denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧 Update Admin Dashboard and Authentication Flow

Browse Source 
 Updated Admin Dashboard URL:
- Changed the Admin Dashboard access path from `/admin` to `/manage` in multiple files for consistency.

 Enhanced Middleware Authentication:
- Updated middleware to protect new admin routes including `/manage` and `/dashboard`.

 Implemented CSRF Protection:
- Added CSRF token generation and validation for login and session validation routes.

 Introduced Rate Limiting:
- Added rate limiting for admin routes and CSRF token requests to enhance security.

 Refactored Admin Page:
- Created a new admin management page with improved authentication handling and user feedback.

🎯 Overall Improvements:
- Strengthened security measures for admin access.
- Improved user experience with clearer navigation and feedback.
- Streamlined authentication processes for better performance.
This commit is contained in:
denshooter
2025-09-08 09:38:01 +02:00
parent 087f3dc5e3
commit 0ae1883cf4
15 changed files with 862 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
middleware.ts
View File

@@ -2,19 +2,15 @@ import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
export function middleware(request: NextRequest) {
// Allow email and projects API routes without authentication
if (request.nextUrl.pathname.startsWith('/api/email/') ||
request.nextUrl.pathname.startsWith('/api/projects/') ||
request.nextUrl.pathname.startsWith('/api/analytics/') ||
request.nextUrl.pathname.startsWith('/api/health')) {
return NextResponse.next();
}
// Protect admin routes
if (request.nextUrl.pathname.startsWith('/admin')) {
if (request.nextUrl.pathname.startsWith('/admin') ||
request.nextUrl.pathname.startsWith('/dashboard') ||
request.nextUrl.pathname.startsWith('/manage') ||
request.nextUrl.pathname.startsWith('/control')) {
const authHeader = request.headers.get('authorization');
const basicAuth = process.env.ADMIN_BASIC_AUTH;
if (!basicAuth) {
return new NextResponse('Admin access not configured', { status: 500 });
}
@@ -51,13 +47,12 @@ export const config = {
/*
* Match all request paths except for the ones starting with:
* - api/email (email API routes)
* - api/projects (projects API routes)
* - api/analytics (analytics API routes)
* - api/health (health check)
* - _next/static (static files)
* - _next/image (image optimization files)
* - favicon.ico (favicon file)
* - api/auth (auth API routes - need to be processed)
*/
'/((?!api/email|api/projects|api/analytics|api/health|_next/static|_next/image|favicon.ico).*)',
'/((?!api/email|api/health|_next/static|_next/image|favicon.ico|api/auth).*)',
],
};