diff --git a/DEV-SETUP.md b/DEV-SETUP.md index 1badacc..8cb5710 100644 --- a/DEV-SETUP.md +++ b/DEV-SETUP.md @@ -47,7 +47,7 @@ This starts only the Next.js development server without Docker services. Use thi ### 3. Access Services - **Portfolio**: http://localhost:3000 -- **Admin Dashboard**: http://localhost:3000/admin +- **Admin Dashboard**: http://localhost:3000/manage - **PostgreSQL**: localhost:5432 - **Redis**: localhost:6379 @@ -235,5 +235,5 @@ The production environment uses the production Docker Compose configuration. ## 🔗 Links - **Portfolio**: https://dk0.dev -- **Admin**: https://dk0.dev/admin +- **Admin**: https://dk0.dev/manage - **GitHub**: https://github.com/denniskonkol/portfolio diff --git a/README.md b/README.md index a37651f..17babc9 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ npm run start # Production Server ## 🌐 URLs - **Portfolio**: http://localhost:3000 -- **Admin Dashboard**: http://localhost:3000/admin +- **Admin Dashboard**: http://localhost:3000/manage - **PostgreSQL**: localhost:5432 - **Redis**: localhost:6379 @@ -54,5 +54,5 @@ npm run start # Production Server ## 🔗 Links - **Live Portfolio**: https://dk0.dev -- **Admin Dashboard**: https://dk0.dev/admin +- **Admin Dashboard**: https://dk0.dev/manage - **GitHub**: https://github.com/denniskonkol/portfolio diff --git a/app/__tests__/components/Toast.test.tsx b/app/__tests__/components/Toast.test.tsx new file mode 100644 index 0000000..2084bd3 --- /dev/null +++ b/app/__tests__/components/Toast.test.tsx @@ -0,0 +1,34 @@ +import React from 'react'; +import { render, screen } from '@testing-library/react'; +import '@testing-library/jest-dom'; +import { ToastProvider } from '@/components/Toast'; + +// Simple test component +const TestComponent = () => { + return ( +
+

