Enhance API functionality and security: Added rate limiting and domain validation across multiple API endpoints, improved error handling for missing or invalid parameters, and refactored email handling in contact form for better security and maintainability. Updated README.md with production build instructions and prerequisites.

backend/api/ssl-check.php

@@ -1,12 +1,14 @@
 <?php
 /**
  * HexaDNS - SSL Certificate Check API
- * 
+ *
  * Prüft SSL-Zertifikat-Informationen einer Domain
- * 
+ *
  * Verwendung: GET /api/ssl-check.php?domain=example.com
  */
 
+require_once __DIR__ . '/../includes/api-helpers.php';
+
 header('Content-Type: application/json; charset=utf-8');
 header('Access-Control-Allow-Origin: *');
 header('Access-Control-Allow-Methods: GET, OPTIONS');
@@ -17,22 +19,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
     exit;
 }
 
-$domain = isset($_GET['domain']) ? trim($_GET['domain']) : '';
-
-if (empty($domain)) {
-    http_response_code(400);
-    echo json_encode(['error' => 'Domain-Parameter fehlt']);
-    exit;
+if (!checkApiRateLimit('ssl-check')) {
+    rejectApiRateLimit();
 }
 
-// Protokoll und Pfad entfernen
-$domain = preg_replace('/^(https?:\/\/)?/', '', $domain);
-$domain = explode('/', $domain)[0];
-$domain = explode(':', $domain)[0]; // Port entfernen
+$domain = getValidatedDomainParam();
 
-if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\-\.]*\.[a-zA-Z]{2,}$/', $domain)) {
+if ($domain === null) {
     http_response_code(400);
-    echo json_encode(['error' => 'Ungültiges Domain-Format']);
+    echo json_encode(['error' => empty($_GET['domain']) ? 'Domain-Parameter fehlt' : 'Ungültiges Domain-Format']);
     exit;
 }