denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0ae1883cf4b19f8938a6e7d98bf80f489390f35a
portfolio/app/api/projects/route.ts
denshooter 0ae1883cf4 🔧 Update Admin Dashboard and Authentication Flow 
 Updated Admin Dashboard URL:
- Changed the Admin Dashboard access path from `/admin` to `/manage` in multiple files for consistency.

 Enhanced Middleware Authentication:
- Updated middleware to protect new admin routes including `/manage` and `/dashboard`.

 Implemented CSRF Protection:
- Added CSRF token generation and validation for login and session validation routes.

 Introduced Rate Limiting:
- Added rate limiting for admin routes and CSRF token requests to enhance security.

 Refactored Admin Page:
- Created a new admin management page with improved authentication handling and user feedback.

🎯 Overall Improvements:
- Strengthened security measures for admin access.
- Improved user experience with clearer navigation and feedback.
- Streamlined authentication processes for better performance.
2025-09-08 09:38:01 +02:00

120 lines
3.5 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/prisma';
import { apiCache } from '@/lib/cache';
import { requireAdminAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
export async function GET(request: NextRequest) {
try {
// Rate limiting
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
if (!checkRateLimit(ip, 10, 60000)) { // 10 requests per minute
return new NextResponse(
JSON.stringify({ error: 'Rate limit exceeded' }),
{
status: 429,
headers: {
'Content-Type': 'application/json',
...getRateLimitHeaders(ip, 10, 60000)
}
}
);
}
// Check admin authentication for admin endpoints
const url = new URL(request.url);
if (url.pathname.includes('/manage') || request.headers.get('x-admin-request') === 'true') {
const authError = requireAdminAuth(request);
if (authError) {
return authError;
}
}
const { searchParams } = new URL(request.url);
const page = parseInt(searchParams.get('page') || '1');
const limit = parseInt(searchParams.get('limit') || '50');
const category = searchParams.get('category');
const featured = searchParams.get('featured');
const published = searchParams.get('published');
const difficulty = searchParams.get('difficulty');
const search = searchParams.get('search');
// Check cache first
const cached = await apiCache.getProjects();
if (cached && !search) { // Don't cache search results
return NextResponse.json(cached);
}
const skip = (page - 1) * limit;
const where: Record<string, unknown> = {};
if (category) where.category = category;
if (featured !== null) where.featured = featured === 'true';
if (published !== null) where.published = published === 'true';
if (difficulty) where.difficulty = difficulty;
if (search) {
where.OR = [
{ title: { contains: search, mode: 'insensitive' } },
{ description: { contains: search, mode: 'insensitive' } },
{ tags: { hasSome: [search] } },
{ content: { contains: search, mode: 'insensitive' } }
];
}
const [projects, total] = await Promise.all([
prisma.project.findMany({
where,
orderBy: { createdAt: 'desc' },
skip,
take: limit
}),
prisma.project.count({ where })
]);
const result = {
projects,
total,
pages: Math.ceil(total / limit),
currentPage: page
};
// Cache the result (only for non-search queries)
if (!search) {
await apiCache.setProjects(result);
}
return NextResponse.json(result);
} catch (error) {
console.error('Error fetching projects:', error);
return NextResponse.json(
{ error: 'Failed to fetch projects' },
{ status: 500 }
);
}
}
export async function POST(request: NextRequest) {
try {
const data = await request.json();
const project = await prisma.project.create({
data: {
...data,
performance: data.performance || { lighthouse: 90, bundleSize: '50KB', loadTime: '1.5s' },
analytics: data.analytics || { views: 0, likes: 0, shares: 0 }
}
});
// Invalidate cache
await apiCache.invalidateAll();
return NextResponse.json(project);
} catch (error) {
console.error('Error creating project:', error);
return NextResponse.json(
{ error: 'Failed to create project' },
{ status: 500 }
);
}
}
Reference in New Issue View Git Blame Copy Permalink