Toast Test

+
+ ); +}; + +const renderWithToast = (component: React.ReactElement) => { + return render( + + {component} + + ); +}; + +describe('Toast Component', () => { + it('renders ToastProvider without crashing', () => { + renderWithToast(); + expect(screen.getByText('Toast Test')).toBeInTheDocument(); + }); + + it('provides toast context', () => { + // Simple test to ensure the provider works + const { container } = renderWithToast(); + expect(container).toBeInTheDocument(); + }); +}); diff --git a/app/admin/page.tsx b/app/admin/page.tsx deleted file mode 100644 index bac1b11..0000000 --- a/app/admin/page.tsx +++ /dev/null @@ -1,9 +0,0 @@ -"use client"; - -import ModernAdminDashboard from '@/components/ModernAdminDashboard'; - -const AdminPage = () => { - return ; -}; - -export default AdminPage; \ No newline at end of file diff --git a/app/api/analytics/dashboard/route.ts b/app/api/analytics/dashboard/route.ts index 6083264..59cea5b 100644 --- a/app/api/analytics/dashboard/route.ts +++ b/app/api/analytics/dashboard/route.ts @@ -1,27 +1,33 @@ import { NextRequest, NextResponse } from 'next/server'; import { projectService } from '@/lib/prisma'; import { analyticsCache } from '@/lib/redis'; +import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth'; export async function GET(request: NextRequest) { try { - // Check admin authentication - const authHeader = request.headers.get('authorization'); - const basicAuth = process.env.ADMIN_BASIC_AUTH; - - if (!basicAuth) { - return new NextResponse('Admin access not configured', { status: 500 }); + // Rate limiting - more generous for admin dashboard + const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown'; + if (!checkRateLimit(ip, 20, 60000)) { // 20 requests per minute + return new NextResponse( + JSON.stringify({ error: 'Rate limit exceeded' }), + { + status: 429, + headers: { + 'Content-Type': 'application/json', + ...getRateLimitHeaders(ip, 5, 60000) + } + } + ); } - if (!authHeader || !authHeader.startsWith('Basic ')) { - return new NextResponse('Authentication required', { status: 401 }); - } - - const credentials = authHeader.split(' ')[1]; - const [username, password] = Buffer.from(credentials, 'base64').toString().split(':'); - const [expectedUsername, expectedPassword] = basicAuth.split(':'); - - if (username !== expectedUsername || password !== expectedPassword) { - return new NextResponse('Invalid credentials', { status: 401 }); + // Check admin authentication - for admin dashboard requests, we trust the session + // The middleware has already verified the admin session for /manage routes + const isAdminRequest = request.headers.get('x-admin-request') === 'true'; + if (!isAdminRequest) { + const authError = requireAdminAuth(request); + if (authError) { + return authError; + } } // Check cache first diff --git a/app/api/analytics/performance/route.ts b/app/api/analytics/performance/route.ts index 2f845c2..4a644b6 100644 --- a/app/api/analytics/performance/route.ts +++ b/app/api/analytics/performance/route.ts @@ -1,26 +1,16 @@ import { NextRequest, NextResponse } from 'next/server'; import { prisma } from '@/lib/prisma'; +import { requireAdminAuth } from '@/lib/auth'; export async function GET(request: NextRequest) { try { - // Check admin authentication - const authHeader = request.headers.get('authorization'); - const basicAuth = process.env.ADMIN_BASIC_AUTH; - - if (!basicAuth) { - return new NextResponse('Admin access not configured', { status: 500 }); - } - - if (!authHeader || !authHeader.startsWith('Basic ')) { - return new NextResponse('Authentication required', { status: 401 }); - } - - const credentials = authHeader.split(' ')[1]; - const [username, password] = Buffer.from(credentials, 'base64').toString().split(':'); - const [expectedUsername, expectedPassword] = basicAuth.split(':'); - - if (username !== expectedUsername || password !== expectedPassword) { - return new NextResponse('Invalid credentials', { status: 401 }); + // Check admin authentication - for admin dashboard requests, we trust the session + const isAdminRequest = request.headers.get('x-admin-request') === 'true'; + if (!isAdminRequest) { + const authError = requireAdminAuth(request); + if (authError) { + return authError; + } } // Get performance data from database diff --git a/app/api/analytics/reset/route.ts b/app/api/analytics/reset/route.ts new file mode 100644 index 0000000..0b0a49c --- /dev/null +++ b/app/api/analytics/reset/route.ts @@ -0,0 +1,199 @@ +import { NextRequest, NextResponse } from 'next/server'; +import { prisma } from '@/lib/prisma'; +import { analyticsCache } from '@/lib/redis'; +import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth'; + +export async function POST(request: NextRequest) { + try { + // Rate limiting + const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown'; + if (!checkRateLimit(ip, 3, 300000)) { // 3 requests per 5 minutes - more restrictive for reset + return new NextResponse( + JSON.stringify({ error: 'Rate limit exceeded' }), + { + status: 429, + headers: { + 'Content-Type': 'application/json', + ...getRateLimitHeaders(ip, 3, 300000) + } + } + ); + } + + // Check admin authentication + const isAdminRequest = request.headers.get('x-admin-request') === 'true'; + if (!isAdminRequest) { + const authError = requireAdminAuth(request); + if (authError) { + return authError; + } + } + + const { type } = await request.json(); + + switch (type) { + case 'analytics': + // Reset all project analytics + await prisma.project.updateMany({ + data: { + analytics: { + views: 0, + likes: 0, + shares: 0, + comments: 0, + bookmarks: 0, + clickThroughs: 0, + bounceRate: 0, + avgTimeOnPage: 0, + uniqueVisitors: 0, + returningVisitors: 0, + conversionRate: 0, + socialShares: { + twitter: 0, + linkedin: 0, + facebook: 0, + github: 0 + }, + deviceStats: { + mobile: 0, + desktop: 0, + tablet: 0 + }, + locationStats: {}, + referrerStats: {}, + lastUpdated: new Date().toISOString() + } + } + }); + break; + + case 'pageviews': + // Clear PageView table + await prisma.pageView.deleteMany({}); + break; + + case 'interactions': + // Clear UserInteraction table + await prisma.userInteraction.deleteMany({}); + break; + + case 'performance': + // Reset performance metrics + await prisma.project.updateMany({ + data: { + performance: { + lighthouse: 0, + loadTime: 0, + firstContentfulPaint: 0, + largestContentfulPaint: 0, + cumulativeLayoutShift: 0, + totalBlockingTime: 0, + speedIndex: 0, + accessibility: 0, + bestPractices: 0, + seo: 0, + performanceScore: 0, + mobileScore: 0, + desktopScore: 0, + coreWebVitals: { + lcp: 0, + fid: 0, + cls: 0 + }, + lastUpdated: new Date().toISOString() + } + } + }); + break; + + case 'all': + // Reset everything + await Promise.all([ + // Reset analytics + prisma.project.updateMany({ + data: { + analytics: { + views: 0, + likes: 0, + shares: 0, + comments: 0, + bookmarks: 0, + clickThroughs: 0, + bounceRate: 0, + avgTimeOnPage: 0, + uniqueVisitors: 0, + returningVisitors: 0, + conversionRate: 0, + socialShares: { + twitter: 0, + linkedin: 0, + facebook: 0, + github: 0 + }, + deviceStats: { + mobile: 0, + desktop: 0, + tablet: 0 + }, + locationStats: {}, + referrerStats: {}, + lastUpdated: new Date().toISOString() + } + } + }), + // Reset performance + prisma.project.updateMany({ + data: { + performance: { + lighthouse: 0, + loadTime: 0, + firstContentfulPaint: 0, + largestContentfulPaint: 0, + cumulativeLayoutShift: 0, + totalBlockingTime: 0, + speedIndex: 0, + accessibility: 0, + bestPractices: 0, + seo: 0, + performanceScore: 0, + mobileScore: 0, + desktopScore: 0, + coreWebVitals: { + lcp: 0, + fid: 0, + cls: 0 + }, + lastUpdated: new Date().toISOString() + } + } + }), + // Clear tracking tables + prisma.pageView.deleteMany({}), + prisma.userInteraction.deleteMany({}) + ]); + break; + + default: + return NextResponse.json( + { error: 'Invalid reset type. Use: analytics, pageviews, interactions, performance, or all' }, + { status: 400 } + ); + } + + // Clear cache + await analyticsCache.clearAll(); + + return NextResponse.json({ + success: true, + message: `Successfully reset ${type} data`, + timestamp: new Date().toISOString() + }); + + } catch (error) { + console.error('Analytics reset error:', error); + return NextResponse.json( + { error: 'Failed to reset analytics data' }, + { status: 500 } + ); + } +} diff --git a/app/api/auth/csrf/route.ts b/app/api/auth/csrf/route.ts new file mode 100644 index 0000000..40dc59f --- /dev/null +++ b/app/api/auth/csrf/route.ts @@ -0,0 +1,55 @@ +import { NextRequest, NextResponse } from 'next/server'; + +// Generate CSRF token +async function generateCSRFToken(): Promise { + const crypto = await import('crypto'); + return crypto.randomBytes(32).toString('hex'); +} + +export async function GET(request: NextRequest) { + try { + // Rate limiting for CSRF token requests + const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown'; + const now = Date.now(); + + // Simple in-memory rate limiting for CSRF tokens (in production, use Redis) + const key = `csrf_${ip}`; + const rateLimitMap = (global as unknown as Record>).csrfRateLimit || ((global as unknown as Record>).csrfRateLimit = new Map()); + + const current = rateLimitMap.get(key); + if (current && now - current.timestamp < 60000) { // 1 minute + if (current.count >= 10) { + return new NextResponse( + JSON.stringify({ error: 'Rate limit exceeded for CSRF tokens' }), + { status: 429, headers: { 'Content-Type': 'application/json' } } + ); + } + current.count++; + } else { + rateLimitMap.set(key, { count: 1, timestamp: now }); + } + + const csrfToken = await generateCSRFToken(); + + return new NextResponse( + JSON.stringify({ csrfToken }), + { + status: 200, + headers: { + 'Content-Type': 'application/json', + 'X-Content-Type-Options': 'nosniff', + 'X-Frame-Options': 'DENY', + 'X-XSS-Protection': '1; mode=block', + 'Cache-Control': 'no-store, no-cache, must-revalidate, proxy-revalidate', + 'Pragma': 'no-cache', + 'Expires': '0' + } + } + ); + } catch { + return new NextResponse( + JSON.stringify({ error: 'Internal server error' }), + { status: 500, headers: { 'Content-Type': 'application/json' } } + ); + } +} diff --git a/app/api/auth/login/route.ts b/app/api/auth/login/route.ts new file mode 100644 index 0000000..d6669ed --- /dev/null +++ b/app/api/auth/login/route.ts @@ -0,0 +1,91 @@ +import { NextRequest, NextResponse } from 'next/server'; +import { checkRateLimit, getRateLimitHeaders } from '@/lib/auth'; + +export async function POST(request: NextRequest) { + try { + // Rate limiting + const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown'; + if (!checkRateLimit(ip, 5, 60000)) { // 5 login attempts per minute + return new NextResponse( + JSON.stringify({ error: 'Rate limit exceeded' }), + { + status: 429, + headers: { + 'Content-Type': 'application/json', + ...getRateLimitHeaders(ip, 5, 60000) + } + } + ); + } + + const { password, csrfToken } = await request.json(); + + if (!password) { + return new NextResponse( + JSON.stringify({ error: 'Password required' }), + { status: 400, headers: { 'Content-Type': 'application/json' } } + ); + } + + // CSRF Protection + const expectedCSRF = request.headers.get('x-csrf-token'); + if (!csrfToken || !expectedCSRF || csrfToken !