denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c8db7ea78c4a7bbc12fedf1499ca4c493bef4f55
portfolio/app/api/projects/import/route.ts
denshooter 9072faae43 refactor: enhance security and performance in configuration and API routes 
- Update Content Security Policy (CSP) in next.config.ts to avoid `unsafe-eval` in production, improving security against XSS attacks.
- Refactor API routes to enforce admin authentication and session validation, ensuring secure access to sensitive endpoints.
- Optimize analytics data retrieval by using database aggregation instead of loading all records into memory, improving performance and reducing memory usage.
- Implement session token creation and verification for better session management and security across the application.
- Enhance error handling and input validation in various API routes to ensure robustness and prevent potential issues.
2026-01-11 22:44:26 +01:00

100 lines
3.5 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server';
import { projectService } from '@/lib/prisma';
import { requireSessionAuth } from '@/lib/auth';
export async function POST(request: NextRequest) {
try {
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
if (!isAdminRequest) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
const authError = requireSessionAuth(request);
if (authError) return authError;
const body = await request.json();
// Validate import data structure
if (!body.projects || !Array.isArray(body.projects)) {
return NextResponse.json(
{ error: 'Invalid import data format' },
{ status: 400 }
);
}
const results = {
imported: 0,
skipped: 0,
errors: [] as string[]
};
// Preload existing titles once (avoid O(n^2) DB reads during import)
const existingProjectsResult = await projectService.getAllProjects({ limit: 10000 });
const existingProjects = existingProjectsResult.projects || existingProjectsResult;
const existingTitles = new Set(existingProjects.map(p => p.title));
// Process each project
for (const projectData of body.projects) {
try {
// Check if project already exists (by title)
const exists = existingTitles.has(projectData.title);
if (exists) {
results.skipped++;
results.errors.push(`Project "${projectData.title}" already exists`);
continue;
}
// Create new project
await projectService.createProject({
title: projectData.title,
description: projectData.description,
content: projectData.content,
tags: projectData.tags || [],
category: projectData.category,
featured: projectData.featured || false,
github: projectData.github,
live: projectData.live,
published: projectData.published !== false, // Default to true
imageUrl: projectData.imageUrl,
difficulty: projectData.difficulty || 'Intermediate',
timeToComplete: projectData.timeToComplete,
technologies: projectData.technologies || [],
challenges: projectData.challenges || [],
lessonsLearned: projectData.lessonsLearned || [],
futureImprovements: projectData.futureImprovements || [],
demoVideo: projectData.demoVideo,
screenshots: projectData.screenshots || [],
colorScheme: projectData.colorScheme || 'Dark',
accessibility: projectData.accessibility !== false, // Default to true
performance: projectData.performance || {
lighthouse: 0,
bundleSize: '0KB',
loadTime: '0s'
},
analytics: projectData.analytics || {
views: 0,
likes: 0,
shares: 0
}
});
results.imported++;
existingTitles.add(projectData.title);
} catch (error) {
results.skipped++;
results.errors.push(`Failed to import "${projectData.title}": ${error instanceof Error ? error.message : 'Unknown error'}`);
}
}
return NextResponse.json({
success: true,
message: `Import completed: ${results.imported} imported, ${results.skipped} skipped`,
results
});
} catch (error) {
console.error('Import error:', error);
return NextResponse.json(
{ error: 'Failed to import projects' },
{ status: 500 }
);
}
}
Reference in New Issue View Git Blame Copy Permalink