feat(api): implement rate limiting and SSRF protection across endpoints

- Added rate limiting to `reaction-users`, `search`, and `image-proxy` APIs to prevent abuse. - Introduced SSRF protection in `image-proxy` to block requests to private IP ranges. - Enhanced `link-preview` to use `linkedom` for HTML parsing and improved meta tag extraction. - Refactored authentication checks in various pages to utilize middleware for cleaner code. - Improved JWT key loading with error handling and security warnings for production. - Updated `authFetch` utility to handle token refresh more efficiently with deduplication. - Enhanced rate limiting utility to trust proxy headers from known sources. - Numerous layout / design changes
2025-12-05 14:21:52 -05:00
parent 55e4c5ff0c
commit e18aa3f42c
44 changed files with 3512 additions and 892 deletions
--- a/src/pages/TRip/requests.astro
+++ b/src/pages/TRip/requests.astro
@@ -1,19 +1,21 @@
 ---
 import Base from "@/layouts/Base.astro";
 import Root from "@/components/AppLayout.jsx";
-import { requireAuthHook } from "@/hooks/requireAuthHook";
-
-const user = await requireAuthHook(Astro);
-
-if (!user) {
-  return Astro.redirect('/login');
-}

+// Auth is handled by middleware - user available in Astro.locals.user
+// Middleware redirects to /login if not authenticated
+const user = Astro.locals.user as any;
 ---
 <Base>
-  <section>
-  <div class="prose prose-neutral dark:prose-invert">
-  <Root child="qs2.RequestManagement" client:only="react">
-  </Root>
+  <section class="page-section trip-section">
+    <Root child="qs2.RequestManagement" client:only="react" />
  </section>
 </Base>
+
+<style is:global>
+  /* Override main container width for TRip pages */
+  html:has(.trip-section) main.page-enter {
+    max-width: 1400px !important;
+    width: 100% !important;
+  }
+</style>