denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧 Enhance Middleware and Admin Features

Browse Source 
 Updated Middleware Logic:
- Enhanced admin route protection with Basic Auth for legacy routes and session-based auth for `/manage` and `/editor`.

 Improved Admin Panel Styles:
- Added glassmorphism styles for admin components to enhance UI aesthetics.

 Refined Rate Limiting:
- Adjusted rate limits for admin dashboard requests to allow more generous access.

 Introduced Analytics Reset API:
- Added a new endpoint for resetting analytics data with rate limiting and admin authentication.

🎯 Overall Improvements:
- Strengthened security and user experience for admin functionalities.
- Enhanced visual design for better usability.
- Streamlined analytics management processes.
This commit is contained in:
denshooter
2025-09-09 19:50:52 +02:00
parent 0ae1883cf4
commit be01ee2adb
26 changed files with 4518 additions and 1103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/api/auth/login/route.ts
View File

@@ -1,11 +1,5 @@
import { NextRequest, NextResponse } from 'next/server';
import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
// Generate CSRF token
async function generateCSRFToken(): Promise<string> {
const crypto = await import('crypto');
return crypto.randomBytes(32).toString('hex');
}
import { checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
export async function POST(request: NextRequest) {
try {
@@ -44,7 +38,7 @@ export async function POST(request: NextRequest) {
// Get admin credentials from environment
const adminAuth = process.env.ADMIN_BASIC_AUTH || 'admin:default_password_change_me';
const [expectedUsername, expectedPassword] = adminAuth.split(':');
const [, expectedPassword] = adminAuth.split(':');
// Secure password comparison
if (password === expectedPassword) {
@@ -88,10 +82,10 @@ export async function POST(request: NextRequest) {
{ status: 401, headers: { 'Content-Type': 'application/json' } }
);
}
} catch (error) {
return new NextResponse(
JSON.stringify({ error: 'Internal server error' }),
{ status: 500, headers: { 'Content-Type': 'application/json' } }
);
}
} catch {
return new NextResponse(
JSON.stringify({ error: 'Internal server error' }),
{ status: 500, headers: { 'Content-Type': 'application/json' } }
);
}
}