== expectedCSRF) { + return new NextResponse( + JSON.stringify({ error: 'CSRF token validation failed' }), + { status: 403, headers: { 'Content-Type': 'application/json' } } + ); + } + + // Get admin credentials from environment + const adminAuth = process.env.ADMIN_BASIC_AUTH || 'admin:default_password_change_me'; + const [, expectedPassword] = adminAuth.split(':'); + + // Secure password comparison + if (password === expectedPassword) { + // Generate cryptographically secure session token + const timestamp = Date.now(); + const crypto = await import('crypto'); + const randomBytes = crypto.randomBytes(32); + const randomString = randomBytes.toString('hex'); + + // Create session data + const sessionData = { + timestamp, + random: randomString, + ip: ip, + userAgent: request.headers.get('user-agent') || 'unknown' + }; + + // Encrypt session data + const sessionJson = JSON.stringify(sessionData); + const sessionToken = btoa(sessionJson); + + return new NextResponse( + JSON.stringify({ + success: true, + message: 'Login successful', + sessionToken + }), + { + status: 200, + headers: { + 'Content-Type': 'application/json', + 'X-Content-Type-Options': 'nosniff', + 'X-Frame-Options': 'DENY', + 'X-XSS-Protection': '1; mode=block' + } + } + ); + } else { + return new NextResponse( + JSON.stringify({ error: 'Invalid password' }), + { status: 401, headers: { 'Content-Type': 'application/json' } } + ); + } + } catch { + return new NextResponse( + JSON.stringify({ error: 'Internal server error' }), + { status: 500, headers: { 'Content-Type': 'application/json' } } + ); + } +} diff --git a/app/api/auth/validate/route.ts b/app/api/auth/validate/route.ts new file mode 100644 index 0000000..117649a --- /dev/null +++ b/app/api/auth/validate/route.ts @@ -0,0 +1,93 @@ +import { NextRequest, NextResponse } from 'next/server'; + +export async function POST(request: NextRequest) { + try { + const { sessionToken, csrfToken } = await request.json(); + + if (!sessionToken) { + return new NextResponse( + JSON.stringify({ valid: false, error: 'No session token provided' }), + { status: 400, headers: { 'Content-Type': 'application/json' } } + ); + } + + // CSRF Protection + const expectedCSRF = request.headers.get('x-csrf-token'); + if (!csrfToken || !expectedCSRF || csrfToken !== expectedCSRF) { + return new NextResponse( + JSON.stringify({ valid: false, error: 'CSRF token validation failed' }), + { status: 403, headers: { 'Content-Type': 'application/json' } } + ); + } + + // Decode and validate session token + try { + const decodedJson = atob(sessionToken); + const sessionData = JSON.parse(decodedJson); + + // Validate session data structure + if (!sessionData.timestamp || !sessionData.random || !sessionData.ip || !sessionData.userAgent) { + return new NextResponse( + JSON.stringify({ valid: false, error: 'Invalid session token structure' }), + { status: 401, headers: { 'Content-Type': 'application/json' } } + ); + } + + // Check if session is still valid (2 hours) + const sessionTime = sessionData.timestamp; + const now = Date.now(); + const sessionDuration = 2 * 60 * 60 * 1000; // 2 hours + + if (now - sessionTime > sessionDuration) { + return new NextResponse( + JSON.stringify({ valid: false, error: 'Session expired' }), + { status: 401, headers: { 'Content-Type': 'application/json' } } + ); + } + + // Validate IP address (optional, but good security practice) + const currentIp = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown'; + if (sessionData.ip !== currentIp) { + // Log potential session hijacking attempt + console.warn(`Session IP mismatch: expected ${sessionData.ip}, got ${currentIp}`); + return new NextResponse( + JSON.stringify({ valid: false, error: 'Session validation failed' }), + { status: 401, headers: { 'Content-Type': 'application/json' } } + ); + } + + // Validate User-Agent (optional) + const currentUserAgent = request.headers.get('user-agent') || 'unknown'; + if (sessionData.userAgent !== currentUserAgent) { + console.warn(`Session User-Agent mismatch`); + return new NextResponse( + JSON.stringify({ valid: false, error: 'Session validation failed' }), + { status: 401, headers: { 'Content-Type': 'application/json' } } + ); + } + + return new NextResponse( + JSON.stringify({ valid: true, message: 'Session valid' }), + { + status: 200, + headers: { + 'Content-Type': 'application/json', + 'X-Content-Type-Options': 'nosniff', + 'X-Frame-Options': 'DENY', + 'X-XSS-Protection': '1; mode=block' + } + } + ); + } catch { + return new NextResponse( + JSON.stringify({ valid: false, error: 'Invalid session token format' }), + { status: 401, headers: { 'Content-Type': 'application/json' } } + ); + } + } catch { + return new NextResponse( + JSON.stringify({ valid: false, error: 'Internal server error' }), + { status: 500, headers: { 'Content-Type': 'application/json' } } + ); + } +} diff --git a/app/api/email/respond/route.tsx b/app/api/email/respond/route.tsx index b488017..c19963d 100644 --- a/app/api/email/respond/route.tsx +++ b/app/api/email/respond/route.tsx @@ -319,6 +319,98 @@ const emailTemplates = { ` +<<<<<<< HEAD +======= + }, + reply: { + subject: "Antwort auf deine Nachricht 📧", + template: (name: string, originalMessage: string) => ` + + + + + + Antwort - Dennis Konkol + + +
+ + +
+

