adminpepe/Lageplan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.4: Security hardening - rate limiting, middleware, HSTS, password strength, anti-enumeration

Browse Source
This commit is contained in:
Pepe Ziberi
2026-02-21 18:55:10 +01:00
parent b75bf9bb30
commit 8ef2cbe68e
15 changed files with 289 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/app/api/auth/delete-account/route.ts
View File

@@ -3,10 +3,15 @@ import { prisma } from '@/lib/db'
import { getSession } from '@/lib/auth'
import bcrypt from 'bcryptjs'
import { cookies } from 'next/headers'
import { deleteAccountLimiter, getClientIp, rateLimitResponse } from '@/lib/rate-limit'
// POST: User deletes their own account
export async function POST(req: NextRequest) {
try {
const ip = getClientIp(req)
const rl = deleteAccountLimiter.check(ip)
if (!rl.success) return rateLimitResponse(rl.resetAt)
const session = await getSession()
if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })