adminpepe/Lageplan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.4: Security hardening - rate limiting, middleware, HSTS, password strength, anti-enumeration

Browse Source
This commit is contained in:
Pepe Ziberi
2026-02-21 18:55:10 +01:00
parent b75bf9bb30
commit 8ef2cbe68e
15 changed files with 289 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/app/api/auth/change-password/route.ts
View File

@@ -2,9 +2,16 @@ import { NextRequest, NextResponse } from 'next/server'
import { getSession } from '@/lib/auth'
import { prisma } from '@/lib/db'
import bcrypt from 'bcryptjs'
import { rateLimit, getClientIp, rateLimitResponse } from '@/lib/rate-limit'
const changePwLimiter = rateLimit({ id: 'change-pw', max: 5, windowSeconds: 60 * 15 })
export async function POST(req: NextRequest) {
try {
const ip = getClientIp(req)
const rl = changePwLimiter.check(ip)
if (!rl.success) return rateLimitResponse(rl.resetAt)
const user = await getSession()
if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
@@ -14,8 +21,8 @@ export async function POST(req: NextRequest) {
return NextResponse.json({ error: 'Beide Felder sind erforderlich' }, { status: 400 })
}
if (newPassword.length < 6) {
return NextResponse.json({ error: 'Neues Kennwort muss mindestens 6 Zeichen lang sein' }, { status: 400 })
if (newPassword.length < 8) {
return NextResponse.json({ error: 'Neues Kennwort muss mindestens 8 Zeichen lang sein' }, { status: 400 })
}
const dbUser = await (prisma as any).user.findUnique({