+ 📧 Hallo ${name}! +

+

+ Hier ist meine Antwort auf deine Nachricht +

+
+ + +
+ + +
+
+
+ 💬 +
+

Meine Antwort

+
+
+

${originalMessage}

+
+
+ + +
+

+ + Deine ursprüngliche Nachricht +

+
+

${originalMessage}

+
+
+ + +
+

Weitere Fragen?

+

+ Falls du weitere Fragen hast oder mehr über meine Projekte erfahren möchtest, zögere nicht, mir zu schreiben! +

+ +
+ +
+ + +
+

+ Dennis Konkoldki.one +

+

+ ${new Date().toLocaleString('de-DE', { + year: 'numeric', + month: 'long', + day: 'numeric', + hour: '2-digit', + minute: '2-digit' + })} +

+
+ +
+ + + ` +>>>>>>> dev } }; @@ -327,7 +419,11 @@ export async function POST(request: NextRequest) { const body = (await request.json()) as { to: string; name: string; +<<<<<<< HEAD template: 'welcome' | 'project' | 'quick'; +======= + template: 'welcome' | 'project' | 'quick' | 'reply'; +>>>>>>> dev originalMessage: string; }; diff --git a/app/api/email/route.tsx b/app/api/email/route.tsx index cb04271..1535415 100644 --- a/app/api/email/route.tsx +++ b/app/api/email/route.tsx @@ -2,6 +2,9 @@ import { type NextRequest, NextResponse } from "next/server"; import nodemailer from "nodemailer"; import SMTPTransport from "nodemailer/lib/smtp-transport"; import Mail from "nodemailer/lib/mailer"; +import { PrismaClient } from '@prisma/client'; + +const prisma = new PrismaClient(); export async function POST(request: NextRequest) { try { @@ -270,6 +273,23 @@ Diese E-Mail wurde automatisch von deinem Portfolio generiert. } } + // Save contact to database + try { + await prisma.contact.create({ + data: { + name, + email, + subject, + message, + responded: false + } + }); + console.log('✅ Contact saved to database'); + } catch (dbError) { + console.error('❌ Error saving contact to database:', dbError); + // Don't fail the email send if DB save fails + } + return NextResponse.json({ message: "E-Mail erfolgreich gesendet", messageId: result diff --git a/app/api/projects/[id]/route.ts b/app/api/projects/[id]/route.ts index ca71642..9134235 100644 --- a/app/api/projects/[id]/route.ts +++ b/app/api/projects/[id]/route.ts @@ -1,5 +1,6 @@ import { NextRequest, NextResponse } from 'next/server'; import { prisma } from '@/lib/prisma'; +import { apiCache } from '@/lib/cache'; export async function GET( request: NextRequest, @@ -35,20 +36,41 @@ export async function PUT( { params }: { params: Promise<{ id: string }> } ) { try { + // Check if this is an admin request + const isAdminRequest = request.headers.get('x-admin-request') === 'true'; + if (!isAdminRequest) { + return NextResponse.json( + { error: 'Admin access required' }, + { status: 403 } + ); + } + const { id: idParam } = await params; const id = parseInt(idParam); const data = await request.json(); + // Remove difficulty field if it exists (since we're removing it) + const { difficulty, ...projectData } = data; + const project = await prisma.project.update({ where: { id }, - data: { ...data, updatedAt: new Date() } + data: { + ...projectData, + updatedAt: new Date(), + // Keep existing difficulty if not provided + ...(difficulty ? { difficulty } : {}) + } }); + // Invalidate cache after successful update + await apiCache.invalidateProject(id); + await apiCache.invalidateAll(); + return NextResponse.json(project); } catch (error) { console.error('Error updating project:', error); return NextResponse.json( - { error: 'Failed to update project' }, + { error: 'Failed to update project', details: error instanceof Error ? error.message : 'Unknown error' }, { status: 500 } ); } @@ -66,6 +88,10 @@ export async function DELETE( where: { id } }); + // Invalidate cache after successful deletion + await apiCache.invalidateProject(id); + await apiCache.invalidateAll(); + return NextResponse.json({ success: true }); } catch (error) { console.error('Error deleting project:', error); diff --git a/app/api/projects/import/route.ts b/app/api/projects/import/route.ts index 16b50f1..e38b953 100644 --- a/app/api/projects/import/route.ts +++ b/app/api/projects/import/route.ts @@ -56,9 +56,9 @@ export async function POST(request: NextRequest) { colorScheme: projectData.colorScheme || 'Dark', accessibility: projectData.accessibility !== false, // Default to true performance: projectData.performance || { - lighthouse: 90, - bundleSize: '50KB', - loadTime: '1.5s' + lighthouse: 0, + bundleSize: '0KB', + loadTime: '0s' }, analytics: projectData.analytics || { views: 0, diff --git a/app/api/projects/route.ts b/app/api/projects/route.ts index 6467033..3ab4c8b 100644 --- a/app/api/projects/route.ts +++ b/app/api/projects/route.ts @@ -1,9 +1,33 @@ import { NextRequest, NextResponse } from 'next/server'; import { prisma } from '@/lib/prisma'; import { apiCache } from '@/lib/cache'; +import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth'; export async function GET(request: NextRequest) { try { + // Rate limiting + const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown'; + if (!checkRateLimit(ip, 10, 60000)) { // 10 requests per minute + return new NextResponse( + JSON.stringify({ error: 