feat(api): implement rate limiting and SSRF protection across endpoints

- Added rate limiting to `reaction-users`, `search`, and `image-proxy` APIs to prevent abuse.
- Introduced SSRF protection in `image-proxy` to block requests to private IP ranges.
- Enhanced `link-preview` to use `linkedom` for HTML parsing and improved meta tag extraction.
- Refactored authentication checks in various pages to utilize middleware for cleaner code.
- Improved JWT key loading with error handling and security warnings for production.
- Updated `authFetch` utility to handle token refresh more efficiently with deduplication.
- Enhanced rate limiting utility to trust proxy headers from known sources.
- Numerous layout / design changes

src/layouts/Base.astro

@@ -3,6 +3,7 @@ interface Props {
   title?: string;
   description?: string;
   image?: string;
+  hideFooter?: boolean;
 }
 
 import Themes from "astro-themes";
@@ -13,6 +14,8 @@ import Nav from "./Nav.astro";
 import SubNav from "./SubNav.astro";
 import Footer from "../components/Footer.astro";
 
+import "@fontsource/ibm-plex-sans/500.css";
+import "@fontsource/ibm-plex-sans/600.css";
 import "@fontsource/geist-sans/400.css";
 import "@fontsource/geist-sans/600.css";
 import "@fontsource/geist-mono/400.css";
@@ -20,7 +23,7 @@ import "@fontsource/geist-mono/600.css";
 import "@styles/global.css";
 import "@fonts/fonts.css";
 
-const { title, description, image } = Astro.props;
+const { title, description, image, hideFooter = false } = Astro.props;
 const hostHeader = Astro.request?.headers?.get('host') || '';
 const host = hostHeader.split(':')[0];
 
@@ -76,7 +79,7 @@ if (import.meta.env.DEV) {
     </script>
   </head>
   <body
-    class="antialiased flex flex-col items-center mx-auto mt-2 lg:mt-8 mb-20 lg:mb-40
+    class="antialiased flex flex-col items-center mx-auto min-h-screen
     scrollbar-hide"
     style={`--brand-color: ${whitelabel?.brandColor ?? '#111827'}`}>
     
@@ -86,14 +89,14 @@ if (import.meta.env.DEV) {
     </div>
     
     <main
-      class="page-enter flex-auto min-w-0 mt-2 md:mt-6 flex flex-col px-6 sm:px-4 md:px-0 max-w-3xl w-full">
+      class="page-enter flex-auto min-w-0 mt-6 md:mt-8 flex flex-col px-4 sm:px-6 md:px-0 max-w-3xl w-full pb-8">
       <noscript>
   <div style="background: #f44336; color: white; padding: 1em; text-align: center;">
     This site requires JavaScript to function. Please enable JavaScript in your browser.
   </div>
 </noscript>
       <slot />
-      <Footer />
+      {!hideFooter && <Footer />}
     </main>
     <style>
       /* Minimal page transition to replace deprecated ViewTransitions */

src/layouts/Nav.astro

@@ -46,13 +46,13 @@ const currentPath = Astro.url.pathname;
 
 <script src="/scripts/nav-controls.js" defer data-api-url={API_URL}></script>
 
-<nav class="w-full px-4 sm:px-6 py-4 bg-transparent sticky top-0 z-50 backdrop-blur-sm bg-white/80 dark:bg-[#121212]/80 border-b border-neutral-200/50 dark:border-neutral-800/50">
+<nav class="w-full px-4 sm:px-6 py-3 sticky top-0 z-50 backdrop-blur-xl bg-white/75 dark:bg-[#0a0a0a]/75 border-b border-neutral-200/40 dark:border-neutral-800/40 shadow-sm shadow-neutral-900/5 dark:shadow-black/20">
   <div class="max-w-7xl mx-auto">
     <div class="nav-bar-row flex items-center gap-4 justify-between">
       <!-- Logo/Brand -->
       <a 
             href="/" 
-            class="text-xl sm:text-2xl font-semibold header-text whitespace-nowrap hover:opacity-80 transition-opacity">
+            class="text-xl sm:text-2xl font-bold tracking-tight bg-gradient-to-r from-neutral-900 to-neutral-600 dark:from-white dark:to-neutral-400 bg-clip-text text-transparent whitespace-nowrap hover:opacity-80 transition-opacity font-['IBM_Plex_Sans',sans-serif]">
             {metaData.title}
           </a>
 
