v1.0.4: Security hardening - rate limiting, middleware, HSTS, password strength, anti-enumeration

2026-02-21 18:55:10 +01:00
parent b75bf9bb30
commit 8ef2cbe68e
15 changed files with 289 additions and 14 deletions
--- a/src/app/api/auth/login/route.ts
+++ b/src/app/api/auth/login/route.ts
@@ -3,9 +3,14 @@ import { cookies } from 'next/headers'
 import { login, createToken } from '@/lib/auth'
 import { loginSchema } from '@/lib/validations'
 import { prisma } from '@/lib/db'
+import { loginLimiter, getClientIp, rateLimitResponse } from '@/lib/rate-limit'

 export async function POST(request: NextRequest) {
  try {
+    const ip = getClientIp(request)
+    const rl = loginLimiter.check(ip)
+    if (!rl.success) return rateLimitResponse(rl.resetAt)
+
    const body = await request.json()
    
    const validated = loginSchema.safeParse(body)