hobokenchicken/GopherGate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
163 Commits 2 Branches 0 Tags
57aa0aa70e8d6e44ae30b00ab926660bdeda3517
Commit Graph

6 Commits

Author SHA1 Message Date
hobokenchicken
9b8483e797 feat(security): implement AES-256-GCM encryption for API keys and HMAC-signed session tokens 
This commit introduces:
- AES-256-GCM encryption for LLM provider API keys in the database.
- HMAC-SHA256 signed session tokens with activity-based refresh logic.
- Standardized frontend XSS protection using a global escapeHtml utility.
- Hardened security headers and request body size limits.
- Improved database integrity with foreign key enforcement and atomic transactions.
- Integration tests for the full encrypted key storage and proxy usage lifecycle.
 2026-03-06 14:17:56 -05:00
hobokenchicken
96b49c96a5 fix(config): wire up LLM_PROXY__CONFIG_PATH env var and fix database path in service
Some checks failed
CI / Check (push) Has been cancelled
Details
CI / Clippy (push) Has been cancelled
Details
CI / Formatting (push) Has been cancelled
Details
CI / Test (push) Has been cancelled
Details
CI / Release Build (push) Has been cancelled
Details 
The app never read the LLM_PROXY__CONFIG_PATH env var, so the systemd
service couldn't find /etc/llm-proxy/config.toml and fell back to
./data/llm_proxy.db (owned by root, readonly for llmproxy user).

- Add LLM_PROXY__CONFIG_PATH support to config loader (checks env var
  before falling back to ./config.toml)
- Add LLM_PROXY__DATABASE__PATH to service env so the DB path always
  resolves to /var/lib/llm-proxy/llm_proxy.db regardless of config
 2026-03-03 10:11:09 -05:00
hobokenchicken
2cdc49d7f2 refactor: comprehensive audit — fix bugs, harden security, deduplicate providers, add CI/Docker
Some checks failed
CI / Check (push) Has been cancelled
Details
CI / Clippy (push) Has been cancelled
Details
CI / Formatting (push) Has been cancelled
Details
CI / Test (push) Has been cancelled
Details
CI / Release Build (push) Has been cancelled
Details 
Phase 1: Fix compilation (config_path Option<PathBuf>, streaming test, stale test cleanup)
Phase 2: Fix critical bugs (remove block_on deadlocks in 4 providers, fix broken SQL query builder)
Phase 3: Security hardening (session manager, real auth, token masking, Gemini key to header, password policy)
Phase 4: Implement stubs (real provider test, /proc health metrics, client/provider/backup endpoints, has_images)
Phase 5: Code quality (shared provider helpers, explicit re-exports, all Clippy warnings fixed, unwrap removal, 6 unused deps removed, dashboard split into 7 sub-modules)
Phase 6: Infrastructure (GitHub Actions CI, multi-stage Dockerfile, rustfmt.toml, clippy.toml, script fixes)
 2026-03-02 00:35:45 -05:00
hobokenchicken
c5fb2357ff fix: enable xAI (Grok) by default and improve provider visibility in dashboard 
- Set Grok to enabled: true by default.
- Updated AppState to include raw AppConfig.
- Refactored dashboard to show all supported providers, including their configuration and initialization status (online, disabled, or error).
 2026-02-26 15:56:29 -05:00
hobokenchicken
242c670855 fix: allow comma-separated strings for list config fields in environment variables 2026-02-26 15:07:00 -05:00
hobokenchicken
1755075657 chore: initial clean commit 2026-02-26 13:56:21 -05:00