kjanat/livedash-node
1
0
Fork 0
mirror of https://github.com/kjanat/livedash-node.git synced 2026-01-16 14:32:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: comprehensive security and type improvements from PR #20 review

Browse Source 
Security Enhancements:
- Implemented proper rate limiting with automatic cleanup for /register and /forgot-password endpoints
- Added memory usage protection with MAX_ENTRIES limit (10000)
- Fixed rate limiter memory leaks by adding cleanup intervals
- Improved IP extraction with x-real-ip and x-client-ip header support

Code Quality Improvements:
- Refactored ProcessingStatusManager from individual functions to class-based architecture
- Maintained backward compatibility with singleton instance pattern
- Fixed TypeScript strict mode violations across the codebase
- Resolved all build errors and type mismatches

UI Component Fixes:
- Removed unused chart components (Charts.tsx, DonutChart.tsx)
- Fixed calendar component type issues by removing unused custom implementations
- Resolved theme provider type imports
- Fixed confetti component default options handling
- Corrected pointer component coordinate type definitions

Type System Improvements:
- Extended NextAuth types to support dual auth systems (regular and platform users)
- Fixed nullable type handling throughout the codebase
- Resolved Prisma JSON field type compatibility issues
- Corrected SessionMessage and ImportRecord interface definitions
- Fixed ES2015 iteration compatibility issues

Database & Performance:
- Updated database pool configuration for Prisma adapter compatibility
- Fixed pagination response structure in user management endpoints
- Improved error handling with proper error class usage

Testing & Build:
- All TypeScript compilation errors resolved
- ESLint warnings remain but no errors
- Build completes successfully with proper static generation
This commit is contained in:
Kaj Kowalski
2025-06-30 19:15:25 +02:00
parent 5042a6c016
commit 38aff21c3a
32 changed files with 1002 additions and 929 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/api/forgot-password/route.ts
View File

@ -4,11 +4,30 @@ import { prisma } from "../../../lib/prisma";
import { sendEmail } from "../../../lib/sendEmail";
import { forgotPasswordSchema, validateInput } from "../../../lib/validation";
// In-memory rate limiting for password reset requests
// In-memory rate limiting with automatic cleanup
const resetAttempts = new Map<string, { count: number; resetTime: number }>();
const CLEANUP_INTERVAL = 5 * 60 * 1000;
const MAX_ENTRIES = 10000;
setInterval(() => {
const now = Date.now();
resetAttempts.forEach((attempts, ip) => {
if (now > attempts.resetTime) {
resetAttempts.delete(ip);
}
});
}, CLEANUP_INTERVAL);
function checkRateLimit(ip: string): boolean {
const now = Date.now();
// Prevent unbounded growth
if (resetAttempts.size > MAX_ENTRIES) {
const entries = Array.from(resetAttempts.entries());
entries.sort((a, b) => a[1].resetTime - b[1].resetTime);
entries.slice(0, Math.floor(MAX_ENTRIES / 2)).forEach(([ip]) => {
resetAttempts.delete(ip);
});
}
const attempts = resetAttempts.get(ip);
if (!attempts || now > attempts.resetTime) {