denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Website-Rework mit verbessertem Design, Sicherheit und Deployment

Browse Source 
- Neue About/Skills-Sektion hinzugefügt
- Verbesserte UI/UX für alle Komponenten
- Enhanced Contact Form mit Validierung
- Verbesserte Security Headers und Middleware
- Sichere Deployment-Skripte (safe-deploy.sh)
- Zero-Downtime Deployment Support
- Verbesserte Docker-Sicherheit
- Umfassende Sicherheits-Dokumentation
- Performance-Optimierungen
- Accessibility-Verbesserungen
This commit is contained in:
denshooter
2025-11-22 19:24:49 +01:00
parent 498bec6edf
commit 976a6360fd
17 changed files with 1585 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
middleware.ts
View File

@@ -1,16 +1,38 @@
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
import { verifySessionAuth } from '@/lib/auth';
export function middleware(request: NextRequest) {
// For /manage and /editor routes, allow direct access (authentication disabled)
// For /manage and /editor routes, require authentication
if (request.nextUrl.pathname.startsWith('/manage') ||
request.nextUrl.pathname.startsWith('/editor')) {
// Allow direct access without authentication
return NextResponse.next();
// Check for session authentication
if (!verifySessionAuth(request)) {
// Redirect to home page if not authenticated
const url = request.nextUrl.clone();
url.pathname = '/';
return NextResponse.redirect(url);
}
}
// For all other routes, continue with normal processing
return NextResponse.next();
// Add security headers to all responses
const response = NextResponse.next();
// Security headers (complementing next.config.ts headers)
response.headers.set('X-DNS-Prefetch-Control', 'on');
response.headers.set('X-Frame-Options', 'DENY');
response.headers.set('X-Content-Type-Options', 'nosniff');
response.headers.set('X-XSS-Protection', '1; mode=block');
response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
response.headers.set('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
// Rate limiting headers for API routes
if (request.nextUrl.pathname.startsWith('/api/')) {
response.headers.set('X-RateLimit-Limit', '100');
response.headers.set('X-RateLimit-Remaining', '99');
}
return response;
}
export const config = {