elpatron/hoerdle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security audit improvements: authentication, path traversal protection, file validation, rate limiting, security headers

Browse Source
This commit is contained in:
Hördle Bot
2025-11-24 09:34:54 +01:00
parent 0f7d66c619
commit 2d6481a42f
11 changed files with 287 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/api/specials/route.ts
View File

@@ -1,5 +1,6 @@
import { PrismaClient, Special } from '@prisma/client';
import { NextResponse } from 'next/server';
import { requireAdminAuth } from '@/lib/auth';
const prisma = new PrismaClient();
@@ -16,6 +17,10 @@ export async function GET() {
}
export async function POST(request: Request) {
// Check authentication
const authError = await requireAdminAuth(request as any);
if (authError) return authError;
const { name, subtitle, maxAttempts = 7, unlockSteps = '[2,4,7,11,16,30,60]', launchDate, endDate, curator } = await request.json();
if (!name) {
return NextResponse.json({ error: 'Name is required' }, { status: 400 });
@@ -35,6 +40,10 @@ export async function POST(request: Request) {
}
export async function DELETE(request: Request) {
// Check authentication
const authError = await requireAdminAuth(request as any);
if (authError) return authError;
const { id } = await request.json();
if (!id) {
return NextResponse.json({ error: 'ID required' }, { status: 400 });
@@ -44,6 +53,10 @@ export async function DELETE(request: Request) {
}
export async function PUT(request: Request) {
// Check authentication
const authError = await requireAdminAuth(request as any);
if (authError) return authError;
const { id, name, subtitle, maxAttempts, unlockSteps, launchDate, endDate, curator } = await request.json();
if (!id) {
return NextResponse.json({ error: 'ID required' }, { status: 400 });