote_addr zone=api:20m rate=50r/s;  # Increased capacity
+    limit_req_zone $binary_remote_addr zone=auth:10m rate=5r/s;  # Slightly increased
 
     # Include environment-specific configurations
     include /etc/nginx/conf.d/*.conf;