denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge dev branch into production - resolve conflicts

Browse Source 
- Updated admin URLs from /admin to /manage
- Integrated new admin dashboard and email management features
- Added authentication system and project management
- Resolved conflicts in DEV-SETUP.md, README.md, email routes, and components
- Removed old admin page in favor of new manage page
This commit is contained in:
denshooter
2025-09-10 11:06:36 +02:00
parent 0af21d6fc6 2f40fc6753
commit b44250fe0e
37 changed files with 5746 additions and 423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
app/api/analytics/dashboard/route.ts
View File

@@ -1,27 +1,33 @@
import { NextRequest, NextResponse } from 'next/server';
import { projectService } from '@/lib/prisma';
import { analyticsCache } from '@/lib/redis';
import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
export async function GET(request: NextRequest) {
try {
// Check admin authentication
const authHeader = request.headers.get('authorization');
const basicAuth = process.env.ADMIN_BASIC_AUTH;
if (!basicAuth) {
return new NextResponse('Admin access not configured', { status: 500 });
// Rate limiting - more generous for admin dashboard
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
if (!checkRateLimit(ip, 20, 60000)) { // 20 requests per minute
return new NextResponse(
JSON.stringify({ error: 'Rate limit exceeded' }),
{
status: 429,
headers: {
'Content-Type': 'application/json',
...getRateLimitHeaders(ip, 5, 60000)
}
}
);
}
if (!authHeader || !authHeader.startsWith('Basic ')) {
return new NextResponse('Authentication required', { status: 401 });
}
const credentials = authHeader.split(' ')[1];
const [username, password] = Buffer.from(credentials, 'base64').toString().split(':');
const [expectedUsername, expectedPassword] = basicAuth.split(':');
if (username !== expectedUsername || password !== expectedPassword) {
return new NextResponse('Invalid credentials', { status: 401 });
// Check admin authentication - for admin dashboard requests, we trust the session
// The middleware has already verified the admin session for /manage routes
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) {
const authError = requireAdminAuth(request);
if (authError) {
return authError;
}
}
// Check cache first

26
app/api/analytics/performance/route.ts
View File

@@ -1,26 +1,16 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';
import { requireAdminAuth } from '@/lib/auth';
export async function GET(request: NextRequest) {
try {
// Check admin authentication
const authHeader = request.headers.get('authorization');
const basicAuth = process.env.ADMIN_BASIC_AUTH;
if (!basicAuth) {
return new NextResponse('Admin access not configured', { status: 500 });
}
if (!authHeader || !authHeader.startsWith('Basic ')) {
return new NextResponse('Authentication required', { status: 401 });
}
const credentials = authHeader.split(' ')[1];
const [username, password] = Buffer.from(credentials, 'base64').toString().split(':');
const [expectedUsername, expectedPassword] = basicAuth.split(':');
if (username !== expectedUsername || password !== expectedPassword) {
return new NextResponse('Invalid credentials', { status: 401 });
// Check admin authentication - for admin dashboard requests, we trust the session
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) {
const authError = requireAdminAuth(request);
if (authError) {
return authError;
}
}
// Get performance data from database

