🚀 Complete Production Setup

✨ Features: - Analytics Dashboard with real-time metrics - Redis caching for performance optimization - Import/Export functionality for projects - Complete admin system with security - Production-ready Docker setup 🔧 Technical: - Removed Ghost CMS dependencies - Added Redis container with caching - Implemented API response caching - Enhanced admin interface with analytics - Optimized for dk0.dev domain 🛡️ Security: - Admin authentication with Basic Auth - Protected analytics endpoints - Secure environment configuration 📊 Analytics: - Performance metrics dashboard - Project statistics visualization - Real-time data with caching - Umami integration for GDPR compliance 🎯 Production Ready: - Multi-container Docker setup - Health checks for all services - Automatic restart policies - Resource limits configured - Ready for Nginx Proxy Manager
2025-09-05 21:35:54 +00:00
parent c736f860aa
commit 9835bb810d
19 changed files with 1386 additions and 45 deletions
--- a/middleware.ts
+++ b/middleware.ts
@@ -4,10 +4,44 @@ import type { NextRequest } from 'next/server';
 export function middleware(request: NextRequest) {
  // Allow email and projects API routes without authentication
  if (request.nextUrl.pathname.startsWith('/api/email/') || 
-      request.nextUrl.pathname.startsWith('/api/projects/')) {
+      request.nextUrl.pathname.startsWith('/api/projects/') ||
+      request.nextUrl.pathname.startsWith('/api/analytics/') ||
+      request.nextUrl.pathname.startsWith('/api/health')) {
    return NextResponse.next();
  }

+  // Protect admin routes
+  if (request.nextUrl.pathname.startsWith('/admin')) {
+    const authHeader = request.headers.get('authorization');
+    const basicAuth = process.env.ADMIN_BASIC_AUTH;
+    
+    if (!basicAuth) {
+      return new NextResponse('Admin access not configured', { status: 500 });
+    }
+
+    if (!authHeader || !authHeader.startsWith('Basic ')) {
+      return new NextResponse('Authentication required', {
+        status: 401,
+        headers: {
+          'WWW-Authenticate': 'Basic realm="Admin Area"',
+        },
+      });
+    }
+
+    const credentials = authHeader.split(' ')[1];
+    const [username, password] = Buffer.from(credentials, 'base64').toString().split(':');
+    const [expectedUsername, expectedPassword] = basicAuth.split(':');
+
+    if (username !== expectedUsername || password !== expectedPassword) {
+      return new NextResponse('Invalid credentials', {
+        status: 401,
+        headers: {
+          'WWW-Authenticate': 'Basic realm="Admin Area"',
+        },
+      });
+    }
+  }
+
  // For all other routes, continue with normal processing
  return NextResponse.next();
 }
@@ -18,10 +52,12 @@ export const config = {
     * Match all request paths except for the ones starting with:
     * - api/email (email API routes)
     * - api/projects (projects API routes)
+     * - api/analytics (analytics API routes)
+     * - api/health (health check)
     * - _next/static (static files)
     * - _next/image (image optimization files)
     * - favicon.ico (favicon file)
     */
-    '/((?!api/email|api/projects|_next/static|_next/image|favicon.ico).*)',
+    '/((?!api/email|api/projects|api/analytics|api/health|_next/static|_next/image|favicon.ico).*)',
  ],
-};
+};