fix: comprehensive security and type improvements from PR #20 review

Security Enhancements: - Implemented proper rate limiting with automatic cleanup for /register and /forgot-password endpoints - Added memory usage protection with MAX_ENTRIES limit (10000) - Fixed rate limiter memory leaks by adding cleanup intervals - Improved IP extraction with x-real-ip and x-client-ip header support Code Quality Improvements: - Refactored ProcessingStatusManager from individual functions to class-based architecture - Maintained backward compatibility with singleton instance pattern - Fixed TypeScript strict mode violations across the codebase - Resolved all build errors and type mismatches UI Component Fixes: - Removed unused chart components (Charts.tsx, DonutChart.tsx) - Fixed calendar component type issues by removing unused custom implementations - Resolved theme provider type imports - Fixed confetti component default options handling - Corrected pointer component coordinate type definitions Type System Improvements: - Extended NextAuth types to support dual auth systems (regular and platform users) - Fixed nullable type handling throughout the codebase - Resolved Prisma JSON field type compatibility issues - Corrected SessionMessage and ImportRecord interface definitions - Fixed ES2015 iteration compatibility issues Database & Performance: - Updated database pool configuration for Prisma adapter compatibility - Fixed pagination response structure in user management endpoints - Improved error handling with proper error class usage Testing & Build: - All TypeScript compilation errors resolved - ESLint warnings remain but no errors - Build completes successfully with proper static generation
2026-01-16 15:52:10 +01:00 · 2025-06-30 19:15:25 +02:00
parent 5042a6c016
commit 38aff21c3a
32 changed files with 1002 additions and 929 deletions
--- a/lib/database-pool.ts
+++ b/lib/database-pool.ts
@ -3,7 +3,7 @@
 import { PrismaPg } from "@prisma/adapter-pg";
 import { PrismaClient } from "@prisma/client";
 import { Pool } from "pg";
-import { env } from "./env.js";
+import { env } from "./env";

 // Enhanced connection pool configuration
 const createConnectionPool = () => {
@ -66,8 +66,29 @@ const createConnectionPool = () => {

 // Create adapter with connection pool
 export const createEnhancedPrismaClient = () => {
-  const pool = createConnectionPool();
-  const adapter = new PrismaPg(pool);
+  // Parse DATABASE_URL to get connection parameters
+  const dbUrl = new URL(env.DATABASE_URL);
+  
+  const poolConfig = {
+    host: dbUrl.hostname,
+    port: parseInt(dbUrl.port || "5432"),
+    database: dbUrl.pathname.slice(1), // Remove leading '/'
+    user: dbUrl.username,
+    password: decodeURIComponent(dbUrl.password),
+    ssl: dbUrl.searchParams.get("sslmode") !== "disable" ? { rejectUnauthorized: false } : undefined,
+    
+    // Connection pool settings
+    max: 20, // Maximum number of connections
+    idleTimeoutMillis: 30000, // 30 seconds
+    connectionTimeoutMillis: 5000, // 5 seconds
+    query_timeout: 10000, // 10 seconds
+    statement_timeout: 10000, // 10 seconds
+    
+    // Connection lifecycle
+    allowExitOnIdle: true,
+  };
+  
+  const adapter = new PrismaPg(poolConfig);

  return new PrismaClient({
    adapter,