199
app/api/analytics/reset/route.ts Normal file
View File

@@ -0,0 +1,199 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';
import { analyticsCache } from '@/lib/redis';
import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
export async function POST(request: NextRequest) {
try {
// Rate limiting
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
if (!checkRateLimit(ip, 3, 300000)) { // 3 requests per 5 minutes - more restrictive for reset
return new NextResponse(
JSON.stringify({ error: 'Rate limit exceeded' }),
{
status: 429,
headers: {
'Content-Type': 'application/json',
...getRateLimitHeaders(ip, 3, 300000)
}
}
);
}
// Check admin authentication
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) {
const authError = requireAdminAuth(request);
if (authError) {
return authError;
}
}
const { type } = await request.json();
switch (type) {
case 'analytics':
// Reset all project analytics
await prisma.project.updateMany({
data: {
analytics: {
views: 0,
likes: 0,
shares: 0,
comments: 0,
bookmarks: 0,
clickThroughs: 0,
bounceRate: 0,
avgTimeOnPage: 0,
uniqueVisitors: 0,
returningVisitors: 0,
conversionRate: 0,
socialShares: {
twitter: 0,
linkedin: 0,
facebook: 0,
github: 0
},
deviceStats: {
mobile: 0,
desktop: 0,
tablet: 0
},
locationStats: {},
referrerStats: {},
lastUpdated: new Date().toISOString()
}
}
});
break;
case 'pageviews':
// Clear PageView table
await prisma.pageView.deleteMany({});
break;
case 'interactions':
// Clear UserInteraction table
await prisma.userInteraction.deleteMany({});
break;
case 'performance':
// Reset performance metrics
await prisma.project.updateMany({
data: {
performance: {
lighthouse: 0,
loadTime: 0,
firstContentfulPaint: 0,
largestContentfulPaint: 0,
cumulativeLayoutShift: 0,
totalBlockingTime: 0,
speedIndex: 0,
accessibility: 0,
bestPractices: 0,
seo: 0,
performanceScore: 0,
mobileScore: 0,
desktopScore: 0,
coreWebVitals: {
lcp: 0,
fid: 0,
cls: 0
},
lastUpdated: new Date().toISOString()
}
}
});
break;
case 'all':
// Reset everything
await Promise.all([
// Reset analytics
prisma.project.updateMany({
data: {
analytics: {
views: 0,
likes: 0,
shares: 0,
comments: 0,
bookmarks: 0,
clickThroughs: 0,
bounceRate: 0,
avgTimeOnPage: 0,
uniqueVisitors: 0,
returningVisitors: 0,
conversionRate: 0,
socialShares: {
twitter: 0,
linkedin: 0,
facebook: 0,
github: 0
},
deviceStats: {
mobile: 0,
desktop: 0,
tablet: 0
},
locationStats: {},
referrerStats: {},
lastUpdated: new Date().toISOString()
}
}
}),
// Reset performance
prisma.project.updateMany({
data: {
performance: {
lighthouse: 0,
loadTime: 0,
firstContentfulPaint: 0,
largestContentfulPaint: 0,
cumulativeLayoutShift: 0,
totalBlockingTime: 0,
speedIndex: 0,
accessibility: 0,
bestPractices: 0,
seo: 0,
performanceScore: 0,
mobileScore: 0,
desktopScore: 0,
coreWebVitals: {
lcp: 0,
fid: 0,
cls: 0
},
lastUpdated: new Date().toISOString()
}
}
}),
// Clear tracking tables
prisma.pageView.deleteMany({}),
prisma.userInteraction.deleteMany({})
]);
break;
default:
return NextResponse.json(
{ error: 'Invalid reset type. Use: analytics, pageviews, interactions, performance, or all' },
{ status: 400 }
);
}
// Clear cache
await analyticsCache.clearAll();
return NextResponse.json({
success: true,
message: `Successfully reset ${type} data`,
timestamp: new Date().toISOString()
});
} catch (error) {
console.error('Analytics reset error:', error);
return NextResponse.json(
{ error: 'Failed to reset analytics data' },
{ status: 500 }
);
}
}

55
app/api/auth/csrf/route.ts Normal file
View File

@@ -0,0 +1,55 @@
import { NextRequest, NextResponse } from 'next/server';
// Generate CSRF token
async function generateCSRFToken(): Promise<string> {
const crypto = await import('crypto');
return crypto.randomBytes(32).toString('hex');
}
export async function GET(request: NextRequest) {
try {
// Rate limiting for CSRF token requests
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
const now = Date.now();
// Simple in-memory rate limiting for CSRF tokens (in production, use Redis)
const key = `csrf_${ip}`;
const rateLimitMap = (global as unknown as Record<string, Map<string, { count: number; timestamp: number }>>).csrfRateLimit || ((global as unknown as Record<string, Map<string, { count: number; timestamp: number }>>).csrfRateLimit = new Map());
const current = rateLimitMap.get(key);
if (current && now - current.timestamp < 60000) { // 1 minute
if (current.count >= 10) {
return new NextResponse(
JSON.stringify({ error: 'Rate limit exceeded for CSRF tokens' }),
{ status: 429, headers: { 'Content-Type': 'application/json' } }
);
}
current.count++;
} else {
rateLimitMap.set(key, { count: 1, timestamp: now });
}
const csrfToken = await generateCSRFToken();
return new NextResponse(
JSON.stringify({ csrfToken }),
{
status: 200,
headers: {
'Content-Type': 'application/json',
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': 'DENY',
'X-XSS-Protection': '1; mode=block',
'Cache-Control': 'no-store, no-cache, must-revalidate, proxy-revalidate',
'Pragma': 'no-cache',
'Expires': '0'
}
}
);
} catch {
return new NextResponse(
JSON.stringify({ error: 'Internal server error' }),
{ status: 500, headers: { 'Content-Type': 'application/json' } }
);
}
}

