CalvinBackup/openproxy
1
0
Fork 0
mirror of https://github.com/praveentcom/openproxy.git synced 2026-06-06 14:43:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix multiple small bugs for security and robustness

Browse Source 
- Add input validation for hours and limit query parameters to prevent NaN and DoS attacks
- Replace || with ?? for proper null coalescing in metrics summary
- Fix IPv6 normalization to prevent empty string when IP is malformed
- Fix stream parsing to skip empty JSON strings and avoid parse errors
- Remove redundant .toString() calls on authorization header
This commit is contained in:
Claude
2025-11-23 04:24:46 +00:00
parent 94155233e5
commit 2770745618
2 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dashboard/app/api/metrics/route.ts
+14 -8
View File
@@ -13,8 +13,14 @@ const validatedTableName = ALLOWED_TABLES.includes(TABLE_NAME) ? TABLE_NAME : 'l
export async function GET(request: NextRequest) {
const { searchParams } = new URL(request.url);
const hours = parseInt(searchParams.get('hours') || '24', 10);
const limit = parseInt(searchParams.get('limit') || '100', 10);
// Validate and sanitize hours parameter
const hoursParam = parseInt(searchParams.get('hours') || '24', 10);
const hours = !isNaN(hoursParam) && hoursParam > 0 && hoursParam <= 720 ? hoursParam : 24;
// Validate and sanitize limit parameter
const limitParam = parseInt(searchParams.get('limit') || '100', 10);
const limit = !isNaN(limitParam) && limitParam > 0 && limitParam <= 1000 ? limitParam : 100;
try {
const client = await pool.connect();
@@ -93,12 +99,12 @@ export async function GET(request: NextRequest) {
success: true,
data: {
summary: {
totalRequests: parseInt(summary.total_requests || '0'),
totalTokens: parseInt(summary.total_tokens_used || '0'),
totalCost: parseFloat(summary.total_cost || '0'),
avgResponseTime: parseFloat(summary.avg_response_time || '0'),
uniqueModels: parseInt(summary.unique_models || '0'),
uniqueClients: parseInt(summary.unique_clients || '0'),
totalRequests: parseInt(summary.total_requests ?? '0'),
totalTokens: parseInt(summary.total_tokens_used ?? '0'),
totalCost: parseFloat(summary.total_cost ?? '0'),
avgResponseTime: parseFloat(summary.avg_response_time ?? '0'),
uniqueModels: parseInt(summary.unique_models ?? '0'),
uniqueClients: parseInt(summary.unique_clients ?? '0'),
},
recentRequests,
modelBreakdown,