feat(api): implement rate limiting and SSRF protection across endpoints

- Added rate limiting to `reaction-users`, `search`, and `image-proxy` APIs to prevent abuse. - Introduced SSRF protection in `image-proxy` to block requests to private IP ranges. - Enhanced `link-preview` to use `linkedom` for HTML parsing and improved meta tag extraction. - Refactored authentication checks in various pages to utilize middleware for cleaner code. - Improved JWT key loading with error handling and security warnings for production. - Updated `authFetch` utility to handle token refresh more efficiently with deduplication. - Enhanced rate limiting utility to trust proxy headers from known sources. - Numerous layout / design changes
2025-12-05 14:21:52 -05:00
parent 55e4c5ff0c
commit e18aa3f42c
44 changed files with 3512 additions and 892 deletions
--- a/src/components/Login.jsx
+++ b/src/components/Login.jsx
@@ -103,7 +103,7 @@ export default function LoginPage({ loggedIn = false }) {
                <div className="max-w-md w-full bg-white dark:bg-[#1E1E1E] rounded-2xl shadow-xl px-10 py-8 text-center">
                    <img className="logo-auth mx-auto mb-4" src="/images/zim.png" alt="Logo" />
                    <h2 className="text-2xl font-semibold text-gray-900 dark:text-white mb-4">You're already logged in</h2>
-                    <p className="text-sm text-gray-800 dark:text-gray-300 mb-4">You do not have permission to access this resource.
+                    <p className="text-sm text-gray-800 dark:text-gray-300 mb-4">But you do not have permission to access this resource.
                    </p>
                    <p className="text-xs italic text-gray-800 dark:text-gray-300 mb-4">
                        If you feel you have received this message in error, scream at codey.