denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): implement session token creation and verification for enhanced security

Browse Source 
feat(api): require session authentication for admin routes and improve error handling

fix(api): streamline project image generation by fetching data directly from the database

fix(api): optimize project import/export functionality with session validation and improved error handling

fix(api): enhance analytics dashboard and email manager with session token for admin requests

fix(components): improve loading states and dynamic imports for better user experience

chore(security): update Content Security Policy to avoid unsafe-eval in production

chore(deps): update package.json scripts for consistent environment handling in linting and testing
This commit is contained in:
denshooter
2026-01-12 00:27:03 +01:00
parent 9cc03bc475
commit 0349c686fa
25 changed files with 423 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/api/projects/[id]/route.ts
View File

@@ -1,7 +1,7 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';
import { apiCache } from '@/lib/cache';
import { checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
import { checkRateLimit, getRateLimitHeaders, requireSessionAuth } from '@/lib/auth';
import { PrismaClientKnownRequestError } from '@prisma/client/runtime/library';
export async function GET(
@@ -11,6 +11,9 @@ export async function GET(
try {
const { id: idParam } = await params;
const id = parseInt(idParam);
if (!Number.isFinite(id)) {
return NextResponse.json({ error: 'Invalid project id' }, { status: 400 });
}
const project = await prisma.project.findUnique({
where: { id }
@@ -74,9 +77,14 @@ export async function PUT(
{ status: 403 }
);
}
const authError = requireSessionAuth(request);
if (authError) return authError;
const { id: idParam } = await params;
const id = parseInt(idParam);
if (!Number.isFinite(id)) {
return NextResponse.json({ error: 'Invalid project id' }, { status: 400 });
}
const data = await request.json();
// Remove difficulty field if it exists (since we're removing it)
@@ -147,9 +155,14 @@ export async function DELETE(
{ status: 403 }
);
}
const authError = requireSessionAuth(request);
if (authError) return authError;
const { id: idParam } = await params;
const id = parseInt(idParam);
if (!Number.isFinite(id)) {
return NextResponse.json({ error: 'Invalid project id' }, { status: 400 });
}
await prisma.project.delete({
where: { id }

10
app/api/projects/export/route.ts
View File

@@ -1,8 +1,14 @@
import { NextResponse } from 'next/server';
import { NextRequest, NextResponse } from 'next/server';
import { projectService } from '@/lib/prisma';
import { requireSessionAuth } from '@/lib/auth';
export async function GET() {
export async function GET(request: NextRequest) {
try {
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
const authError = requireSessionAuth(request);
if (authError) return authError;
// Get all projects with full data
const projectsResult = await projectService.getAllProjects();
const projects = projectsResult.projects || projectsResult;

16
app/api/projects/import/route.ts
View File

@@ -1,8 +1,14 @@
import { NextRequest, NextResponse } from 'next/server';
import { projectService } from '@/lib/prisma';
import { requireSessionAuth } from '@/lib/auth';
export async function POST(request: NextRequest) {
try {
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
const authError = requireSessionAuth(request);
if (authError) return authError;
const body = await request.json();
// Validate import data structure
@@ -19,13 +25,16 @@ export async function POST(request: NextRequest) {
errors: [] as string[]
};
// Preload existing titles once (avoid O(n^2) DB reads during import)
const existingProjectsResult = await projectService.getAllProjects({ limit: 10000 });
const existingProjects = existingProjectsResult.projects || existingProjectsResult;
const existingTitles = new Set(existingProjects.map(p => p.title));
// Process each project
for (const projectData of body.projects) {
try {
// Check if project already exists (by title)
const existingProjectsResult = await projectService.getAllProjects();
const existingProjects = existingProjectsResult.projects || existingProjectsResult;
const exists = existingProjects.some(p => p.title === projectData.title);
const exists = existingTitles.has(projectData.title);
if (exists) {
results.skipped++;
@@ -68,6 +77,7 @@ export async function POST(request: NextRequest) {
});
results.imported++;
existingTitles.add(projectData.title);
} catch (error) {
results.skipped++;
results.errors.push(`Failed to import "${projectData.title}": ${error instanceof Error ? error.message : 'Unknown error'}`);

8
app/api/projects/route.ts
View File

@@ -30,8 +30,10 @@ export async function GET(request: NextRequest) {
}
}
const { searchParams } = new URL(request.url);
const page = parseInt(searchParams.get('page') || '1');
const limit = parseInt(searchParams.get('limit') || '50');
const pageRaw = parseInt(searchParams.get('page') || '1');
const limitRaw = parseInt(searchParams.get('limit') || '50');
const page = Number.isFinite(pageRaw) && pageRaw > 0 ? pageRaw : 1;
const limit = Number.isFinite(limitRaw) && limitRaw > 0 && limitRaw <= 200 ? limitRaw : 50;
const category = searchParams.get('category');
const featured = searchParams.get('featured');
const published = searchParams.get('published');
@@ -145,6 +147,8 @@ export async function POST(request: NextRequest) {
{ status: 403 }
);
}
const authError = requireSessionAuth(request);
if (authError) return authError;
const data = await request.json();