91
app/api/auth/login/route.ts Normal file
View File

@@ -0,0 +1,91 @@
import { NextRequest, NextResponse } from 'next/server';
import { checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
export async function POST(request: NextRequest) {
try {
// Rate limiting
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
if (!checkRateLimit(ip, 5, 60000)) { // 5 login attempts per minute
return new NextResponse(
JSON.stringify({ error: 'Rate limit exceeded' }),
{
status: 429,
headers: {
'Content-Type': 'application/json',
...getRateLimitHeaders(ip, 5, 60000)
}
}
);
}
const { password, csrfToken } = await request.json();
if (!password) {
return new NextResponse(
JSON.stringify({ error: 'Password required' }),
{ status: 400, headers: { 'Content-Type': 'application/json' } }
);
}
// CSRF Protection
const expectedCSRF = request.headers.get('x-csrf-token');
if (!csrfToken || !expectedCSRF || csrfToken !== expectedCSRF) {
return new NextResponse(
JSON.stringify({ error: 'CSRF token validation failed' }),
{ status: 403, headers: { 'Content-Type': 'application/json' } }
);
}
// Get admin credentials from environment
const adminAuth = process.env.ADMIN_BASIC_AUTH || 'admin:default_password_change_me';
const [, expectedPassword] = adminAuth.split(':');
// Secure password comparison
if (password === expectedPassword) {
// Generate cryptographically secure session token
const timestamp = Date.now();
const crypto = await import('crypto');
const randomBytes = crypto.randomBytes(32);
const randomString = randomBytes.toString('hex');
// Create session data
const sessionData = {
timestamp,
random: randomString,
ip: ip,
userAgent: request.headers.get('user-agent') || 'unknown'
};
// Encrypt session data
const sessionJson = JSON.stringify(sessionData);
const sessionToken = btoa(sessionJson);
return new NextResponse(
JSON.stringify({
success: true,
message: 'Login successful',
sessionToken
}),
{
status: 200,
headers: {
'Content-Type': 'application/json',
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': 'DENY',
'X-XSS-Protection': '1; mode=block'
}
}
);
} else {
return new NextResponse(
JSON.stringify({ error: 'Invalid password' }),
{ status: 401, headers: { 'Content-Type': 'application/json' } }
);
}
} catch {
return new NextResponse(
JSON.stringify({ error: 'Internal server error' }),
{ status: 500, headers: { 'Content-Type': 'application/json' } }
);
}
}

