feat: add improved pi agent with observatory, dashboard, and pledge-now-pay-later

pledge-now-pay-later/src/middleware.ts

@@ -0,0 +1,50 @@
+import { NextResponse } from "next/server"
+import type { NextRequest } from "next/server"
+
+// Simple in-memory rate limiter (use Redis in production)
+const rateLimit = new Map<string, { count: number; resetAt: number }>()
+
+function checkRateLimit(ip: string, limit: number = 60, windowMs: number = 60000): boolean {
+  const now = Date.now()
+  const entry = rateLimit.get(ip)
+  
+  if (!entry || entry.resetAt < now) {
+    rateLimit.set(ip, { count: 1, resetAt: now + windowMs })
+    return true
+  }
+  
+  if (entry.count >= limit) return false
+  entry.count++
+  return true
+}
+
+export function middleware(request: NextRequest) {
+  const response = NextResponse.next()
+  
+  // Rate limit API routes
+  if (request.nextUrl.pathname.startsWith("/api/")) {
+    const ip = request.headers.get("x-forwarded-for") || request.headers.get("x-real-ip") || "unknown"
+    if (!checkRateLimit(ip)) {
+      return NextResponse.json(
+        { error: "Too many requests" },
+        { status: 429 }
+      )
+    }
+  }
+
+  // Add security headers
+  response.headers.set("X-Frame-Options", "SAMEORIGIN")
+  response.headers.set("X-Content-Type-Options", "nosniff")
+  response.headers.set("Referrer-Policy", "strict-origin-when-cross-origin")
+
+  // Allow iframe embedding for pledge pages
+  if (request.nextUrl.pathname.startsWith("/p/")) {
+    response.headers.delete("X-Frame-Options")
+  }
+
+  return response
+}
+
+export const config = {
+  matcher: ["/((?!_next/static|_next/image|favicon.ico).*)"],
+}