denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: enhance security and performance in configuration and API routes

Browse Source 
- Update Content Security Policy (CSP) in next.config.ts to avoid `unsafe-eval` in production, improving security against XSS attacks.
- Refactor API routes to enforce admin authentication and session validation, ensuring secure access to sensitive endpoints.
- Optimize analytics data retrieval by using database aggregation instead of loading all records into memory, improving performance and reducing memory usage.
- Implement session token creation and verification for better session management and security across the application.
- Enhance error handling and input validation in various API routes to ensure robustness and prevent potential issues.
This commit is contained in:
denshooter
2026-01-11 22:44:26 +01:00
parent 9cc03bc475
commit 9072faae43
28 changed files with 433 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/api/projects/export/route.ts
View File

@@ -1,8 +1,14 @@
import { NextResponse } from 'next/server';
import { NextRequest, NextResponse } from 'next/server';
import { projectService } from '@/lib/prisma';
import { requireSessionAuth } from '@/lib/auth';
export async function GET() {
export async function GET(request: NextRequest) {
try {
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
const authError = requireSessionAuth(request);
if (authError) return authError;
// Get all projects with full data
const projectsResult = await projectService.getAllProjects();
const projects = projectsResult.projects || projectsResult;