93
app/api/auth/validate/route.ts Normal file
View File

@@ -0,0 +1,93 @@
import { NextRequest, NextResponse } from 'next/server';
export async function POST(request: NextRequest) {
try {
const { sessionToken, csrfToken } = await request.json();
if (!sessionToken) {
return new NextResponse(
JSON.stringify({ valid: false, error: 'No session token provided' }),
{ status: 400, headers: { 'Content-Type': 'application/json' } }
);
}
// CSRF Protection
const expectedCSRF = request.headers.get('x-csrf-token');
if (!csrfToken || !expectedCSRF || csrfToken !== expectedCSRF) {
return new NextResponse(
JSON.stringify({ valid: false, error: 'CSRF token validation failed' }),
{ status: 403, headers: { 'Content-Type': 'application/json' } }
);
}
// Decode and validate session token
try {
const decodedJson = atob(sessionToken);
const sessionData = JSON.parse(decodedJson);
// Validate session data structure
if (!sessionData.timestamp || !sessionData.random || !sessionData.ip || !sessionData.userAgent) {
return new NextResponse(
JSON.stringify({ valid: false, error: 'Invalid session token structure' }),
{ status: 401, headers: { 'Content-Type': 'application/json' } }
);
}
// Check if session is still valid (2 hours)
const sessionTime = sessionData.timestamp;
const now = Date.now();
const sessionDuration = 2 * 60 * 60 * 1000; // 2 hours
if (now - sessionTime > sessionDuration) {
return new NextResponse(
JSON.stringify({ valid: false, error: 'Session expired' }),
{ status: 401, headers: { 'Content-Type': 'application/json' } }
);
}
// Validate IP address (optional, but good security practice)
const currentIp = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
if (sessionData.ip !== currentIp) {
// Log potential session hijacking attempt
console.warn(`Session IP mismatch: expected ${sessionData.ip}, got ${currentIp}`);
return new NextResponse(
JSON.stringify({ valid: false, error: 'Session validation failed' }),
{ status: 401, headers: { 'Content-Type': 'application/json' } }
);
}
// Validate User-Agent (optional)
const currentUserAgent = request.headers.get('user-agent') || 'unknown';
if (sessionData.userAgent !== currentUserAgent) {
console.warn(`Session User-Agent mismatch`);
return new NextResponse(
JSON.stringify({ valid: false, error: 'Session validation failed' }),
{ status: 401, headers: { 'Content-Type': 'application/json' } }
);
}
return new NextResponse(
JSON.stringify({ valid: true, message: 'Session valid' }),
{
status: 200,
headers: {
'Content-Type': 'application/json',
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': 'DENY',
'X-XSS-Protection': '1; mode=block'
}
}
);
} catch {
return new NextResponse(
JSON.stringify({ valid: false, error: 'Invalid session token format' }),
{ status: 401, headers: { 'Content-Type': 'application/json' } }
);
}
} catch {
return new NextResponse(
JSON.stringify({ valid: false, error: 'Internal server error' }),
{ status: 500, headers: { 'Content-Type': 'application/json' } }
);
}
}

