feat(security): implement AES-256-GCM encryption for API keys and HMAC-signed session tokens

This commit introduces:
- AES-256-GCM encryption for LLM provider API keys in the database.
- HMAC-SHA256 signed session tokens with activity-based refresh logic.
- Standardized frontend XSS protection using a global escapeHtml utility.
- Hardened security headers and request body size limits.
- Improved database integrity with foreign key enforcement and atomic transactions.
- Integration tests for the full encrypted key storage and proxy usage lifecycle.

This commit is contained in:

Dustin Newkirk

2026-03-06 14:17:56 -05:00

parent 149a7c3a29

commit 9b8483e797

28 changed files with 1260 additions and 227 deletions

									
										1

src/utils/mod.rs
									
												View File
												
				@@ -1,3 +1,4 @@

				pub mod crypto;

				pub mod registry;

				pub mod streaming;

				pub mod tokens;

feat(security): implement AES-256-GCM encryption for API keys and HMAC-signed session tokens

1 src/utils/mod.rs Unescape Escape View File

1

src/utils/mod.rs

View File