refactor: enhance security and performance in configuration and API routes

- Update Content Security Policy (CSP) in next.config.ts to avoid `unsafe-eval` in production, improving security against XSS attacks.
- Refactor API routes to enforce admin authentication and session validation, ensuring secure access to sensitive endpoints.
- Optimize analytics data retrieval by using database aggregation instead of loading all records into memory, improving performance and reducing memory usage.
- Implement session token creation and verification for better session management and security across the application.
- Enhance error handling and input validation in various API routes to ensure robustness and prevent potential issues.

components/ImportExport.tsx

@@ -23,7 +23,13 @@ export default function ImportExport() {
   const handleExport = async () => {
     setIsExporting(true);
     try {
-      const response = await fetch('/api/projects/export');
+      const sessionToken = sessionStorage.getItem('admin_session_token') || '';
+      const response = await fetch('/api/projects/export', {
+        headers: {
+          'x-admin-request': 'true',
+          'x-session-token': sessionToken,
+        }
+      });
       if (!response.ok) throw new Error('Export failed');
       
       const blob = await response.blob();
@@ -63,9 +69,14 @@ export default function ImportExport() {
       const text = await file.text();
       const data = JSON.parse(text);
       
+      const sessionToken = sessionStorage.getItem('admin_session_token') || '';
       const response = await fetch('/api/projects/import', {
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: {
+          'Content-Type': 'application/json',
+          'x-admin-request': 'true',
+          'x-session-token': sessionToken,
+        },
         body: JSON.stringify(data)
       });