everything

Author: Sparths

app/api/admin/verify/route.tsx

@@ -9,12 +9,15 @@ const adminSupabase = supabaseServiceKey ?
   createClient(supabaseUrl, supabaseServiceKey) : 
   null;
 
-// List of authorized admin user IDs and usernames
-const AUTHORIZED_ADMINS = [
-  'f8adc96a-496f-412b-af15-20bd3cd66b3c', // Original admin ID
-  'Sparths', // Admin username
-  'sparths', // Lowercase version
-];
+// Get admin list from environment variables
+const getAuthorizedAdmins = (): string[] => {
+  const adminList = process.env.AUTHORIZED_ADMINS;
+  if (!adminList) {
+    console.error('AUTHORIZED_ADMINS environment variable not set');
+    return [];
+  }
+  return adminList.split(',').map(admin => admin.trim());
+};
 
 // Input sanitization
 const sanitizeInput = (input: string): string => {
@@ -36,9 +39,17 @@ export async function POST(request: Request) {
     }
 
     const sanitizedUserId = sanitizeInput(userId);
+    const authorizedAdmins = getAuthorizedAdmins();
+
+    if (authorizedAdmins.length === 0) {
+      return NextResponse.json(
+        { error: "Admin configuration error" },
+        { status: 500 }
+      );
+    }
 
     // First check if user ID is directly in the authorized list
-    if (AUTHORIZED_ADMINS.includes(sanitizedUserId)) {
+    if (authorizedAdmins.includes(sanitizedUserId)) {
       console.log("User found in direct admin list:", sanitizedUserId);
 
       // Create admin session token for subsequent requests
@@ -55,7 +66,7 @@ export async function POST(request: Request) {
         success: true,
         isAdmin: true,
         userId: sanitizedUserId,
-        adminToken: adminToken // Return this token for subsequent admin API calls
+        adminToken: adminToken
       });
     }
 
@@ -89,10 +100,10 @@ export async function POST(request: Request) {
         console.log("Found user in database:", user);
 
         // Check if user ID, username, or display_name is in admin list
-        const isAdmin = AUTHORIZED_ADMINS.includes(user.id) || 
-                       AUTHORIZED_ADMINS.includes(user.username) ||
-                       AUTHORIZED_ADMINS.includes(user.username.toLowerCase()) ||
-                       AUTHORIZED_ADMINS.includes(user.display_name);
+        const isAdmin = authorizedAdmins.includes(user.id) || 
+                       authorizedAdmins.includes(user.username) ||
+                       authorizedAdmins.includes(user.username.toLowerCase()) ||
+                       authorizedAdmins.includes(user.display_name);
 
         if (isAdmin) {
           console.log("User verified as admin");
@@ -111,7 +122,7 @@ export async function POST(request: Request) {
             success: true,
             isAdmin: true,
             userId: sanitizedUserId,
-            adminToken: adminToken // Return this token for subsequent admin API calls
+            adminToken: adminToken
           });
         } else {
           console.log("User not in admin list:", {
@@ -163,9 +174,10 @@ export async function GET(request: Request) {
     }
 
     const sanitizedUserId = sanitizeInput(userId);
+    const authorizedAdmins = getAuthorizedAdmins();
 
     // Quick check against admin list
-    const isAdmin = AUTHORIZED_ADMINS.includes(sanitizedUserId);
+    const isAdmin = authorizedAdmins.includes(sanitizedUserId);
 
     // If not found directly, check database
     if (!isAdmin && adminSupabase) {
@@ -177,10 +189,10 @@ export async function GET(request: Request) {
           .single();
 
         if (!error && user) {
-          const dbIsAdmin = AUTHORIZED_ADMINS.includes(user.id) || 
-                           AUTHORIZED_ADMINS.includes(user.username) ||
-                           AUTHORIZED_ADMINS.includes(user.username.toLowerCase()) ||
-                           AUTHORIZED_ADMINS.includes(user.display_name);
+          const dbIsAdmin = authorizedAdmins.includes(user.id) || 
+                           authorizedAdmins.includes(user.username) ||
+                           authorizedAdmins.includes(user.username.toLowerCase()) ||
+                           authorizedAdmins.includes(user.display_name);
 
           return NextResponse.json({
             isAdmin: dbIsAdmin,

app/request/requestpage.tsx

@@ -88,27 +88,30 @@ const handleFinalSubmit = async () => {
       message: "Submitting your request...",
     });
 
