security: critical fixes from audit

- Rotate 5 exposed production secrets (JWT, ENCRYPTION, ADMIN, POSTGRES, REDIS)
- Fix MOCK_PAYMENTS opt-in (now defaults to disabled)
- HMAC-SHA256 webhook verification with timing-safe comparison
- Purge dangling git blobs (git gc --prune=now)
- Rate limiting on auth routes (10/15min per IP)
- CORS middleware restricted to falahos.my
- Fix walletBalance → flhBalance (Prisma schema mismatch)
This commit is contained in:
2026-06-27 17:54:34 +08:00
parent bfd3509add
commit 0c3521ba4c
8 changed files with 127 additions and 24 deletions
+11 -1
View File
@@ -1,9 +1,19 @@
import { NextRequest, NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
import { UMMAHID_URL } from "@/lib/auth";
import { checkRateLimit, getClientIp } from "@/lib/rate-limit";
export async function POST(req: NextRequest) {
try {
const ip = getClientIp(req);
const { allowed } = checkRateLimit(ip);
if (!allowed) {
return NextResponse.json(
{ error: "Too many requests. Try again later." },
{ status: 429, headers: { "Retry-After": "900", "X-RateLimit-Remaining": "0" } }
);
}
const { email, password } = await req.json();
if (!email || !password) {
@@ -40,7 +50,7 @@ export async function POST(req: NextRequest) {
name: ummahUser?.name || email?.split("@")[0] || "User",
provider: "ummahid",
providerId: ummahUser.id,
walletBalance: 5000,
flhBalance: 5000,
},
});
}