internxt · jaaaaavier · Jan 30, 2026 · Jan 28, 2026 · Jan 29, 2026 · Jan 29, 2026
diff --git a/next-env.d.ts b/next-env.d.ts
@@ -1,6 +1,7 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
 /// <reference types="next/navigation-types/compat/navigation" />
+/// <reference path="./.next/types/routes.d.ts" />
 
 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/app/building-your-application/configuring/typescript for more information.
+// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
diff --git a/next.config.js b/next.config.js
@@ -1,7 +1,9 @@
+const { locales, defaultLocale } = require('./src/lib/i18n-config');
+
 module.exports = {
   i18n: {
-    locales: ['en', 'es', 'fr', 'it', 'zh', 'ru', 'de', 'zh-tw'],
-    defaultLocale: 'en',
+    locales: locales,
+    defaultLocale: defaultLocale,
   },
   experimental: {
     //swcPlugins: [['swc-plugin-coverage-instrument', { coverage: true }]],

diff --git a/package.json b/package.json
@@ -55,7 +55,7 @@
     "memory-cache": "^0.2.0",
     "moment": "^2.29.1",
     "music-metadata": "^11.2.3",
-    "next": "14.2.35",
+    "next": "15.5.10",
     "next-csrf": "^0.2.1",
     "next-share": "^0.18.1",
     "pdf-lib": "^1.17.1",

diff --git a/src/lib/csrf.ts b/src/lib/csrf.ts
@@ -1,9 +1,12 @@
 import { nextCsrf } from 'next-csrf';
+import { GetServerSideProps, NextApiHandler } from 'next';
 
-const { csrf, setup } = nextCsrf({
-  // eslint-disable-next-line no-undef
+const { csrf: _csrf, setup: _setup } = nextCsrf({
   secret: process.env.CSRF_SECRET,
   ignoredMethods: ['OPTIONS'],
 });
 
+const setup = _setup as unknown as (handler: GetServerSideProps) => GetServerSideProps;
+const csrf = _csrf as unknown as (handler: NextApiHandler) => NextApiHandler;
+
 export { csrf, setup };
diff --git a/src/lib/i18n-config.js b/src/lib/i18n-config.js
@@ -0,0 +1,4 @@
+const locales = ['en', 'es', 'fr', 'it', 'zh', 'ru', 'de', 'zh-tw'];
+const defaultLocale = 'en';
+
+module.exports = { locales, defaultLocale };
diff --git a/src/pages/api/temp-mail/rate-limiter.ts → src/lib/rate-limiter.ts b/src/pages/api/temp-mail/rate-limiter.ts → src/lib/rate-limiter.ts
@@ -9,9 +9,11 @@ export default function rateLimitMiddleware(
   path: string,
   limit: number,
   windowMs = windowMsValue,
-) {
-  return (req: NextApiRequest, res: NextApiResponse) => {
-    const ip = req.headers['x-forwarded-for'];
+): NextApiHandler {
+  return async (req: NextApiRequest, res: NextApiResponse) => {
+    const forwarded = req.headers['x-forwarded-for'];
+    const ip = typeof forwarded === 'string' ? forwarded : forwarded ? forwarded[0] : 'unknown';
+
     const mapIdentifier = `${ip}-${path}`;
 
     if (!rateLimitMap.has(mapIdentifier)) {
@@ -30,8 +32,8 @@ export default function rateLimitMiddleware(
 
     if (ipData.count >= limit) {
       console.log(`Identifier ${mapIdentifier} is banned`);
-
-      return res.status(429).send('Too Many Requests');
+      res.status(429).send('Too Many Requests');
+      return;
     }
 
     ipData.count += 1;

diff --git a/src/pages/api/collect/sheet.ts b/src/pages/api/collect/sheet.ts
@@ -1,7 +1,7 @@
 import { NextApiRequest, NextApiResponse } from 'next';
 import axios from 'axios';
 
-import rateLimitMiddleware from '../temp-mail/rate-limiter';
+import rateLimitMiddleware from '../../../lib/rate-limiter';
 import { encode } from 'querystring';
 
 interface SheetPayload {

diff --git a/src/pages/api/dark-web-monitor/breaches.ts b/src/pages/api/dark-web-monitor/breaches.ts
@@ -1,30 +1,30 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
 import { NextApiRequest, NextApiResponse } from 'next';
 import axios from 'axios';
 import { HaveIbeenPwnedText } from '@/assets/types/have-i-been-pawned';
-const CACHE_CLEAN_INTERVAL_MS = 2 * 60 * 60 * 1000;
-interface BreachesProps {
-  textContent: HaveIbeenPwnedText['HeroSection']['breaches'];
-}
 
+const CACHE_CLEAN_INTERVAL_MS = 2 * 60 * 60 * 1000;
 const API_URL = process.env.INXT_MONITOR_API_URL;
 const API_KEY = process.env.INXT_MONITOR_API_KEY;
+const { locales: ALLOWED_LANGS } = require('@/lib/i18n-config');
 
 const cache: Map<string, any> = new Map();
+let lastCacheClean = Date.now();
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse): Promise<void> {
+  const { email, lang } = req.query;
+  const currentLang = typeof lang === 'string' && ALLOWED_LANGS.includes(lang) ? lang : 'en';
+  const fullTextContent = require(`@/assets/lang/${currentLang}/i-have-been-pawned.json`);
+  const textContent: HaveIbeenPwnedText['HeroSection']['breaches'] = fullTextContent.HeroSection.breaches;
 