-    console.log("Submitting project with user ID:", user.id); // Add this for debugging
+    console.log("Submitting project with user:", user); // Better logging
 
     const response = await fetch("/api/project-requests", {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: { 
+        "Content-Type": "application/json",
+        // Add authentication header if needed
+        ...(user.token && { "Authorization": `Bearer ${user.token}` })
+      },
       body: JSON.stringify({
         title: projectRequest.title,
         githubLink: projectRequest.githubLink,
         description: projectRequest.description,
         reason: projectRequest.reason,
-        userId: user.id,  // Make sure this is correct
+        userId: user.id,
       }),
     });
 
+    const responseData = await response.json();
+
     if (!response.ok) {
-      const errorData = await response.json();
-      throw new Error(errorData.error || "Failed to submit request");
+      throw new Error(responseData.error || "Failed to submit request");
     }
 
- 
-
     setSubmissionStatus({
       status: "success",
       message: "Thank you for your submission! Your project request has been received and will be reviewed by our team. You can check the status in your profile."
@@ -126,11 +129,11 @@ const handleFinalSubmit = async () => {
       router.push('/profile?tab=my-requests');
     }, 3000);
   } catch (error) {
+    console.error("Error submitting project request:", error);
     setSubmissionStatus({
       status: "error",
-      message: "Failed to submit project request. Please try again."
+      message: error instanceof Error ? error.message : "Failed to submit project request. Please try again."
     });
-    console.error("Error submitting project request:", error);
   }
 };
 

components/Navbar.tsx

@@ -29,8 +29,7 @@ import {
   DropdownMenuTrigger,
 } from "@/components/ui/dropdown-menu";
 
-// Define owner ID - replace with your actual owner user ID
-const OWNER_ID = "Sparths";
+
 
 interface NavLinkProps {
   icon: React.ElementType;
@@ -70,15 +69,25 @@ const Navbar = () => {
   const [activeNav, setActiveNav] = useState("/");
   const [showAuthDialog, setShowAuthDialog] = useState(false);
 
+  
+
   const { user, isAuthenticated, logout } = useAuth();
 
+
+  const getOwnerIds = (): string[] => {
+  // You can make this configurable via props or context if needed
+  return process.env.NEXT_PUBLIC_AUTHORIZED_ADMINS?.split(',').map(admin => admin.trim()) || [];
+};
   // Check if user is the owner
-  const isOwner = user && (user.id === OWNER_ID || user.username === OWNER_ID);
+  const ownerIds = getOwnerIds();
+const isOwner = user && (ownerIds.includes(user.id) || ownerIds.includes(user.username));   
 
   useEffect(() => {
     setActiveNav(pathname);
   }, [pathname]);
 
+  
+
   return (
     <nav className="fixed top-0 w-full bg-slate-900/90 backdrop-blur-lg border-b border-slate-700 z-50">
       <div className="max-w-6xl mx-auto px-4">

lib/env-check.ts

@@ -0,0 +1,33 @@
+// lib/env-check.ts
+export function validateEnvironment() {
+  const requiredEnvVars = [
+    'NEXT_PUBLIC_SUPABASE_URL',
+    'NEXT_PUBLIC_SUPABASE_ANON_KEY',
+    'SUPABASE_SERVICE_ROLE_KEY',
+    'AUTHORIZED_ADMINS'
+  ];
+
+  const missing = requiredEnvVars.filter(varName => !process.env[varName]);
+  
+  if (missing.length > 0) {
+    throw new Error(`Missing required environment variables: ${missing.join(', ')}`);
+  }
+}
+
+// For client-side environment validation
+export function validateClientEnvironment() {
+  if (typeof window !== 'undefined') {
+    const requiredClientVars = [
+      'NEXT_PUBLIC_SUPABASE_URL',
+      'NEXT_PUBLIC_SUPABASE_ANON_KEY'
+    ];
+
+    const missing = requiredClientVars.filter(varName => !process.env[varName]);
+    
+    if (missing.length > 0) {
+      console.error(`Missing required client environment variables: ${missing.join(', ')}`);
+      return false;
+    }
+  }
+  return true;
+}

lib/rate-limiter.ts

@@ -12,16 +12,16 @@ interface RateLimitConfig {
 // Rate limiting store (in production, use Redis or a database)
 const rateLimitStore = new Map<string, RateLimitRecord>();
 
