Enhance API functionality and security: Added rate limiting and domain validation across multiple API endpoints, improved error handling for missing or invalid parameters, and refactored email handling in contact form for better security and maintainability. Updated README.md with production build instructions and prerequisites.

2026-06-02 15:38:43 +00:00 · 2026-05-22 14:50:20 +02:00
parent 5f5be4a4cb
commit ebf6f82bb6
21 changed files with 1007 additions and 355 deletions
--- a/backend/api/whois-lookup.php
+++ b/backend/api/whois-lookup.php
@@ -1,12 +1,14 @@
 <?php
 /**
 * HexaDNS - WHOIS Lookup API
- * 
+ *
 * Ruft WHOIS-Informationen für eine Domain ab
- * 
+ *
 * Verwendung: GET /api/whois-lookup.php?domain=example.com
 */

+require_once __DIR__ . '/../includes/api-helpers.php';
+
 header('Content-Type: application/json; charset=utf-8');
 header('Access-Control-Allow-Origin: *');
 header('Access-Control-Allow-Methods: GET, OPTIONS');
@@ -17,7 +19,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    exit;
 }

-$domain = isset($_GET['domain']) ? trim($_GET['domain']) : '';
+if (!checkApiRateLimit('whois-lookup')) {
+    rejectApiRateLimit();
+}
+
+$domain = isset($_GET['domain']) ? trim((string) $_GET['domain']) : '';

 if (empty($domain)) {
    http_response_code(400);