v1.6.1: Sicherheit – Rate Limiting, Default-PW via Env, AUTH_SECRET Pflicht, Bcrypt 12

2026-05-11 13:26:51 +02:00
parent 0ea960259c
commit 9bea0a11de
33 changed files with 991 additions and 13 deletions
@@ -1,7 +1,11 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { query } from '@/lib/db';
+import { getSession } from '@/lib/session';

 export async function GET(request: NextRequest) {
+  const session = await getSession();
+  if (!session) return NextResponse.json({ error: 'Nicht angemeldet' }, { status: 401 });
+
  const { searchParams } = new URL(request.url);
  const kuppel = searchParams.get('kuppel') || 'West';
  const year = parseInt(searchParams.get('year') || String(new Date().getFullYear()), 10);