feat(auth): implement session token creation and verification for enhanced security

feat(api): require session authentication for admin routes and improve error handling

fix(api): streamline project image generation by fetching data directly from the database

fix(api): optimize project import/export functionality with session validation and improved error handling

fix(api): enhance analytics dashboard and email manager with session token for admin requests

fix(components): improve loading states and dynamic imports for better user experience

chore(security): update Content Security Policy to avoid unsafe-eval in production

chore(deps): update package.json scripts for consistent environment handling in linting and testing

app/api/projects/route.ts

@@ -30,8 +30,10 @@ export async function GET(request: NextRequest) {
       }
     }
     const { searchParams } = new URL(request.url);
-    const page = parseInt(searchParams.get('page') || '1');
-    const limit = parseInt(searchParams.get('limit') || '50');
+    const pageRaw = parseInt(searchParams.get('page') || '1');
+    const limitRaw = parseInt(searchParams.get('limit') || '50');
+    const page = Number.isFinite(pageRaw) && pageRaw > 0 ? pageRaw : 1;
+    const limit = Number.isFinite(limitRaw) && limitRaw > 0 && limitRaw <= 200 ? limitRaw : 50;
     const category = searchParams.get('category');
     const featured = searchParams.get('featured');
     const published = searchParams.get('published');
@@ -145,6 +147,8 @@ export async function POST(request: NextRequest) {
         { status: 403 }
       );
     }
+    const authError = requireSessionAuth(request);
+    if (authError) return authError;
 
     const data = await request.json();