feat(security): implement AES-256-GCM encryption for API keys and HMAC-signed session tokens

This commit introduces: - AES-256-GCM encryption for LLM provider API keys in the database. - HMAC-SHA256 signed session tokens with activity-based refresh logic. - Standardized frontend XSS protection using a global escapeHtml utility. - Hardened security headers and request body size limits. - Improved database integrity with foreign key enforcement and atomic transactions. - Integration tests for the full encrypted key storage and proxy usage lifecycle.
2026-03-06 14:17:56 -05:00
parent 149a7c3a29
commit 9b8483e797
28 changed files with 1260 additions and 227 deletions
--- a/src/logging/mod.rs
+++ b/src/logging/mod.rs
@@ -82,9 +82,9 @@ impl RequestLogger {
            "#,
        )
        .bind(log.timestamp)
-        .bind(log.client_id)
+        .bind(&log.client_id)
        .bind(&log.provider)
-        .bind(log.model)
+        .bind(&log.model)
        .bind(log.prompt_tokens as i64)
        .bind(log.completion_tokens as i64)
        .bind(log.total_tokens as i64)
@@ -92,7 +92,7 @@ impl RequestLogger {
        .bind(log.cache_write_tokens as i64)
        .bind(log.cost)
        .bind(log.has_images)
-        .bind(log.status)
+        .bind(&log.status)
        .bind(log.error_message)
        .bind(log.duration_ms as i64)
        .bind(None::<String>) // request_body - optional, not stored to save disk space
@@ -100,6 +100,23 @@ impl RequestLogger {
        .execute(&mut *tx)
        .await?;

+        // Update client usage statistics
+        sqlx::query(
+            r#"
+            UPDATE clients SET 
+                total_requests = total_requests + 1,
+                total_tokens = total_tokens + ?,
+                total_cost = total_cost + ?,
+                updated_at = CURRENT_TIMESTAMP
+            WHERE client_id = ?
+            "#,
+        )
+        .bind(log.total_tokens as i64)
+        .bind(log.cost)
+        .bind(&log.client_id)
+        .execute(&mut *tx)
+        .await?;
+
        // Deduct from provider balance if successful.
        // Providers configured with billing_mode = 'postpaid' will not have their
        // credit_balance decremented. Use a conditional UPDATE so we don't need