feat: Optimize builds, add rollback script, and improve security
All checks were successful
Dev Deployment (Zero Downtime) / deploy-dev (push) Successful in 13m33s
All checks were successful
Dev Deployment (Zero Downtime) / deploy-dev (push) Successful in 13m33s
Build Optimizations: - Enable Docker BuildKit cache for faster builds (7min → 3-4min) - Add .dockerignore to reduce build context - Optimize Dockerfile with better layer caching - Run linting and tests in parallel - Skip blocking checks for dev deployments Rollback Functionality: - Add rollback.sh script to restore previous versions - Supports both production and dev environments - Automatic health checks after rollback Security Improvements: - Add authentication to n8n/generate-image endpoint - Add rate limiting to all n8n endpoints (10-30 req/min) - Create email obfuscation utilities - Add ObfuscatedEmail React component - Document security best practices Files: - .dockerignore - Faster builds - scripts/rollback.sh - Rollback functionality - lib/email-obfuscate.ts - Email obfuscation utilities - components/ObfuscatedEmail.tsx - React component - SECURITY_IMPROVEMENTS.md - Security documentation
This commit is contained in:
@@ -1,9 +1,20 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
|
||||
export async function POST(request: Request) {
|
||||
export async function POST(request: NextRequest) {
|
||||
let userMessage = "";
|
||||
|
||||
try {
|
||||
// Rate limiting for n8n chat endpoint
|
||||
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
|
||||
const { checkRateLimit } = await import('@/lib/auth');
|
||||
|
||||
if (!checkRateLimit(ip, 20, 60000)) { // 20 requests per minute for chat
|
||||
return NextResponse.json(
|
||||
{ error: 'Rate limit exceeded. Please try again later.' },
|
||||
{ status: 429 }
|
||||
);
|
||||
}
|
||||
|
||||
const json = await request.json();
|
||||
userMessage = json.message;
|
||||
const history = json.history || [];
|
||||
|
||||
@@ -13,6 +13,24 @@ import { NextRequest, NextResponse } from "next/server";
|
||||
*/
|
||||
export async function POST(req: NextRequest) {
|
||||
try {
|
||||
// Rate limiting for n8n endpoints
|
||||
const ip = req.headers.get('x-forwarded-for') || req.headers.get('x-real-ip') || 'unknown';
|
||||
const { checkRateLimit } = await import('@/lib/auth');
|
||||
|
||||
if (!checkRateLimit(ip, 10, 60000)) { // 10 requests per minute
|
||||
return NextResponse.json(
|
||||
{ error: 'Rate limit exceeded. Please try again later.' },
|
||||
{ status: 429 }
|
||||
);
|
||||
}
|
||||
|
||||
// Require admin authentication for n8n endpoints
|
||||
const { requireAdminAuth } = await import('@/lib/auth');
|
||||
const authError = requireAdminAuth(req);
|
||||
if (authError) {
|
||||
return authError;
|
||||
}
|
||||
|
||||
const body = await req.json();
|
||||
const { projectId, regenerate = false } = body;
|
||||
|
||||
|
||||
@@ -1,10 +1,20 @@
|
||||
// app/api/n8n/status/route.ts
|
||||
import { NextResponse } from "next/server";
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
|
||||
// Cache für 30 Sekunden, damit wir n8n nicht zuspammen
|
||||
export const revalidate = 30;
|
||||
|
||||
export async function GET() {
|
||||
export async function GET(request: NextRequest) {
|
||||
// Rate limiting for n8n status endpoint
|
||||
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
|
||||
const { checkRateLimit } = await import('@/lib/auth');
|
||||
|
||||
if (!checkRateLimit(ip, 30, 60000)) { // 30 requests per minute for status
|
||||
return NextResponse.json(
|
||||
{ error: 'Rate limit exceeded. Please try again later.' },
|
||||
{ status: 429 }
|
||||
);
|
||||
}
|
||||
try {
|
||||
// Check if n8n webhook URL is configured
|
||||
const n8nWebhookUrl = process.env.N8N_WEBHOOK_URL;
|
||||
|
||||
Reference in New Issue
Block a user