fix: security hardening, UI fixes, and validation improvements

- Fix header nav overflow by switching to lg: breakpoint with tighter gaps - Fix file upload path traversal by whitelisting allowed folders and extensions - Fix BookingModal using hardcoded content instead of DB-backed data - Add input length validation on public master-class registration API - Add ID validation on team member and reorder API routes - Fix BookingModal useCallback missing groupInfo/contact dependencies - Improve admin news date field to use native date picker - Add missing Мастер-классы and Новости cards to admin dashboard Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 17:37:29 +03:00
parent 26cb9a9772
commit 3ac6a4d840
8 changed files with 73 additions and 31 deletions
--- a/src/app/admin/news/page.tsx
+++ b/src/app/admin/news/page.tsx
@@ -122,12 +122,15 @@ export default function NewsEditorPage() {
                    value={item.title}
                    onChange={(v) => updateItem({ ...item, title: v })}
                  />
-                  <InputField
-                    label="Дата"
-                    value={item.date}
-                    onChange={(v) => updateItem({ ...item, date: v })}
-                    placeholder="2026-03-15"
-                  />
+                  <div>
+                    <label className="block text-sm text-neutral-400 mb-1.5">Дата</label>
+                    <input
+                      type="date"
+                      value={item.date}
+                      onChange={(e) => updateItem({ ...item, date: e.target.value })}
+                      className="w-full rounded-lg border border-white/10 bg-neutral-800 px-4 py-2.5 text-white outline-none focus:border-gold transition-colors [color-scheme:dark]"
+                    />
+                  </div>
                </div>
                <TextareaField
                  label="Текст"
--- a/src/app/admin/page.tsx
+++ b/src/app/admin/page.tsx
@@ -5,9 +5,11 @@ import {
  FileText,
  Users,
  BookOpen,
+  Star,
  Calendar,
  DollarSign,
  HelpCircle,
+  Newspaper,
  Phone,
 } from "lucide-react";

@@ -17,9 +19,11 @@ const CARDS = [
  { href: "/admin/about", label: "О студии", icon: FileText, desc: "Текст о студии" },
  { href: "/admin/team", label: "Команда", icon: Users, desc: "Тренеры и инструкторы" },
  { href: "/admin/classes", label: "Направления", icon: BookOpen, desc: "Типы занятий" },
+  { href: "/admin/master-classes", label: "Мастер-классы", icon: Star, desc: "Мастер-классы и записи" },
  { href: "/admin/schedule", label: "Расписание", icon: Calendar, desc: "Расписание занятий" },
  { href: "/admin/pricing", label: "Цены", icon: DollarSign, desc: "Абонементы и аренда" },
  { href: "/admin/faq", label: "FAQ", icon: HelpCircle, desc: "Часто задаваемые вопросы" },
+  { href: "/admin/news", label: "Новости", icon: Newspaper, desc: "Новости и анонсы" },
  { href: "/admin/contact", label: "Контакты", icon: Phone, desc: "Адреса, телефон, карта" },
 ];