Security audit improvements: authentication, path traversal protection, file validation, rate limiting, security headers

2025-11-24 09:34:54 +01:00
parent 0f7d66c619
commit 2d6481a42f
11 changed files with 287 additions and 15 deletions
--- a/app/api/admin/daily-puzzles/route.ts
+++ b/app/api/admin/daily-puzzles/route.ts
@@ -1,5 +1,6 @@
 import { NextResponse } from 'next/server';
 import { PrismaClient } from '@prisma/client';
+import { requireAdminAuth } from '@/lib/auth';

 const prisma = new PrismaClient();

@@ -63,6 +64,10 @@ export async function GET() {
 }

 export async function DELETE(request: Request) {
+    // Check authentication
+    const authError = await requireAdminAuth(request as any);
+    if (authError) return authError;
+
    try {
        const { puzzleId } = await request.json();