'Rate limit exceeded' }), + { + status: 429, + headers: { + 'Content-Type': 'application/json', + ...getRateLimitHeaders(ip, 10, 60000) + } + } + ); + } + + // Check admin authentication for admin endpoints + const url = new URL(request.url); + if (url.pathname.includes('/manage') || request.headers.get('x-admin-request') === 'true') { + const authError = requireAdminAuth(request); + if (authError) { + return authError; + } + } const { searchParams } = new URL(request.url); const page = parseInt(searchParams.get('page') || '1'); const limit = parseInt(searchParams.get('limit') || '50'); @@ -13,8 +37,19 @@ export async function GET(request: NextRequest) { const difficulty = searchParams.get('difficulty'); const search = searchParams.get('search'); + // Create cache parameters object + const cacheParams = { + page: page.toString(), + limit: limit.toString(), + category, + featured, + published, + difficulty, + search + }; + // Check cache first - const cached = await apiCache.getProjects(); + const cached = await apiCache.getProjects(cacheParams); if (cached && !search) { // Don't cache search results return NextResponse.json(cached); } @@ -56,7 +91,7 @@ export async function GET(request: NextRequest) { // Cache the result (only for non-search queries) if (!search) { - await apiCache.setProjects(result); + await apiCache.setProjects(cacheParams, result); } return NextResponse.json(result); @@ -71,12 +106,27 @@ export async function GET(request: NextRequest) { export async function POST(request: NextRequest) { try { + // Check if this is an admin request + const isAdminRequest = request.headers.get('x-admin-request') === 'true'; + if (!isAdminRequest) { + return NextResponse.json( + { error: 'Admin access required' }, + { status: 403 } + ); + } + const data = await request.json(); + // Remove difficulty field if it exists (since we're removing it) + // eslint-disable-next-line @typescript-eslint/no-unused-vars + const { difficulty, ...projectData } = data; + const project = await prisma.project.create({ data: { - ...data, - performance: data.performance || { lighthouse: 90, bundleSize: '50KB', loadTime: '1.5s' }, + ...projectData, + // Set default difficulty since it's required in schema + difficulty: 'INTERMEDIATE', + performance: data.performance || { lighthouse: 0, bundleSize: '0KB', loadTime: '0s' }, analytics: data.analytics || { views: 0, likes: 0, shares: 0 } } }); @@ -88,7 +138,7 @@ export async function POST(request: NextRequest) { } catch (error) { console.error('Error creating project:', error); return NextResponse.json( - { error: 'Failed to create project' }, + { error: 'Failed to create project', details: error instanceof Error ? error.message : 'Unknown error' }, { status: 500 } ); } diff --git a/app/components/Contact.tsx b/app/components/Contact.tsx index 06b0284..d968927 100644 --- a/app/components/Contact.tsx +++ b/app/components/Contact.tsx @@ -2,7 +2,7 @@ import { useState, useEffect } from 'react'; import { motion } from 'framer-motion'; -import { Mail, Phone, MapPin, Send } from 'lucide-react'; +import { Mail, MapPin, Send } from 'lucide-react'; import { useToast } from '@/components/Toast'; const Contact = () => { @@ -69,12 +69,6 @@ const Contact = () => { value: 'contact@dk0.dev', href: 'mailto:contact@dk0.dev' }, - { - icon: Phone, - title: 'Phone', - value: '+49 176 12669990', - href: 'tel:+4917612669990' - }, { icon: MapPin, title: 'Location', diff --git a/app/editor/page.tsx b/app/editor/page.tsx new file mode 100644 index 0000000..f0a39ed --- /dev/null +++ b/app/editor/page.tsx @@ -0,0 +1,904 @@ +'use client'; + +import React, { useState, useEffect, useRef, useCallback, Suspense } from 'react'; +import { useSearchParams } from 'next/navigation'; +import { motion, AnimatePresence } from 'framer-motion'; +import { + ArrowLeft, + Save, + Eye, + X, + Bold, + Italic, + Code, + Image, + Link, + List, + ListOrdered, + Quote, + Hash, + Loader2, + ExternalLink, + Github, + Tag +} from 'lucide-react'; + +interface Project { + id: string; + title: string; + description: string; + content?: string; + category: string; + tags?: string[]; + featured: boolean; + published: boolean; + github?: string; + live?: string; + image?: string; + createdAt: string; + updatedAt: string; +} + +function EditorPageContent() { + const searchParams = useSearchParams(); + const projectId = searchParams.get('id'); + const contentRef = useRef(null); + + const [, setProject] = useState(null); + const [isAuthenticated, setIsAuthenticated] = useState(false); + const [isLoading, setIsLoading] = useState(true); + const [isSaving, setIsSaving] = useState(false); + const [isCreating, setIsCreating] = useState(!projectId); + const [showPreview, setShowPreview] = useState(false); + const [isTyping, setIsTyping] = useState(false); + + // Form state + const [formData, setFormData] = useState({ + title: '', + description: '', + content: '', + category: 'web', + tags: [] as string[], + featured: false, + published: false, + github: '', + live: '', + image: '' + }); + + const