-export default async function handler(
-  req: NextApiRequest,
-  res: NextApiResponse,
-  textContent: BreachesProps['textContent'],
-): Promise<void> {
   if (req.method !== 'GET') {
     return res.status(405).json({ error: textContent.error405 });
   }
 
-  setInterval(() => {
+  if (Date.now() - lastCacheClean > CACHE_CLEAN_INTERVAL_MS) {
     cache.clear();
-  }, CACHE_CLEAN_INTERVAL_MS);
-
-  const { email } = req.query;
+    lastCacheClean = Date.now();
+  }
 
   if (!email || typeof email !== 'string') {
     return res.status(400).json({ error: textContent.error400 });

diff --git a/src/pages/api/dark-web-monitor/pastes.ts b/src/pages/api/dark-web-monitor/pastes.ts
@@ -1,30 +1,30 @@
 import { NextApiRequest, NextApiResponse } from 'next';
 import axios from 'axios';
 import { HaveIbeenPwnedText } from '@/assets/types/have-i-been-pawned';
-const CACHE_CLEAN_INTERVAL_MS = 2 * 60 * 60 * 1000;
-interface BreachesProps {
-  textContent: HaveIbeenPwnedText['HeroSection']['breaches'];
-}
 
+const CACHE_CLEAN_INTERVAL_MS = 2 * 60 * 60 * 1000;
 const API_URL = process.env.INXT_MONITOR_API_URL;
 const API_KEY = process.env.INXT_MONITOR_API_KEY;
+const { locales: ALLOWED_LANGS } = require('@/lib/i18n-config');
 
 const cache: Map<string, any> = new Map();
+let lastCacheClean = Date.now();
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse): Promise<void> {
+  const { email, lang } = req.query;
+  const currentLang = typeof lang === 'string' && ALLOWED_LANGS.includes(lang) ? lang : 'en';
+
+  const fullTextContent = require(`@/assets/lang/${currentLang}/i-have-been-pawned.json`);
+  const textContent: HaveIbeenPwnedText['HeroSection']['breaches'] = fullTextContent.HeroSection.breaches;
 
-export default async function handler(
-  req: NextApiRequest,
-  res: NextApiResponse,
-  textContent: BreachesProps['textContent'],
-): Promise<void> {
   if (req.method !== 'GET') {
     return res.status(405).json({ error: textContent.error405 });
   }
 
-  setInterval(() => {
+  if (Date.now() - lastCacheClean > CACHE_CLEAN_INTERVAL_MS) {
     cache.clear();
-  }, CACHE_CLEAN_INTERVAL_MS);
-
-  const { email } = req.query;
+    lastCacheClean = Date.now();
+  }
 
   if (!email || typeof email !== 'string') {
     return res.status(400).json({ error: textContent.error400 });
@@ -35,7 +35,7 @@ export default async function handler(
       return res.status(200).json(cache.get(email));
     }
 
-    const url = `${API_URL}/pasteaccount/${email}`;
+    const url = `${API_URL}/pasteaccount/${encodeURIComponent(email)}`;
     const headers = {
       'hibp-api-key': API_KEY,
     };

diff --git a/src/pages/api/temp-mail/create-email.ts b/src/pages/api/temp-mail/create-email.ts
@@ -1,6 +1,6 @@
 import axios, { AxiosError } from 'axios';
 import { NextApiRequest, NextApiResponse } from 'next';
-import rateLimitMiddleware from './rate-limiter';
+import rateLimitMiddleware from '../../../lib/rate-limiter';
 import { csrf } from '@/lib/csrf';
 
 const CONVERTER_URL =

diff --git a/src/pages/api/temp-mail/get-inbox.ts b/src/pages/api/temp-mail/get-inbox.ts
@@ -1,5 +1,5 @@
 import { NextApiRequest, NextApiResponse } from 'next';
-import rateLimitMiddleware from './rate-limiter';
+import rateLimitMiddleware from '../../../lib/rate-limiter';
 import axios from 'axios';
 import { csrf } from '@/lib/csrf';
 

diff --git a/src/pages/api/temp-mail/get-message.ts b/src/pages/api/temp-mail/get-message.ts
@@ -1,5 +1,5 @@
 import { NextApiRequest, NextApiResponse } from 'next';
-import rateLimitMiddleware from './rate-limiter';
+import rateLimitMiddleware from '../../../lib/rate-limiter';
 import axios from 'axios';
 import { csrf } from '@/lib/csrf';
 

diff --git a/src/pages/temporary-email.tsx b/src/pages/temporary-email.tsx
@@ -12,8 +12,8 @@ import Footer from '@/components/layout/footers/Footer';
 import { sm_faq, sm_breadcrumb } from '@/components/utils/schema-markup-generator';
 import { ActionBanner } from '@/components/temp-email/components/ActionBanner';
 import { GlobalDialog, useGlobalDialog } from '@/contexts/GlobalUIManager';
-import { setup } from '@/lib/csrf';
 import { useRouter } from 'next/router';
+import { GetServerSideProps } from 'next';
 
 const TempEmail = () => {
   const dialogAction = useGlobalDialog();
@@ -61,8 +61,8 @@ const TempEmail = () => {
   );
 };
 
-export const getServerSideProps = setup(async () => {
+export const getServerSideProps: GetServerSideProps = async () => {
   return { props: {} };
-});
+};
 
 export default TempEmail;