fix: security hardening, UI fixes, and validation improvements

- Fix header nav overflow by switching to lg: breakpoint with tighter gaps - Fix file upload path traversal by whitelisting allowed folders and extensions - Fix BookingModal using hardcoded content instead of DB-backed data - Add input length validation on public master-class registration API - Add ID validation on team member and reorder API routes - Fix BookingModal useCallback missing groupInfo/contact dependencies - Improve admin news date field to use native date picker - Add missing Мастер-классы and Новости cards to admin dashboard Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 17:37:29 +03:00
parent 26cb9a9772
commit 3ac6a4d840
8 changed files with 73 additions and 31 deletions
--- a/src/app/admin/page.tsx
+++ b/src/app/admin/page.tsx
@@ -5,9 +5,11 @@ import {
  FileText,
  Users,
  BookOpen,
+  Star,
  Calendar,
  DollarSign,
  HelpCircle,
+  Newspaper,
  Phone,
 } from "lucide-react";

@@ -17,9 +19,11 @@ const CARDS = [
  { href: "/admin/about", label: "О студии", icon: FileText, desc: "Текст о студии" },
  { href: "/admin/team", label: "Команда", icon: Users, desc: "Тренеры и инструкторы" },
  { href: "/admin/classes", label: "Направления", icon: BookOpen, desc: "Типы занятий" },
+  { href: "/admin/master-classes", label: "Мастер-классы", icon: Star, desc: "Мастер-классы и записи" },
  { href: "/admin/schedule", label: "Расписание", icon: Calendar, desc: "Расписание занятий" },
  { href: "/admin/pricing", label: "Цены", icon: DollarSign, desc: "Абонементы и аренда" },
  { href: "/admin/faq", label: "FAQ", icon: HelpCircle, desc: "Часто задаваемые вопросы" },
+  { href: "/admin/news", label: "Новости", icon: Newspaper, desc: "Новости и анонсы" },
  { href: "/admin/contact", label: "Контакты", icon: Phone, desc: "Адреса, телефон, карта" },
 ];