loadProject = useCallback(async (id: string) => { + try { + console.log('Fetching projects...'); + const response = await fetch('/api/projects'); + + if (response.ok) { + const data = await response.json(); + console.log('Projects loaded:', data); + + const foundProject = data.projects.find((p: Project) => p.id.toString() === id); + console.log('Found project:', foundProject); + + if (foundProject) { + setProject(foundProject); + setFormData({ + title: foundProject.title || '', + description: foundProject.description || '', + content: foundProject.content || '', + category: foundProject.category || 'web', + tags: foundProject.tags || [], + featured: foundProject.featured || false, + published: foundProject.published || false, + github: foundProject.github || '', + live: foundProject.live || '', + image: foundProject.image || '' + }); + console.log('Form data set for project:', foundProject.title); + } else { + console.log('Project not found with ID:', id); + } + } else { + console.error('Failed to fetch projects:', response.status); + } + } catch (error) { + console.error('Error loading project:', error); + } + }, []); + + // Check authentication and load project + useEffect(() => { + const init = async () => { + try { + // Check auth + const authStatus = sessionStorage.getItem('admin_authenticated'); + const sessionToken = sessionStorage.getItem('admin_session_token'); + + console.log('Editor Auth check:', { authStatus, hasSessionToken: !!sessionToken, projectId }); + + if (authStatus === 'true' && sessionToken) { + console.log('User is authenticated'); + setIsAuthenticated(true); + + // Load project if editing + if (projectId) { + console.log('Loading project with ID:', projectId); + await loadProject(projectId); + } else { + console.log('Creating new project'); + setIsCreating(true); + } + } else { + console.log('User not authenticated'); + setIsAuthenticated(false); + } + } catch (error) { + console.error('Error in init:', error); + setIsAuthenticated(false); + } finally { + setIsLoading(false); + } + }; + + init(); + }, [projectId, loadProject]); + + const handleSave = async () => { + try { + setIsSaving(true); + + // Validate required fields + if (!formData.title.trim()) { + alert('Please enter a project title'); + return; + } + + if (!formData.description.trim()) { + alert('Please enter a project description'); + return; + } + + const url = projectId ? `/api/projects/${projectId}` : '/api/projects'; + const method = projectId ? 'PUT' : 'POST'; + + // Prepare data for saving - only include fields that exist in the database schema + const saveData = { + title: formData.title.trim(), + description: formData.description.trim(), + content: formData.content.trim(), + category: formData.category, + tags: formData.tags, + github: formData.github.trim() || null, + live: formData.live.trim() || null, + imageUrl: formData.image.trim() || null, + published: formData.published, + featured: formData.featured, + // Add required fields that might be missing + date: new Date().toISOString().split('T')[0] // Current date in YYYY-MM-DD format + }; + + console.log('Saving project:', { url, method, saveData }); + + const response = await fetch(url, { + method, + headers: { + 'Content-Type': 'application/json', + 'x-admin-request': 'true' + }, + body: JSON.stringify(saveData) + }); + + if (response.ok) { + const savedProject = await response.json(); + console.log('Project saved successfully:', savedProject); + + // Update local state with the saved project data + setProject(savedProject); + setFormData(prev => ({ + ...prev, + title: savedProject.title || '', + description: savedProject.description || '', + content: savedProject.content || '', + category: savedProject.category || 'web', + tags: savedProject.tags || [], + featured: savedProject.featured || false, + published: savedProject.published || false, + github: savedProject.github || '', + live: savedProject.live || '', + image: savedProject.imageUrl || '' + })); + + // Show success and redirect + alert('Project saved successfully!'); + setTimeout(() => { + window.location.href = '/manage'; + }, 1000); + } else { + const errorData = await response.json(); + console.error('Error saving project:', response.status, errorData); + alert(`Error saving project: ${errorData.error || 'Unknown error'}`); + } + } catch (error) { + console.error('Error saving project:', error); + alert(`Error saving project: ${error instanceof Error ? error.message : 'Unknown error'}`); + } finally { + setIsSaving(false); + } + }; + + const handleInputChange = (field: string, value: string | boolean | string[]) => { + setFormData(prev => ({ + ...prev, + [field]: value + })); + }; + + const handleTagsChange = (tagsString: string) => { + const tags = tagsString.split(',').map(tag => tag.trim()).filter(tag => tag); + setFormData(prev => ({ + ...prev, + tags + })); + }; + + // Simple markdown to HTML converter + const parseMarkdown = (text: string) => { + if (!text) return ''; + + return text + // Headers + .replace(/^### (.*$)/gim, '

