SEO: Fix structured data validation errors, delete static sitemap, and update indexing scripts

src/app/(main)/api/newsletter/admin-login/route.ts

@@ -0,0 +1,59 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+import bcrypt from 'bcryptjs';
+import { db } from '@/lib/db';
+import { getAuthCookieOptions } from '@/lib/cookieConfig';
+
+/**
+ * POST /api/newsletter/admin-login
+ * Simple admin login for newsletter management (no CSRF required)
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json();
+    const { email, password } = body;
+
+    // Validate input
+    if (!email || !password) {
+      return NextResponse.json(
+        { error: 'Email and password are required' },
+        { status: 400 }
+      );
+    }
+
+    // SECURITY: Only allow support@qrmaster.net to access newsletter admin
+    const ALLOWED_ADMIN_EMAIL = 'support@qrmaster.net';
+    const ALLOWED_ADMIN_PASSWORD = 'Timo.16092005';
+
+    if (email.toLowerCase() !== ALLOWED_ADMIN_EMAIL) {
+      return NextResponse.json(
+        { error: 'Access denied. Only authorized accounts can access this area.' },
+        { status: 403 }
+      );
+    }
+
+    // Verify password with hardcoded value
+    if (password !== ALLOWED_ADMIN_PASSWORD) {
+      return NextResponse.json(
+        { error: 'Invalid credentials' },
+        { status: 401 }
+      );
+    }
+
+    // Set auth cookie with a simple session identifier
+    const response = NextResponse.json({
+      success: true,
+      message: 'Login successful',
+    });
+
+    response.cookies.set('newsletter-admin', 'authenticated', getAuthCookieOptions());
+
+    return response;
+  } catch (error) {
+    console.error('Newsletter admin login error:', error);
+    return NextResponse.json(
+      { error: 'Login failed. Please try again.' },
+      { status: 500 }
+    );
+  }
+}

src/app/(main)/api/newsletter/broadcast/route.ts

@@ -0,0 +1,163 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+import { db } from '@/lib/db';
+import { sendAIFeatureLaunchEmail } from '@/lib/email';
+import { rateLimit, RateLimits } from '@/lib/rateLimit';
+
+/**
+ * POST /api/newsletter/broadcast
+ * Send AI feature launch email to all subscribed users
+ * PROTECTED: Only authenticated users can access (you may want to add admin check)
+ */
+export async function POST(request: NextRequest) {
+  try {
+    // Check authentication using newsletter-admin cookie
+    const adminCookie = cookies().get('newsletter-admin')?.value;
+
+    if (adminCookie !== 'authenticated') {
+      return NextResponse.json(
+        { error: 'Unauthorized. Please log in.' },
+        { status: 401 }
+      );
+    }
+
+    // Optional: Add admin check here
+    // const user = await db.user.findUnique({ where: { id: userId } });
+    // if (user?.role !== 'ADMIN') {
+    //   return NextResponse.json({ error: 'Forbidden. Admin access required.' }, { status: 403 });
+    // }
+
+    // Rate limiting (prevent accidental spam)
+    const rateLimitResult = rateLimit('newsletter-admin', {
+      name: 'newsletter-broadcast',
+      maxRequests: 2, // Only 2 broadcasts per hour
+      windowSeconds: 60 * 60,
+    });
+
+    if (!rateLimitResult.success) {
+      return NextResponse.json(
+        {
+          error: 'Too many broadcast attempts. Please wait before trying again.',
+          retryAfter: Math.ceil((rateLimitResult.reset - Date.now()) / 1000),
+        },
+        { status: 429 }
+      );
+    }
+
+    // Get all subscribed users
+    const subscribers = await db.newsletterSubscription.findMany({
+      where: {
+        status: 'subscribed',
+      },
+      select: {
+        email: true,
+      },
+    });
+
+    if (subscribers.length === 0) {
+      return NextResponse.json({
+        success: true,
+        message: 'No subscribers found',
+        sent: 0,
+      });
+    }
+
+    // Send emails in batches to avoid overwhelming Resend
+    const batchSize = 10;
+    const results = {
+      sent: 0,
+      failed: 0,
+      errors: [] as string[],
+    };
+
+    for (let i = 0; i < subscribers.length; i += batchSize) {
+      const batch = subscribers.slice(i, i + batchSize);
+
+      // Send emails in parallel within batch
+      const promises = batch.map(async (subscriber) => {
+        try {
+          await sendAIFeatureLaunchEmail(subscriber.email);
+          results.sent++;
+        } catch (error) {
+          results.failed++;
+          results.errors.push(`Failed to send to ${subscriber.email}`);
+          console.error(`Failed to send to ${subscriber.email}:`, error);
+        }
+      });
+
+      await Promise.allSettled(promises);
+
+      // Small delay between batches to be nice to the email service
+      if (i + batchSize < subscribers.length) {
+        await new Promise((resolve) => setTimeout(resolve, 1000));
+      }
+    }
+
+    return NextResponse.json({
+      success: true,
+      message: `Broadcast completed. Sent to ${results.sent} subscribers.`,
+      sent: results.sent,
+      failed: results.failed,
+      total: subscribers.length,
+      errors: results.errors.length > 0 ? results.errors : undefined,
+    });
+  } catch (error) {
+    console.error('Newsletter broadcast error:', error);
+    return NextResponse.json(
+      {
+        error: 'Failed to send broadcast emails. Please try again.',
+      },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * GET /api/newsletter/broadcast
+ * Get subscriber count and preview
+ * PROTECTED: Only authenticated users
+ */
+export async function GET(request: NextRequest) {
+  try {
+    // Check authentication using newsletter-admin cookie
+    const adminCookie = cookies().get('newsletter-admin')?.value;
+
+    if (adminCookie !== 'authenticated') {
+      return NextResponse.json(
+        { error: 'Unauthorized. Please log in.' },
+        { status: 401 }
+      );
+    }
+
+    const subscriberCount = await db.newsletterSubscription.count({
+      where: {
+        status: 'subscribed',
+      },
+    });
+
+    const recentSubscribers = await db.newsletterSubscription.findMany({
+      where: {
+        status: 'subscribed',
+      },
+      select: {
+        email: true,
+        createdAt: true,
+      },
+      orderBy: {
+        createdAt: 'desc',
+      },
+      take: 5,
+    });
+
+    return NextResponse.json({
+      total: subscriberCount,
+      recent: recentSubscribers,
+    });
+  } catch (error) {
+    console.error('Error fetching subscriber info:', error);
+    return NextResponse.json(
+      { error: 'Failed to fetch subscriber information' },
+      { status: 500 }
+    );
+  }
+}

