denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: enhance security and performance in configuration and API routes

Browse Source 
- Update Content Security Policy (CSP) in next.config.ts to avoid `unsafe-eval` in production, improving security against XSS attacks.
- Refactor API routes to enforce admin authentication and session validation, ensuring secure access to sensitive endpoints.
- Optimize analytics data retrieval by using database aggregation instead of loading all records into memory, improving performance and reducing memory usage.
- Implement session token creation and verification for better session management and security across the application.
- Enhance error handling and input validation in various API routes to ensure robustness and prevent potential issues.
This commit is contained in:
denshooter
2026-01-11 22:44:26 +01:00
parent 9cc03bc475
commit 9072faae43
28 changed files with 433 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/api/projects/route.ts
View File

@@ -30,8 +30,10 @@ export async function GET(request: NextRequest) {
}
}
const { searchParams } = new URL(request.url);
const page = parseInt(searchParams.get('page') || '1');
const limit = parseInt(searchParams.get('limit') || '50');
const pageRaw = parseInt(searchParams.get('page') || '1');
const limitRaw = parseInt(searchParams.get('limit') || '50');
const page = Number.isFinite(pageRaw) && pageRaw > 0 ? pageRaw : 1;
const limit = Number.isFinite(limitRaw) && limitRaw > 0 && limitRaw <= 200 ? limitRaw : 50;
const category = searchParams.get('category');
const featured = searchParams.get('featured');
const published = searchParams.get('published');
@@ -145,6 +147,8 @@ export async function POST(request: NextRequest) {
{ status: 403 }
);
}
const authError = requireSessionAuth(request);
if (authError) return authError;
const data = await request.json();