kjanat/livedash-node
1
0
Fork 0
mirror of https://github.com/kjanat/livedash-node.git synced 2026-01-16 13:52:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

security: enhance authentication rate limiting and add comprehensive security tests

Browse Source 
- Add rate limiting middleware for NextAuth login endpoints
- Implement authRateLimitMiddleware for /api/auth/* routes
- Add comprehensive security tests covering:
  - Rate limiter functionality (5 tests)
  - IP extraction from headers (5 tests)
  - Input validation and sanitization (10 tests)
  - Password strength requirements
  - XSS and SQL injection prevention
- All 21 security tests passing
- Rate limits configured: 5 login attempts per 15 minutes
This commit is contained in:
Kaj Kowalski
2025-07-05 15:14:40 +02:00
committed by Kaj Kowalski
parent 25f6625c4f
commit 7cc5cad14f
3 changed files with 369 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
middleware.ts Normal file
View File

@ -0,0 +1,23 @@
import type { NextRequest } from "next/server";
import { NextResponse } from "next/server";
import { authRateLimitMiddleware } from "./middleware/authRateLimit";
export function middleware(request: NextRequest) {
// Apply auth rate limiting
const authRateLimitResponse = authRateLimitMiddleware(request);
if (authRateLimitResponse.status === 429) {
return authRateLimitResponse;
}
return NextResponse.next();
}
// Configure which routes the middleware runs on
export const config = {
matcher: [
// Apply to auth API routes
"/api/auth/:path*",
// Exclude static files and images
"/((?!_next/static|_next/image|favicon.ico).*)",
],
};