Enhance API functionality and security: Added rate limiting and domain validation across multiple API endpoints, improved error handling for missing or invalid parameters, and refactored email handling in contact form for better security and maintainability. Updated README.md with production build instructions and prerequisites.

backend/api/dns-lookup.php

@@ -1,12 +1,14 @@
 <?php
 /**
  * HexaDNS - DNS Lookup API
- * 
+ *
  * Führt echte DNS-Abfragen durch und gibt die Ergebnisse als JSON zurück.
- * 
+ *
  * Verwendung: GET /api/dns-lookup.php?domain=example.com
  */
 
+require_once __DIR__ . '/../includes/api-helpers.php';
+
 // CORS Headers für Frontend-Zugriff
 header('Content-Type: application/json; charset=utf-8');
 header('Access-Control-Allow-Origin: *');
@@ -19,26 +21,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
     exit;
 }
 
-// Nur GET-Anfragen erlauben
 if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
     http_response_code(405);
     echo json_encode(['error' => 'Nur GET-Anfragen erlaubt']);
     exit;
 }
 
-// Domain-Parameter prüfen
-$domain = isset($_GET['domain']) ? trim($_GET['domain']) : '';
-
-if (empty($domain)) {
-    http_response_code(400);
-    echo json_encode(['error' => 'Domain-Parameter fehlt']);
-    exit;
+if (!checkApiRateLimit('dns-lookup')) {
+    rejectApiRateLimit();
 }
 
-// Domain validieren (einfache Prüfung)
-if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9\-\.]*\.[a-zA-Z]{2,}$/', $domain)) {
+$domain = getValidatedDomainParam();
+
+if ($domain === null) {
     http_response_code(400);
-    echo json_encode(['error' => 'Ungültiges Domain-Format']);
+    echo json_encode(['error' => empty($_GET['domain']) ? 'Domain-Parameter fehlt' : 'Ungültiges Domain-Format']);
     exit;
 }