denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

full upgrade to dev

Browse Source
This commit is contained in:
denshooter
2026-01-07 14:30:00 +01:00
parent 4dc727fcd6
commit 26a8610aa7
34 changed files with 6890 additions and 920 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
middleware.ts
View File

@@ -1,37 +1,31 @@
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
import { verifySessionAuth } from '@/lib/auth';
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
import { verifySessionAuth } from "@/lib/auth";
export function middleware(request: NextRequest) {
// For /manage and /editor routes, require authentication
if (request.nextUrl.pathname.startsWith('/manage') ||
request.nextUrl.pathname.startsWith('/editor')) {
// Check for session authentication
if (!verifySessionAuth(request)) {
// Redirect to home page if not authenticated
const url = request.nextUrl.clone();
url.pathname = '/';
return NextResponse.redirect(url);
}
}
// For /manage and /editor routes, the pages handle their own authentication
// No middleware redirect needed - let the pages show login forms
// Add security headers to all responses
const response = NextResponse.next();
// Security headers (complementing next.config.ts headers)
response.headers.set('X-DNS-Prefetch-Control', 'on');
response.headers.set('X-Frame-Options', 'DENY');
response.headers.set('X-Content-Type-Options', 'nosniff');
response.headers.set('X-XSS-Protection', '1; mode=block');
response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
response.headers.set('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
response.headers.set("X-DNS-Prefetch-Control", "on");
response.headers.set("X-Frame-Options", "DENY");
response.headers.set("X-Content-Type-Options", "nosniff");
response.headers.set("X-XSS-Protection", "1; mode=block");
response.headers.set("Referrer-Policy", "strict-origin-when-cross-origin");
response.headers.set(
"Permissions-Policy",
"camera=(), microphone=(), geolocation=()",
);
// Rate limiting headers for API routes
if (request.nextUrl.pathname.startsWith('/api/')) {
response.headers.set('X-RateLimit-Limit', '100');
response.headers.set('X-RateLimit-Remaining', '99');
if (request.nextUrl.pathname.startsWith("/api/")) {
response.headers.set("X-RateLimit-Limit", "100");
response.headers.set("X-RateLimit-Remaining", "99");
}
return response;
}
@@ -46,6 +40,6 @@ export const config = {
* - favicon.ico (favicon file)
* - api/auth (auth API routes - need to be processed)
*/
'/((?!api/email|api/health|_next/static|_next/image|favicon.ico|api/auth).*)',
"/((?!api/email|api/health|_next/static|_next/image|favicon.ico|api/auth).*)",
],
};
};