-// More reasonable rate limiting configurations
+// Much higher rate limiting configurations
 const RATE_LIMIT_CONFIGS: Record<string, RateLimitConfig> = {
-  'users_create': { maxRequests: 5, windowMs: 15 * 60 * 1000 }, // 5 registrations per 15 minutes
-  'users_login': { maxRequests: 10, windowMs: 15 * 60 * 1000 }, // 10 login attempts per 15 minutes
-  'users_update': { maxRequests: 10, windowMs: 5 * 60 * 1000 }, // 10 updates per 5 minutes
-  'users_get': { maxRequests: 100, windowMs: 5 * 60 * 1000 }, // 100 gets per 5 minutes
-  'project_requests': { maxRequests: 5, windowMs: 60 * 60 * 1000 }, // 5 requests per hour
-  'comments': { maxRequests: 30, windowMs: 5 * 60 * 1000 }, // 30 comments per 5 minutes
-  'ratings': { maxRequests: 50, windowMs: 60 * 60 * 1000 }, // 50 ratings per hour
-  'default': { maxRequests: 200, windowMs: 15 * 60 * 1000 } // Default rate limit
+  'users_create': { maxRequests: 50, windowMs: 15 * 60 * 1000 }, // 50 registrations per 15 minutes
+  'users_login': { maxRequests: 100, windowMs: 15 * 60 * 1000 }, // 100 login attempts per 15 minutes
+  'users_update': { maxRequests: 100, windowMs: 5 * 60 * 1000 }, // 100 updates per 5 minutes
+  'users_get': { maxRequests: 1000, windowMs: 5 * 60 * 1000 }, // 1000 gets per 5 minutes
+  'project_requests': { maxRequests: 50, windowMs: 60 * 60 * 1000 }, // 50 requests per hour
+  'comments': { maxRequests: 500, windowMs: 5 * 60 * 1000 }, // 500 comments per 5 minutes
+  'ratings': { maxRequests: 500, windowMs: 60 * 60 * 1000 }, // 500 ratings per hour
+  'default': { maxRequests: 2000, windowMs: 15 * 60 * 1000 } // 2000 requests per 15 minutes
 };
 
 function getClientIP(request: Request): string {

lib/supabase.ts

@@ -300,11 +300,14 @@ export type Database = {
   }
 }
 
-const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
-const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
+const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
+const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
 
 if (!supabaseUrl || !supabaseKey) {
-  throw new Error('Missing Supabase environment variables');
+  console.error('Missing Supabase environment variables:');
+  console.error('NEXT_PUBLIC_SUPABASE_URL:', !!supabaseUrl);
+  console.error('NEXT_PUBLIC_SUPABASE_ANON_KEY:', !!supabaseKey);
+  throw new Error('Missing required Supabase environment variables. Please check your .env.local file.');
 }
 
 const supabase = createClient<Database>(supabaseUrl, supabaseKey, {

middleware.ts

@@ -5,14 +5,14 @@ import type { NextRequest } from 'next/server';
 // Rate limiting store (in production, use Redis or a database)
 const rateLimitStore = new Map<string, { count: number; resetTime: number }>();
 
-// Rate limiting configuration - More reasonable limits
+// Much higher rate limiting configuration
 const RATE_LIMIT_CONFIG = {
-  '/api/auth': { maxRequests: 10, windowMs: 15 * 60 * 1000 }, // 10 requests per 15 minutes
-  '/api/project-requests': { maxRequests: 5, windowMs: 60 * 60 * 1000 }, // 5 requests per hour
-  '/api/comments': { maxRequests: 20, windowMs: 5 * 60 * 1000 }, // 20 requests per 5 minutes
-  '/api/ratings': { maxRequests: 30, windowMs: 60 * 60 * 1000 }, // 30 requests per hour
-  '/api/users': { maxRequests: 15, windowMs: 15 * 60 * 1000 }, // 15 requests per 15 minutes
-  'default': { maxRequests: 100, windowMs: 15 * 60 * 1000 } // Default rate limit
+  '/api/auth': { maxRequests: 100, windowMs: 15 * 60 * 1000 }, // 100 requests per 15 minutes
+  '/api/project-requests': { maxRequests: 50, windowMs: 60 * 60 * 1000 }, // 50 requests per hour
+  '/api/comments': { maxRequests: 500, windowMs: 5 * 60 * 1000 }, // 500 requests per 5 minutes
+  '/api/ratings': { maxRequests: 500, windowMs: 60 * 60 * 1000 }, // 500 requests per hour
+  '/api/users': { maxRequests: 150, windowMs: 15 * 60 * 1000 }, // 150 requests per 15 minutes
+  'default': { maxRequests: 2000, windowMs: 15 * 60 * 1000 } // 2000 requests per 15 minutes
 };
 
 function getClientIP(request: NextRequest): string {