Security audit improvements: authentication, path traversal protection, file validation, rate limiting, security headers

2025-11-24 09:34:54 +01:00
parent 0f7d66c619
commit 2d6481a42f
11 changed files with 287 additions and 15 deletions
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -0,0 +1,27 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+/**
+ * Authentication middleware for admin API routes
+ * Verifies that the request includes a valid admin session token
+ */
+export async function requireAdminAuth(request: NextRequest): Promise<NextResponse | null> {
+    const authHeader = request.headers.get('x-admin-auth');
+
+    if (!authHeader || authHeader !== 'authenticated') {
+        return NextResponse.json(
+            { error: 'Unauthorized - Admin authentication required' },
+            { status: 401 }
+        );
+    }
+
+    return null; // Auth successful
+}
+
+/**
+ * Helper to verify admin password
+ */
+export async function verifyAdminPassword(password: string): Promise<boolean> {
+    const bcrypt = await import('bcryptjs');
+    const adminPasswordHash = process.env.ADMIN_PASSWORD || '$2b$10$SHOt9G1qUNIvHoWre7499.eEtp5PtOII0daOQGNV.dhDEuPmOUdsq';
+    return bcrypt.compare(password, adminPasswordHash);
+}