$1

') + .replace(/^## (.*$)/gim, '

$1

') + .replace(/^# (.*$)/gim, '

$1

') + // Bold + .replace(/\*\*(.*?)\*\*/g, '$1') + // Italic + .replace(/\*(.*?)\*/g, '$1') + // Code blocks + .replace(/```([\s\S]*?)```/g, '
$1
') + // Inline code + .replace(/`(.*?)`/g, '$1') + // Links + .replace(/\[([^\]]+)\]\(([^)]+)\)/g, '$1') + // Images + .replace(/!\[([^\]]*)\]\(([^)]+)\)/g, '$1') + // Ensure all images have alt attributes + .replace(/]*?)(?:\s+alt\s*=\s*["'][^"']*["'])?([^>]*?)>/g, (match, before, after) => { + if (match.includes('alt=')) return match; + return ``; + }) + // Lists + .replace(/^\* (.*$)/gim, '
  • $1
    • ') + .replace(/^- (.*$)/gim, '
  • $1
    • ') + .replace(/^(\d+)\. (.*$)/gim, '
  • $2
    • ') + // Blockquotes + .replace(/^> (.*$)/gim, '
    $1
    ') + // Line breaks + .replace(/\n/g, '
    '); + }; + + // Rich text editor functions + const insertFormatting = (format: string) => { + const content = contentRef.current; + if (!content) return; + + const selection = window.getSelection(); + if (!selection || selection.rangeCount === 0) return; + + const range = selection.getRangeAt(0); + let newText = ''; + + switch (format) { + case 'bold': + newText = `**${selection.toString() || 'bold text'}**`; + break; + case 'italic': + newText = `*${selection.toString() || 'italic text'}*`; + break; + case 'code': + newText = `\`${selection.toString() || 'code'}\``; + break; + case 'h1': + newText = `# ${selection.toString() || 'Heading 1'}`; + break; + case 'h2': + newText = `## ${selection.toString() || 'Heading 2'}`; + break; + case 'h3': + newText = `### ${selection.toString() || 'Heading 3'}`; + break; + case 'list': + newText = `- ${selection.toString() || 'List item'}`; + break; + case 'orderedList': + newText = `1. ${selection.toString() || 'List item'}`; + break; + case 'quote': + newText = `> ${selection.toString() || 'Quote'}`; + break; + case 'link': + const url = prompt('Enter URL:'); + if (url) { + newText = `[${selection.toString() || 'link text'}](${url})`; + } + break; + case 'image': + const imageUrl = prompt('Enter image URL:'); + if (imageUrl) { + newText = `![${selection.toString() || 'alt text'}](${imageUrl})`; + } + break; + } + + if (newText) { + range.deleteContents(); + range.insertNode(document.createTextNode(newText)); + + // Update form data + setFormData(prev => ({ + ...prev, + content: content.textContent || '' + })); + } + }; + + if (isLoading) { + return ( +
    +
    + + +

    Loading Editor

    +

    Preparing your workspace...

    +     +
    +
    + ); + } + + if (!isAuthenticated) { + return ( +
    + +
    +
    + +
    +

    Access Denied

    +

    You need to be logged in to access the editor.

    +
    + + +     +
    + ); + } + + return ( +
    + {/* Header */} +
    +
    +
    +
    + +
    +

    + {isCreating ? 'Create New Project' : `Edit: ${formData.title || 'Untitled'}`} +

    +
    + +
    + + + +
    +
    +
    +
    + + {/* Editor Content */} +
    +
    + {/* Floating particles background */} +
    + {[...Array(20)].map((_, i) => ( +
    + ))} +
    + {/* Main Editor */} +
    + {/* Project Title */} + + handleInputChange('title', e.target.value)} + className="w-full text-3xl font-bold form-input-enhanced focus:outline-none p-4 rounded-lg" + placeholder="Enter project title..." + /> + + + {/* Rich Text Toolbar */} + +
    +
    + + + +
    + +
    + + + +
    + +
    + + + +
    + +
    + + +
    +
    +     + + {/* Content Editor */} + +

    Content

    +
    { + const target = e.target as HTMLDivElement; + setIsTyping(true); + setFormData(prev => ({ + ...prev, + content: target.textContent || '' + })); + }} + onBlur={() => { + setIsTyping(false); + }} + suppressContentEditableWarning={true} + data-placeholder="Start writing your project content..." + > + {!isTyping ? formData.content : undefined} +
    +

    + Supports Markdown formatting. Use the toolbar above or type directly. +

    +     + + {/* Description */} + +

    Description

    +