Initial commit: MOPC platform with Docker deployment setup

Full Next.js 15 platform with tRPC, Prisma, PostgreSQL, NextAuth. Includes production Dockerfile (multi-stage, port 7600), docker-compose with registry-based image pull, Gitea Actions CI workflow, nginx config for portal.monaco-opc.com, deployment scripts, and DEPLOYMENT.md guide. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 13:41:32 +01:00
commit a606292aaa
290 changed files with 70691 additions and 0 deletions
--- a/src/app/api/auth/[...nextauth]/route.ts
+++ b/src/app/api/auth/[...nextauth]/route.ts
@@ -0,0 +1,38 @@
+import { handlers } from '@/lib/auth'
+import { checkRateLimit } from '@/lib/rate-limit'
+
+const AUTH_RATE_LIMIT = 10 // requests per window
+const AUTH_RATE_WINDOW_MS = 60 * 1000 // 1 minute
+
+function getClientIp(req: Request): string {
+  return (
+    req.headers.get('x-forwarded-for')?.split(',')[0]?.trim() ||
+    req.headers.get('x-real-ip') ||
+    'unknown'
+  )
+}
+
+function withRateLimit(handler: (req: Request) => Promise<Response>) {
+  return async (req: Request) => {
+    // Only rate limit POST requests (sign-in, magic link sends)
+    if (req.method === 'POST') {
+      const ip = getClientIp(req)
+      const { success, resetAt } = checkRateLimit(`auth:${ip}`, AUTH_RATE_LIMIT, AUTH_RATE_WINDOW_MS)
+
+      if (!success) {
+        return new Response(JSON.stringify({ error: 'Too many authentication attempts' }), {
+          status: 429,
+          headers: {
+            'Content-Type': 'application/json',
+            'Retry-After': String(Math.ceil((resetAt - Date.now()) / 1000)),
+          },
+        })
+      }
+    }
+
+    return handler(req)
+  }
+}
+
+export const GET = handlers.GET
+export const POST = withRateLimit(handlers.POST as (req: Request) => Promise<Response>)