denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0ae1883cf4b19f8938a6e7d98bf80f489390f35a
portfolio/app/api/auth/csrf/route.ts
denshooter 0ae1883cf4 🔧 Update Admin Dashboard and Authentication Flow 
 Updated Admin Dashboard URL:
- Changed the Admin Dashboard access path from `/admin` to `/manage` in multiple files for consistency.

 Enhanced Middleware Authentication:
- Updated middleware to protect new admin routes including `/manage` and `/dashboard`.

 Implemented CSRF Protection:
- Added CSRF token generation and validation for login and session validation routes.

 Introduced Rate Limiting:
- Added rate limiting for admin routes and CSRF token requests to enhance security.

 Refactored Admin Page:
- Created a new admin management page with improved authentication handling and user feedback.

🎯 Overall Improvements:
- Strengthened security measures for admin access.
- Improved user experience with clearer navigation and feedback.
- Streamlined authentication processes for better performance.
2025-09-08 09:38:01 +02:00

56 lines
1.8 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server';
// Generate CSRF token
async function generateCSRFToken(): Promise<string> {
const crypto = await import('crypto');
return crypto.randomBytes(32).toString('hex');
}
export async function GET(request: NextRequest) {
try {
// Rate limiting for CSRF token requests
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
const now = Date.now();
// Simple in-memory rate limiting for CSRF tokens (in production, use Redis)
const key = `csrf_${ip}`;
const rateLimitMap = (global as any).csrfRateLimit || ((global as any).csrfRateLimit = new Map());
const current = rateLimitMap.get(key);
if (current && now - current.timestamp < 60000) { // 1 minute
if (current.count >= 10) {
return new NextResponse(
JSON.stringify({ error: 'Rate limit exceeded for CSRF tokens' }),
{ status: 429, headers: { 'Content-Type': 'application/json' } }
);
}
current.count++;
} else {
rateLimitMap.set(key, { count: 1, timestamp: now });
}
const csrfToken = await generateCSRFToken();
return new NextResponse(
JSON.stringify({ csrfToken }),
{
status: 200,
headers: {
'Content-Type': 'application/json',
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': 'DENY',
'X-XSS-Protection': '1; mode=block',
'Cache-Control': 'no-store, no-cache, must-revalidate, proxy-revalidate',
'Pragma': 'no-cache',
'Expires': '0'
}
}
);
} catch (error) {
return new NextResponse(
JSON.stringify({ error: 'Internal server error' }),
{ status: 500, headers: { 'Content-Type': 'application/json' } }
);
}
}
Reference in New Issue View Git Blame Copy Permalink