96
app/api/email/respond/route.tsx
View File

@@ -319,6 +319,98 @@ const emailTemplates = {
</body>
</html>
`
<<<<<<< HEAD
=======
},
reply: {
subject: "Antwort auf deine Nachricht 📧",
template: (name: string, originalMessage: string) => `
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Antwort - Dennis Konkol</title>
</head>
<body style="margin: 0; padding: 0; background-color: #f8fafc; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;">
<div style="max-width: 600px; margin: 0 auto; background-color: #ffffff; box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);">
<!-- Header -->
<div style="background: linear-gradient(135deg, #3b82f6 0%, #1d4ed8 100%); padding: 40px 30px; text-align: center;">
<h1 style="color: #ffffff; margin: 0; font-size: 28px; font-weight: 600; letter-spacing: -0.5px;">
📧 Hallo ${name}!
</h1>
<p style="color: #dbeafe; margin: 8px 0 0 0; font-size: 16px; opacity: 0.9;">
Hier ist meine Antwort auf deine Nachricht
</p>
</div>
<!-- Content -->
<div style="padding: 40px 30px;">
<!-- Reply Message -->
<div style="background: linear-gradient(135deg, #eff6ff 0%, #dbeafe 100%); padding: 30px; border-radius: 12px; margin-bottom: 30px; border: 1px solid #93c5fd;">
<div style="text-align: center; margin-bottom: 20px;">
<div style="width: 60px; height: 60px; background: linear-gradient(135deg, #3b82f6 0%, #1d4ed8 100%); border-radius: 50%; display: inline-flex; align-items: center; justify-content: center; margin-bottom: 15px;">
<span style="color: #ffffff; font-size: 24px;">💬</span>
</div>
<h2 style="color: #1e40af; margin: 0; font-size: 22px; font-weight: 600;">Meine Antwort</h2>
</div>
<div style="background: #ffffff; padding: 20px; border-radius: 8px; border-left: 4px solid #3b82f6;">
<p style="color: #1e40af; margin: 0; line-height: 1.6; font-size: 16px; white-space: pre-wrap;">${originalMessage}</p>
</div>
</div>
<!-- Original Message Reference -->
<div style="background: #ffffff; padding: 25px; border-radius: 12px; border: 1px solid #e5e7eb; margin-bottom: 30px;">
<h3 style="color: #374151; margin: 0 0 15px 0; font-size: 16px; font-weight: 600; display: flex; align-items: center;">
<span style="width: 6px; height: 6px; background: #6b7280; border-radius: 50%; margin-right: 10px;"></span>
Deine ursprüngliche Nachricht
</h3>
<div style="background: #f9fafb; padding: 20px; border-radius: 8px; border-left: 4px solid #3b82f6;">
<p style="color: #4b5563; margin: 0; line-height: 1.6; font-style: italic; white-space: pre-wrap;">${originalMessage}</p>
</div>
</div>
<!-- Contact Info -->
<div style="background: #f8fafc; padding: 25px; border-radius: 12px; text-align: center; border: 1px solid #e2e8f0;">
<h3 style="color: #374151; margin: 0 0 15px 0; font-size: 18px; font-weight: 600;">Weitere Fragen?</h3>
<p style="color: #6b7280; margin: 0 0 20px 0; line-height: 1.6;">
Falls du weitere Fragen hast oder mehr über meine Projekte erfahren möchtest, zögere nicht, mir zu schreiben!
</p>
<div style="display: flex; justify-content: center; gap: 20px; flex-wrap: wrap;">
<a href="https://dki.one" style="display: inline-flex; align-items: center; padding: 12px 24px; background: linear-gradient(135deg, #3b82f6 0%, #1d4ed8 100%); color: #ffffff; text-decoration: none; border-radius: 8px; font-weight: 500; transition: all 0.2s;">
🌐 Portfolio besuchen
</a>
<a href="mailto:contact@dk0.dev" style="display: inline-flex; align-items: center; padding: 12px 24px; background: #ffffff; color: #3b82f6; text-decoration: none; border-radius: 8px; font-weight: 500; border: 2px solid #3b82f6; transition: all 0.2s;">
📧 Direkt antworten
</a>
</div>
</div>
</div>
<!-- Footer -->
<div style="background: #f8fafc; padding: 30px; text-align: center; border-top: 1px solid #e5e7eb;">
<p style="color: #6b7280; margin: 0 0 10px 0; font-size: 14px; font-weight: 500;">
<strong>Dennis Konkol</strong> • <a href="https://dki.one" style="color: #3b82f6; text-decoration: none;">dki.one</a>
</p>
<p style="color: #9ca3af; margin: 10px 0 0 0; font-size: 12px;">
${new Date().toLocaleString('de-DE', {
year: 'numeric',
month: 'long',
day: 'numeric',
hour: '2-digit',
minute: '2-digit'
})}
</p>
</div>
</div>
</body>
</html>
`
>>>>>>> dev
}
};
@@ -327,7 +419,11 @@ export async function POST(request: NextRequest) {
const body = (await request.json()) as {
to: string;
name: string;
<<<<<<< HEAD
template: 'welcome' | 'project' | 'quick';
=======
template: 'welcome' | 'project' | 'quick' | 'reply';
>>>>>>> dev
originalMessage: string;
};

20
app/api/email/route.tsx
View File

@@ -2,6 +2,9 @@ import { type NextRequest, NextResponse } from "next/server";
import nodemailer from "nodemailer";
import SMTPTransport from "nodemailer/lib/smtp-transport";
import Mail from "nodemailer/lib/mailer";
import { PrismaClient } from '@prisma/client';
const prisma = new PrismaClient();
export async function POST(request: NextRequest) {
try {
@@ -270,6 +273,23 @@ Diese E-Mail wurde automatisch von deinem Portfolio generiert.
}
}
// Save contact to database
try {
await prisma.contact.create({
data: {
name,
email,
subject,
message,
responded: false
}
});
console.log('✅ Contact saved to database');
} catch (dbError) {
console.error('❌ Error saving contact to database:', dbError);
// Don't fail the email send if DB save fails
}
return NextResponse.json({
message: "E-Mail erfolgreich gesendet",
messageId: result

