denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧 Update Admin Dashboard and Authentication Flow

Browse Source 
 Updated Admin Dashboard URL:
- Changed the Admin Dashboard access path from `/admin` to `/manage` in multiple files for consistency.

 Enhanced Middleware Authentication:
- Updated middleware to protect new admin routes including `/manage` and `/dashboard`.

 Implemented CSRF Protection:
- Added CSRF token generation and validation for login and session validation routes.

 Introduced Rate Limiting:
- Added rate limiting for admin routes and CSRF token requests to enhance security.

 Refactored Admin Page:
- Created a new admin management page with improved authentication handling and user feedback.

🎯 Overall Improvements:
- Strengthened security measures for admin access.
- Improved user experience with clearer navigation and feedback.
- Streamlined authentication processes for better performance.
This commit is contained in:
denshooter
2025-09-08 09:38:01 +02:00
parent 087f3dc5e3
commit 0ae1883cf4
15 changed files with 862 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/api/projects/route.ts
View File

@@ -1,9 +1,33 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';
import { apiCache } from '@/lib/cache';
import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
export async function GET(request: NextRequest) {
try {
// Rate limiting
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
if (!checkRateLimit(ip, 10, 60000)) { // 10 requests per minute
return new NextResponse(
JSON.stringify({ error: 'Rate limit exceeded' }),
{
status: 429,
headers: {
'Content-Type': 'application/json',
...getRateLimitHeaders(ip, 10, 60000)
}
}
);
}
// Check admin authentication for admin endpoints
const url = new URL(request.url);
if (url.pathname.includes('/manage') || request.headers.get('x-admin-request') === 'true') {
const authError = requireAdminAuth(request);
if (authError) {
return authError;
}
}
const { searchParams } = new URL(request.url);
const page = parseInt(searchParams.get('page') || '1');
const limit = parseInt(searchParams.get('limit') || '50');