@@ -76,10 +76,9 @@ const currentPath = Astro.url.pathname;
                 <a
                   href={item.href}
                   class={isActive 
-                    ? "flex items-center gap-0 px-2.5 py-1.5 rounded-md text-xs font-medium transition-all duration-200 text-white" 
-                    : "flex items-center gap-0 px-2.5 py-1.5 rounded-md text-xs font-medium transition-all duration-200 text-neutral-700 dark:text-neutral-300 hover:bg-neutral-100 dark:hover:bg-neutral-800"
+                    ? "flex items-center gap-0.5 px-3 py-1.5 rounded-lg text-[13px] font-semibold transition-all duration-200 text-white bg-neutral-900 dark:bg-white dark:text-neutral-900 shadow-sm font-['IBM_Plex_Sans',sans-serif]" 
+                    : "flex items-center gap-0.5 px-3 py-1.5 rounded-lg text-[13px] font-medium transition-all duration-200 text-neutral-600 dark:text-neutral-400 hover:text-neutral-900 dark:hover:text-white hover:bg-neutral-100 dark:hover:bg-neutral-800/60 font-['IBM_Plex_Sans',sans-serif]"
                   }
-                  style={isActive ? `background: #111827` : undefined}
                   target={isExternal ? "_blank" : undefined}
                   rel={(isExternal || isAuthedPath) ? "external" : undefined}
                   onclick={item.onclick}

src/layouts/subsites/defaultNav.astro

@@ -7,9 +7,9 @@ const currentPath = Astro.url.pathname;
 
 <script src="/scripts/nav-controls.js" defer data-api-url={API_URL}></script>
 
-<nav class="w-full px-4 sm:px-6 py-4 bg-transparent sticky top-0 z-50 backdrop-blur-sm bg-white/80 dark:bg-[#121212]/80 border-b border-neutral-200/50 dark:border-neutral-800/50">
+<nav class="w-full px-4 sm:px-6 py-3 sticky top-0 z-50 backdrop-blur-xl bg-white/75 dark:bg-[#0a0a0a]/75 border-b border-neutral-200/40 dark:border-neutral-800/40 shadow-sm shadow-neutral-900/5 dark:shadow-black/20">
   <div class="max-w-7xl mx-auto flex items-center justify-between">
-    <a href="/" class="text-xl sm:text-2xl font-semibold" style={`color: ${whitelabel?.brandColor ?? 'var(--brand-color)'}`}>
+    <a href="/" class="text-xl sm:text-2xl font-bold tracking-tight bg-gradient-to-r from-neutral-900 to-neutral-600 dark:from-white dark:to-neutral-400 bg-clip-text text-transparent whitespace-nowrap hover:opacity-80 transition-opacity font-['IBM_Plex_Sans',sans-serif]">
       {whitelabel?.logoText ?? 'Subsite'}
     </a>
     <div class="flex items-center gap-4">

src/layouts/subsites/reqNav.astro

@@ -7,7 +7,6 @@ import "@/assets/styles/nav.css";
 
 const whitelabel = Astro.props?.whitelabel ?? null;
 const currentPath = Astro.url.pathname;
-const activeColor = "#111827";
 const subsitePathPrefix = "/subsites/req";
 
 const user = await requireAuthHook(Astro);
@@ -46,12 +45,12 @@ const normalizedCurrent = normalize(trimmedPath);
 
