full upgrade

app/api/analytics/route.ts

@@ -1,21 +1,41 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
 
 export async function POST(request: NextRequest) {
   try {
+    // Rate limiting for POST requests
+    const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
+    if (!checkRateLimit(ip, 30, 60000)) { // 30 requests per minute for analytics
+      return new NextResponse(
+        JSON.stringify({ error: 'Rate limit exceeded' }), 
+        { 
+          status: 429, 
+          headers: { 
+            'Content-Type': 'application/json',
+            ...getRateLimitHeaders(ip, 30, 60000)
+          } 
+        }
+      );
+    }
+
     const body = await request.json();
     
     // Log performance metrics (you can extend this to store in database)
-    console.log('Performance Metric:', {
-      timestamp: new Date().toISOString(),
-      ...body,
-    });
+    if (process.env.NODE_ENV === 'development') {
+      console.log('Performance Metric:', {
+        timestamp: new Date().toISOString(),
+        ...body,
+      });
+    }
 
     // You could store this in a database or send to external service
     // For now, we'll just log it since Umami handles the main analytics
     
     return NextResponse.json({ success: true });
   } catch (error) {
-    console.error('Analytics API Error:', error);
+    if (process.env.NODE_ENV === 'development') {
+      console.error('Analytics API Error:', error);
+    }
     return NextResponse.json(
       { error: 'Failed to process analytics data' },
       { status: 500 }