feat(auth): implement session token creation and verification for enhanced security

feat(api): require session authentication for admin routes and improve error handling fix(api): streamline project image generation by fetching data directly from the database fix(api): optimize project import/export functionality with session validation and improved error handling fix(api): enhance analytics dashboard and email manager with session token for admin requests fix(components): improve loading states and dynamic imports for better user experience chore(security): update Content Security Policy to avoid unsafe-eval in production chore(deps): update package.json scripts for consistent environment handling in linting and testing
2026-01-12 00:27:03 +01:00
parent 9cc03bc475
commit 0349c686fa
25 changed files with 423 additions and 268 deletions
--- a/components/EmailManager.tsx
+++ b/components/EmailManager.tsx
@@ -42,9 +42,11 @@ export const EmailManager: React.FC = () => {
  const loadMessages = async () => {
    try {
      setIsLoading(true);
+      const sessionToken = sessionStorage.getItem('admin_session_token') || '';
      const response = await fetch('/api/contacts', {
        headers: {
-          'x-admin-request': 'true'
+          'x-admin-request': 'true',
+          'x-session-token': sessionToken
        }
      });
      
@@ -100,10 +102,13 @@ export const EmailManager: React.FC = () => {
    if (!selectedMessage || !replyContent.trim()) return;
    
    try {
+      const sessionToken = sessionStorage.getItem('admin_session_token') || '';
      const response = await fetch('/api/email/respond', {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
+          'x-admin-request': 'true',
+          'x-session-token': sessionToken,
        },
        body: JSON.stringify({
          to: selectedMessage.email,