feat(auth): implement session token creation and verification for enhanced security

feat(api): require session authentication for admin routes and improve error handling

fix(api): streamline project image generation by fetching data directly from the database

fix(api): optimize project import/export functionality with session validation and improved error handling

fix(api): enhance analytics dashboard and email manager with session token for admin requests

fix(components): improve loading states and dynamic imports for better user experience

chore(security): update Content Security Policy to avoid unsafe-eval in production

chore(deps): update package.json scripts for consistent environment handling in linting and testing

app/api/projects/import/route.ts

@@ -1,8 +1,14 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { projectService } from '@/lib/prisma';
+import { requireSessionAuth } from '@/lib/auth';
 
 export async function POST(request: NextRequest) {
   try {
+    const isAdminRequest = request.headers.get('x-admin-request') === 'true';
+    if (!isAdminRequest) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+    const authError = requireSessionAuth(request);
+    if (authError) return authError;
+
     const body = await request.json();
     
     // Validate import data structure
@@ -19,13 +25,16 @@ export async function POST(request: NextRequest) {
       errors: [] as string[]
     };
 
+    // Preload existing titles once (avoid O(n^2) DB reads during import)
+    const existingProjectsResult = await projectService.getAllProjects({ limit: 10000 });
+    const existingProjects = existingProjectsResult.projects || existingProjectsResult;
+    const existingTitles = new Set(existingProjects.map(p => p.title));
+
     // Process each project
     for (const projectData of body.projects) {
       try {
         // Check if project already exists (by title)
-        const existingProjectsResult = await projectService.getAllProjects();
-        const existingProjects = existingProjectsResult.projects || existingProjectsResult;
-        const exists = existingProjects.some(p => p.title === projectData.title);
+        const exists = existingTitles.has(projectData.title);
         
         if (exists) {
           results.skipped++;
@@ -68,6 +77,7 @@ export async function POST(request: NextRequest) {
         });
 
         results.imported++;
+        existingTitles.add(projectData.title);
       } catch (error) {
         results.skipped++;
         results.errors.push(`Failed to import "${projectData.title}": ${error instanceof Error ? error.message : 'Unknown error'}`);