src/app/(main)/api/newsletter/subscribe/route.ts

@@ -0,0 +1,91 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { db } from '@/lib/db';
+import { newsletterSubscribeSchema, validateRequest } from '@/lib/validationSchemas';
+import { rateLimit, getClientIdentifier, RateLimits } from '@/lib/rateLimit';
+import { sendNewsletterWelcomeEmail } from '@/lib/email';
+
+/**
+ * POST /api/newsletter/subscribe
+ * Subscribe to AI features newsletter
+ * Public endpoint - no authentication required
+ */
+export async function POST(request: NextRequest) {
+  try {
+    // Get client identifier for rate limiting
+    const clientId = getClientIdentifier(request);
+
+    // Apply rate limiting (5 per hour)
+    const rateLimitResult = rateLimit(clientId, RateLimits.NEWSLETTER_SUBSCRIBE);
+
+    if (!rateLimitResult.success) {
+      return NextResponse.json(
+        {
+          error: 'Too many subscription attempts. Please try again later.',
+          retryAfter: Math.ceil((rateLimitResult.reset - Date.now()) / 1000),
+        },
+        {
+          status: 429,
+          headers: {
+            'X-RateLimit-Limit': rateLimitResult.limit.toString(),
+            'X-RateLimit-Remaining': rateLimitResult.remaining.toString(),
+            'X-RateLimit-Reset': rateLimitResult.reset.toString(),
+            'Retry-After': Math.ceil((rateLimitResult.reset - Date.now()) / 1000).toString(),
+          },
+        }
+      );
+    }
+
+    // Parse and validate request body
+    const body = await request.json();
+    const validation = await validateRequest(newsletterSubscribeSchema, body);
+
+    if (!validation.success) {
+      return NextResponse.json(validation.error, { status: 400 });
+    }
+
+    const { email } = validation.data;
+
+    // Check if email already subscribed
+    const existing = await db.newsletterSubscription.findUnique({
+      where: { email },
+    });
+
+    if (existing) {
+      // If already subscribed, return success (idempotent)
+      // Don't reveal if email exists for privacy
+      return NextResponse.json({
+        success: true,
+        message: 'Successfully subscribed to AI features newsletter!',
+        alreadySubscribed: true,
+      });
+    }
+
+    // Create new subscription
+    await db.newsletterSubscription.create({
+      data: {
+        email,
+        source: 'ai-coming-soon',
+        status: 'subscribed',
+      },
+    });
+
+    // Send welcome email (don't block response)
+    sendNewsletterWelcomeEmail(email).catch((error) => {
+      console.error('Failed to send welcome email (non-blocking):', error);
+    });
+
+    return NextResponse.json({
+      success: true,
+      message: 'Successfully subscribed to AI features newsletter!',
+      alreadySubscribed: false,
+    });
+  } catch (error) {
+    console.error('Newsletter subscription error:', error);
+    return NextResponse.json(
+      {
+        error: 'Failed to subscribe to newsletter. Please try again.',
+      },
+      { status: 500 }
+    );
+  }
+}