feat(api): require session authentication for admin routes and improve error handling
fix(api): streamline project image generation by fetching data directly from the database
fix(api): optimize project import/export functionality with session validation and improved error handling
fix(api): enhance analytics dashboard and email manager with session token for admin requests
fix(components): improve loading states and dynamic imports for better user experience
chore(security): update Content Security Policy to avoid unsafe-eval in production
chore(deps): update package.json scripts for consistent environment handling in linting and testing
- Improve localStorage access in ActivityFeed, ChatWidget, and AdminPage with try-catch blocks to handle potential errors gracefully.
- Update performance tracking in AnalyticsProvider and analytics.ts to ensure robust error handling and prevent failures from affecting user experience.
- Refactor Web Vitals tracking to include error handling for observer initialization and data collection.
- Ensure consistent handling of hydration mismatches in components like BackgroundBlobs and ChatWidget to improve rendering reliability.
- Integrate real page view data from the database for accurate analytics.
- Implement cache-busting for fresh data retrieval in analytics dashboard.
- Calculate and display bounce rate, average session duration, and unique users.
- Refactor performance metrics to ensure only real data is considered.
- Improve user experience with toast notifications for success and error messages.
- Update project editor with undo/redo functionality and enhanced content management.
- Fix ' not being decoded to apostrophe
- Decode HTML entities when loading messages from localStorage
- Improve server-side HTML entity decoding to handle all variations
- Replace hardcoded ' in static text with regular apostrophes
- Add support for more HTML entity variations (rsquo, lsquo, etc.)
- Add HTML entity decoding for chat responses (fixes ' display issue)
- Add timeout handling for n8n webhook requests (30s chat, 10s status)
- Improve error logging with detailed error information
- Add N8N_SECRET_TOKEN support for authentication
- Better fallback handling when n8n is unavailable
- Fix server-side HTML entity decoding for chat and status endpoints
✅ Updated Middleware Logic:
- Enhanced admin route protection with Basic Auth for legacy routes and session-based auth for `/manage` and `/editor`.
✅ Improved Admin Panel Styles:
- Added glassmorphism styles for admin components to enhance UI aesthetics.
✅ Refined Rate Limiting:
- Adjusted rate limits for admin dashboard requests to allow more generous access.
✅ Introduced Analytics Reset API:
- Added a new endpoint for resetting analytics data with rate limiting and admin authentication.
🎯 Overall Improvements:
- Strengthened security and user experience for admin functionalities.
- Enhanced visual design for better usability.
- Streamlined analytics management processes.
✅ Updated Admin Dashboard URL:
- Changed the Admin Dashboard access path from `/admin` to `/manage` in multiple files for consistency.
✅ Enhanced Middleware Authentication:
- Updated middleware to protect new admin routes including `/manage` and `/dashboard`.
✅ Implemented CSRF Protection:
- Added CSRF token generation and validation for login and session validation routes.
✅ Introduced Rate Limiting:
- Added rate limiting for admin routes and CSRF token requests to enhance security.
✅ Refactored Admin Page:
- Created a new admin management page with improved authentication handling and user feedback.
🎯 Overall Improvements:
- Strengthened security measures for admin access.
- Improved user experience with clearer navigation and feedback.
- Streamlined authentication processes for better performance.
- Add auto-deploy.sh script with full CI/CD pipeline
- Add quick-deploy.sh for fast development deployments
- Add Git post-receive hook for automatic deployment on push
- Add comprehensive deployment documentation
- Add npm scripts for easy deployment management
- Include health checks, logging, and cleanup
- Support for automatic rollback on failures