30
app/api/projects/[id]/route.ts
View File

@@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';
import { apiCache } from '@/lib/cache';
export async function GET(
request: NextRequest,
@@ -35,20 +36,41 @@ export async function PUT(
{ params }: { params: Promise<{ id: string }> }
) {
try {
// Check if this is an admin request
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) {
return NextResponse.json(
{ error: 'Admin access required' },
{ status: 403 }
);
}
const { id: idParam } = await params;
const id = parseInt(idParam);
const data = await request.json();
// Remove difficulty field if it exists (since we're removing it)
const { difficulty, ...projectData } = data;
const project = await prisma.project.update({
where: { id },
data: { ...data, updatedAt: new Date() }
data: {
...projectData,
updatedAt: new Date(),
// Keep existing difficulty if not provided
...(difficulty ? { difficulty } : {})
}
});
// Invalidate cache after successful update
await apiCache.invalidateProject(id);
await apiCache.invalidateAll();
return NextResponse.json(project);
} catch (error) {
console.error('Error updating project:', error);
return NextResponse.json(
{ error: 'Failed to update project' },
{ error: 'Failed to update project', details: error instanceof Error ? error.message : 'Unknown error' },
{ status: 500 }
);
}
@@ -66,6 +88,10 @@ export async function DELETE(
where: { id }
});
// Invalidate cache after successful deletion
await apiCache.invalidateProject(id);
await apiCache.invalidateAll();
return NextResponse.json({ success: true });
} catch (error) {
console.error('Error deleting project:', error);

6
app/api/projects/import/route.ts
View File

@@ -56,9 +56,9 @@ export async function POST(request: NextRequest) {
colorScheme: projectData.colorScheme || 'Dark',
accessibility: projectData.accessibility !== false, // Default to true
performance: projectData.performance || {
lighthouse: 90,
bundleSize: '50KB',
loadTime: '1.5s'
lighthouse: 0,
bundleSize: '0KB',
loadTime: '0s'
},
analytics: projectData.analytics || {
views: 0,

60
app/api/projects/route.ts
View File

@@ -1,9 +1,33 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';
import { apiCache } from '@/lib/cache';
import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
export async function GET(request: NextRequest) {
try {
// Rate limiting
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
if (!checkRateLimit(ip, 10, 60000)) { // 10 requests per minute
return new NextResponse(
JSON.stringify({ error: 'Rate limit exceeded' }),
{
status: 429,
headers: {
'Content-Type': 'application/json',
...getRateLimitHeaders(ip, 10, 60000)
}
}
);
}
// Check admin authentication for admin endpoints
const url = new URL(request.url);
if (url.pathname.includes('/manage') || request.headers.get('x-admin-request') === 'true') {
const authError = requireAdminAuth(request);
if (authError) {
return authError;
}
}
const { searchParams } = new URL(request.url);
const page = parseInt(searchParams.get('page') || '1');
const limit = parseInt(searchParams.get('limit') || '50');
@@ -13,8 +37,19 @@ export async function GET(request: NextRequest) {
const difficulty = searchParams.get('difficulty');
const search = searchParams.get('search');
// Create cache parameters object
const cacheParams = {
page: page.toString(),
limit: limit.toString(),
category,
featured,
published,
difficulty,
search
};
// Check cache first
const cached = await apiCache.getProjects();
const cached = await apiCache.getProjects(cacheParams);
if (cached && !search) { // Don't cache search results
return NextResponse.json(cached);
}
@@ -56,7 +91,7 @@ export async function GET(request: NextRequest) {
// Cache the result (only for non-search queries)
if (!search) {
await apiCache.setProjects(result);
await apiCache.setProjects(cacheParams, result);
}
return NextResponse.json(result);
@@ -71,12 +106,27 @@ export async function GET(request: NextRequest) {
export async function POST(request: NextRequest) {
try {
// Check if this is an admin request
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) {
return NextResponse.json(
{ error: 'Admin access required' },
{ status: 403 }
);
}
const data = await request.json();
// Remove difficulty field if it exists (since we're removing it)
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { difficulty, ...projectData } = data;
const project = await prisma.project.create({
data: {
...data,
performance: data.performance || { lighthouse: 90, bundleSize: '50KB', loadTime: '1.5s' },
...projectData,
// Set default difficulty since it's required in schema
difficulty: 'INTERMEDIATE',
performance: data.performance || { lighthouse: 0, bundleSize: '0KB', loadTime: '0s' },
analytics: data.analytics || { views: 0, likes: 0, shares: 0 }
}
});
@@ -88,7 +138,7 @@ export async function POST(request: NextRequest) {
} catch (error) {
console.error('Error creating project:', error);
return NextResponse.json(
{ error: 'Failed to create project' },
{ error: 'Failed to create project', details: error instanceof Error ? error.message : 'Unknown error' },
{ status: 500 }
);
}