🔧 Enhance Middleware and Admin Features
✅ Updated Middleware Logic: - Enhanced admin route protection with Basic Auth for legacy routes and session-based auth for `/manage` and `/editor`. ✅ Improved Admin Panel Styles: - Added glassmorphism styles for admin components to enhance UI aesthetics. ✅ Refined Rate Limiting: - Adjusted rate limits for admin dashboard requests to allow more generous access. ✅ Introduced Analytics Reset API: - Added a new endpoint for resetting analytics data with rate limiting and admin authentication. 🎯 Overall Improvements: - Strengthened security and user experience for admin functionalities. - Enhanced visual design for better usability. - Streamlined analytics management processes.
This commit is contained in:
@@ -14,7 +14,7 @@ export async function GET(request: NextRequest) {
|
||||
|
||||
// Simple in-memory rate limiting for CSRF tokens (in production, use Redis)
|
||||
const key = `csrf_${ip}`;
|
||||
const rateLimitMap = (global as any).csrfRateLimit || ((global as any).csrfRateLimit = new Map());
|
||||
const rateLimitMap = (global as unknown as Record<string, Map<string, { count: number; timestamp: number }>>).csrfRateLimit || ((global as unknown as Record<string, Map<string, { count: number; timestamp: number }>>).csrfRateLimit = new Map());
|
||||
|
||||
const current = rateLimitMap.get(key);
|
||||
if (current && now - current.timestamp < 60000) { // 1 minute
|
||||
@@ -46,7 +46,7 @@ export async function GET(request: NextRequest) {
|
||||
}
|
||||
}
|
||||
);
|
||||
} catch (error) {
|
||||
} catch {
|
||||
return new NextResponse(
|
||||
JSON.stringify({ error: 'Internal server error' }),
|
||||
{ status: 500, headers: { 'Content-Type': 'application/json' } }
|
||||
|
||||
@@ -1,11 +1,5 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
|
||||
|
||||
// Generate CSRF token
|
||||
async function generateCSRFToken(): Promise<string> {
|
||||
const crypto = await import('crypto');
|
||||
return crypto.randomBytes(32).toString('hex');
|
||||
}
|
||||
import { checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
try {
|
||||
@@ -44,7 +38,7 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
// Get admin credentials from environment
|
||||
const adminAuth = process.env.ADMIN_BASIC_AUTH || 'admin:default_password_change_me';
|
||||
const [expectedUsername, expectedPassword] = adminAuth.split(':');
|
||||
const [, expectedPassword] = adminAuth.split(':');
|
||||
|
||||
// Secure password comparison
|
||||
if (password === expectedPassword) {
|
||||
@@ -88,10 +82,10 @@ export async function POST(request: NextRequest) {
|
||||
{ status: 401, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
} catch (error) {
|
||||
return new NextResponse(
|
||||
JSON.stringify({ error: 'Internal server error' }),
|
||||
{ status: 500, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
} catch {
|
||||
return new NextResponse(
|
||||
JSON.stringify({ error: 'Internal server error' }),
|
||||
{ status: 500, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -78,15 +78,15 @@ export async function POST(request: NextRequest) {
|
||||
}
|
||||
}
|
||||
);
|
||||
} catch (error) {
|
||||
} catch {
|
||||
return new NextResponse(
|
||||
JSON.stringify({ valid: false, error: 'Invalid session token format' }),
|
||||
{ status: 401, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
} catch (error) {
|
||||
} catch {
|
||||
return new NextResponse(
|
||||
JSON.stringify({ valid: false, error: 'Internal server error' }),
|
||||
JSON.stringify({ valid: false, error: 'Internal server error' }),
|
||||
{ status: 500, headers: { 'Content-Type': 'application/json' } }
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user