feat: production deployment configuration for dk0.dev

- Fixed authentication system (removed HTTP Basic Auth popup) - Added session-based authentication with proper logout - Updated rate limiting (20 req/s for login, 5 req/m for admin) - Created production deployment scripts and configs - Updated nginx configuration for dk0.dev domain - Added comprehensive production deployment guide - Fixed logout button functionality - Optimized for production with proper resource limits
2025-10-19 21:48:26 +02:00
parent 138b473418
commit c7bc0ecb1d
16 changed files with 931 additions and 285 deletions
--- a/app/api/analytics/dashboard/route.ts
+++ b/app/api/analytics/dashboard/route.ts
@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { projectService } from '@/lib/prisma';
 import { analyticsCache } from '@/lib/redis';
-import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
+import { requireSessionAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';

 export async function GET(request: NextRequest) {
  try {
@@ -24,7 +24,7 @@ export async function GET(request: NextRequest) {
    // The middleware has already verified the admin session for /manage routes
    const isAdminRequest = request.headers.get('x-admin-request') === 'true';
    if (!isAdminRequest) {
-      const authError = requireAdminAuth(request);
+      const authError = requireSessionAuth(request);
      if (authError) {
        return authError;
      }
--- a/app/api/analytics/performance/route.ts
+++ b/app/api/analytics/performance/route.ts
@@ -1,13 +1,13 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { prisma } from '@/lib/prisma';
-import { requireAdminAuth } from '@/lib/auth';
+import { requireSessionAuth } from '@/lib/auth';

 export async function GET(request: NextRequest) {
  try {
    // Check admin authentication - for admin dashboard requests, we trust the session
    const isAdminRequest = request.headers.get('x-admin-request') === 'true';
    if (!isAdminRequest) {
-      const authError = requireAdminAuth(request);
+      const authError = requireSessionAuth(request);
      if (authError) {
        return authError;
      }
--- a/app/api/analytics/reset/route.ts
+++ b/app/api/analytics/reset/route.ts
@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { prisma } from '@/lib/prisma';
 import { analyticsCache } from '@/lib/redis';
-import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
+import { requireSessionAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';

 export async function POST(request: NextRequest) {
  try {
@@ -23,7 +23,7 @@ export async function POST(request: NextRequest) {
    // Check admin authentication
    const isAdminRequest = request.headers.get('x-admin-request') === 'true';
    if (!isAdminRequest) {
-      const authError = requireAdminAuth(request);
+      const authError = requireSessionAuth(request);
      if (authError) {
        return authError;
      }
--- a/app/api/auth/login/route.ts
+++ b/app/api/auth/login/route.ts
@@ -5,14 +5,14 @@ export async function POST(request: NextRequest) {
  try {
    // Rate limiting
    const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
-    if (!checkRateLimit(ip, 5, 60000)) { // 5 login attempts per minute
+    if (!checkRateLimit(ip, 20, 60000)) { // 20 login attempts per minute
      return new NextResponse(
        JSON.stringify({ error: 'Rate limit exceeded' }), 
        { 
          status: 429, 
          headers: { 
            'Content-Type': 'application/json',
-            ...getRateLimitHeaders(ip, 5, 60000)
+            ...getRateLimitHeaders(ip, 20, 60000)
          } 
        }
      );
--- a/app/api/auth/logout/route.ts
+++ b/app/api/auth/logout/route.ts
@@ -0,0 +1,25 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+export async function POST(request: NextRequest) {
+  try {
+    // Simple logout - just return success
+    // The client will handle clearing the session storage
+    return new NextResponse(
+      JSON.stringify({ success: true, message: 'Logged out successfully' }),
+      {
+        status: 200,
+        headers: {
+          'Content-Type': 'application/json',
+          'Cache-Control': 'no-cache, no-store, must-revalidate',
+          'Pragma': 'no-cache',
+          'Expires': '0'
+        }
+      }
+    );
+  } catch (error) {
+    return new NextResponse(
+      JSON.stringify({ error: 'Logout failed' }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+}
--- a/app/api/projects/route.ts
+++ b/app/api/projects/route.ts
@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { prisma } from '@/lib/prisma';
 import { apiCache } from '@/lib/cache';
-import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
+import { requireSessionAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';

 export async function GET(request: NextRequest) {
  try {
@@ -20,10 +20,10 @@ export async function GET(request: NextRequest) {
      );
    }

-    // Check admin authentication for admin endpoints
+    // Check session authentication for admin endpoints
    const url = new URL(request.url);
    if (url.pathname.includes('/manage') || request.headers.get('x-admin-request') === 'true') {
-      const authError = requireAdminAuth(request);
+      const authError = requireSessionAuth(request);
      if (authError) {
        return authError;
      }