denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧 Enhance Middleware and Admin Features

Browse Source 
 Updated Middleware Logic:
- Enhanced admin route protection with Basic Auth for legacy routes and session-based auth for `/manage` and `/editor`.

 Improved Admin Panel Styles:
- Added glassmorphism styles for admin components to enhance UI aesthetics.

 Refined Rate Limiting:
- Adjusted rate limits for admin dashboard requests to allow more generous access.

 Introduced Analytics Reset API:
- Added a new endpoint for resetting analytics data with rate limiting and admin authentication.

🎯 Overall Improvements:
- Strengthened security and user experience for admin functionalities.
- Enhanced visual design for better usability.
- Streamlined analytics management processes.
This commit is contained in:
denshooter
2025-09-09 19:50:52 +02:00
parent 0ae1883cf4
commit be01ee2adb
26 changed files with 4518 additions and 1103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/api/analytics/performance/route.ts
View File

@@ -1,26 +1,16 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';
import { requireAdminAuth } from '@/lib/auth';
export async function GET(request: NextRequest) {
try {
// Check admin authentication
const authHeader = request.headers.get('authorization');
const basicAuth = process.env.ADMIN_BASIC_AUTH;
if (!basicAuth) {
return new NextResponse('Admin access not configured', { status: 500 });
}
if (!authHeader || !authHeader.startsWith('Basic ')) {
return new NextResponse('Authentication required', { status: 401 });
}
const credentials = authHeader.split(' ')[1];
const [username, password] = Buffer.from(credentials, 'base64').toString().split(':');
const [expectedUsername, expectedPassword] = basicAuth.split(':');
if (username !== expectedUsername || password !== expectedPassword) {
return new NextResponse('Invalid credentials', { status: 401 });
// Check admin authentication - for admin dashboard requests, we trust the session
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) {
const authError = requireAdminAuth(request);
if (authError) {
return authError;
}
}
// Get performance data from database