adminpepe/Lageplan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.4: Security hardening - rate limiting, middleware, HSTS, password strength, anti-enumeration

Browse Source
This commit is contained in:
Pepe Ziberi
2026-02-21 18:55:10 +01:00
parent b75bf9bb30
commit 8ef2cbe68e
15 changed files with 289 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/app/api/auth/register/route.ts
View File

@@ -4,16 +4,21 @@ import { hashPassword } from '@/lib/auth'
import { sendEmail } from '@/lib/email'
import { randomBytes } from 'crypto'
import { z } from 'zod'
import { registerLimiter, getClientIp, rateLimitResponse } from '@/lib/rate-limit'
const registerSchema = z.object({
organizationName: z.string().min(2, 'Organisationsname zu kurz').max(200),
name: z.string().min(2, 'Name zu kurz').max(200),
email: z.string().email('Ungültige E-Mail-Adresse'),
password: z.string().min(6, 'Passwort muss mindestens 6 Zeichen haben'),
password: z.string().min(8, 'Passwort muss mindestens 8 Zeichen haben'),
})
export async function POST(req: NextRequest) {
try {
const ip = getClientIp(req)
const rl = registerLimiter.check(ip)
if (!rl.success) return rateLimitResponse(rl.resetAt)
const body = await req.json()
const data = registerSchema.parse(body)