feat: secure and document book reviews system

Added rate limiting to APIs, cleaned up docs, implemented fallback logic for reviews without text, and added comprehensive n8n guide.
2026-02-15 22:32:49 +01:00
parent 0766b46cc8
commit 6998a0e7a1
22 changed files with 3141 additions and 4135 deletions
--- a/app/api/book-reviews/route.ts
+++ b/app/api/book-reviews/route.ts
@@ -1,5 +1,6 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { getBookReviews } from '@/lib/directus';
+import { checkRateLimit, getClientIp } from '@/lib/auth';

 export const runtime = 'nodejs';
 export const dynamic = 'force-dynamic';
@@ -13,6 +14,12 @@ export const dynamic = 'force-dynamic';
 *   - locale: en or de (default: en)
 */
 export async function GET(request: NextRequest) {
+  // Rate Limit: 60 requests per minute
+  const ip = getClientIp(request);
+  if (!checkRateLimit(ip, 60, 60000)) {
+    return NextResponse.json({ error: 'Rate limit exceeded' }, { status: 429 });
+  }
+
  try {
    const { searchParams } = new URL(request.url);
    const locale = searchParams.get('locale') || 'en';