 <script src="/scripts/nav-controls.js" defer data-api-url={API_URL}></script>
 
-<nav class="w-full px-4 sm:px-6 py-4 bg-transparent sticky top-0 z-50 backdrop-blur-sm bg-white/80 dark:bg-[#121212]/80 border-b border-neutral-200/50 dark:border-neutral-800/50">
+<nav class="w-full px-4 sm:px-6 py-3 sticky top-0 z-50 backdrop-blur-xl bg-white/75 dark:bg-[#0a0a0a]/75 border-b border-neutral-200/40 dark:border-neutral-800/40 shadow-sm shadow-neutral-900/5 dark:shadow-black/20">
   <div class="max-w-7xl mx-auto">
     <div class="nav-bar-row flex items-center gap-4 justify-between">
       <a
         href="/"
-        class="text-xl sm:text-2xl font-semibold header-text whitespace-nowrap hover:opacity-80 transition-opacity"
+        class="text-xl sm:text-2xl font-bold tracking-tight bg-gradient-to-r from-neutral-900 to-neutral-600 dark:from-white dark:to-neutral-400 bg-clip-text text-transparent whitespace-nowrap hover:opacity-80 transition-opacity font-['IBM_Plex_Sans',sans-serif]"
       >
         {whitelabel?.logoText ?? 'REQ'}
       </a>
@@ -73,9 +72,8 @@ const normalizedCurrent = normalize(trimmedPath);
                 <a
                   href={item.href}
                   class={isActive
-                    ? "flex items-center gap-0 px-2.5 py-1.5 rounded-md text-xs font-medium transition-all duration-200 text-white"
-                    : "flex items-center gap-0 px-2.5 py-1.5 rounded-md text-xs font-medium transition-all duration-200 text-neutral-700 dark:text-neutral-300 hover:bg-neutral-100 dark:hover:bg-neutral-800"}
-                  style={isActive ? `background: ${activeColor}` : undefined}
+                    ? "flex items-center gap-0.5 px-3 py-1.5 rounded-lg text-[13px] font-semibold transition-all duration-200 text-white bg-neutral-900 dark:bg-white dark:text-neutral-900 shadow-sm font-['IBM_Plex_Sans',sans-serif]"
+                    : "flex items-center gap-0.5 px-3 py-1.5 rounded-lg text-[13px] font-medium transition-all duration-200 text-neutral-600 dark:text-neutral-400 hover:text-neutral-900 dark:hover:text-white hover:bg-neutral-100 dark:hover:bg-neutral-800/60 font-['IBM_Plex_Sans',sans-serif]"}
                   target={isExternal ? "_blank" : undefined}
                   rel={(isExternal || isAuthedPath) ? "external" : undefined}
                   onclick={item.onclick}
@@ -158,9 +156,8 @@ const normalizedCurrent = normalize(trimmedPath);
               <a
                 href={item.href}
                 class={isActive
-                  ? "flex items-center gap-0 px-4 py-3 rounded-lg text-base font-medium transition-all duration-200 text-white"
-                  : "flex items-center gap-0 px-4 py-3 rounded-lg text-base font-medium transition-all duration-200 text-neutral-700 dark:text-neutral-300 hover:bg-neutral-100 dark:hover:bg-neutral-800"}
-                style={isActive ? `background: ${activeColor}` : undefined}
+                  ? "flex items-center gap-0 px-4 py-3 rounded-lg text-base font-medium transition-all duration-200 text-white bg-neutral-900 dark:bg-white dark:text-neutral-900 font-['IBM_Plex_Sans',sans-serif]"
+                  : "flex items-center gap-0 px-4 py-3 rounded-lg text-base font-medium transition-all duration-200 text-neutral-700 dark:text-neutral-300 hover:bg-neutral-100 dark:hover:bg-neutral-800 font-['IBM_Plex_Sans',sans-serif]"}
                 target={isExternal ? "_blank" : undefined}
                 rel={(isExternal || isAuthedPath) ? "external" : undefined}
                 onclick={item.onclick}