CalvinBackup/openproxy
1
0
Fork 0
mirror of https://github.com/praveentcom/openproxy.git synced 2026-06-06 14:43:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix critical bugs for security and data accuracy

Browse Source 
This commit addresses three important bugs:

1. SQL Injection Prevention (proxy.ts:70-75):
   - Added whitelist validation for DATABASE_TABLE environment variable
   - Table names are now validated against ALLOWED_TABLES before use
   - Prevents potential SQL injection through malicious table names

2. SQL Interval Parameter Bug (dashboard/app/api/metrics/route.ts):
   - Fixed incorrect INTERVAL syntax in PostgreSQL queries
   - Changed from INTERVAL '$1 hours' to INTERVAL '1 hour' * $1
   - Properly uses parameterized queries with interval multiplication
   - Affects all 4 queries: summary, recent, model breakdown, and trends

3. Incorrect Property Reference (proxy.ts:206):
   - Fixed usage.cached_tokens to usage.prompt_tokens_details?.cached_tokens
   - Aligns with OpenAI API response structure for cached tokens
   - Ensures accurate logging of cached token usage
This commit is contained in:
Claude
2025-11-23 06:18:11 +00:00
parent aac2c3f224
commit 8b90fa2b9e
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dashboard/app/api/metrics/route.ts
+4 -4
View File
@@ -36,7 +36,7 @@ export async function GET(request: NextRequest) {
COUNT(DISTINCT model) as unique_models,
COUNT(DISTINCT client_ip) as unique_clients
FROM ${validatedTableName}
WHERE timestamp >= NOW() - INTERVAL '$1 hours'
WHERE timestamp >= NOW() - INTERVAL '1 hour' * $1
`;
const summaryResult = await client.query(summaryQuery, [hours]);
const summary = summaryResult.rows[0];
@@ -56,7 +56,7 @@ export async function GET(request: NextRequest) {
client_ip,
stream
FROM ${validatedTableName}
WHERE timestamp >= NOW() - INTERVAL '$1 hours'
WHERE timestamp >= NOW() - INTERVAL '1 hour' * $1
ORDER BY timestamp DESC
LIMIT $2
`;
@@ -72,7 +72,7 @@ export async function GET(request: NextRequest) {
SUM(total_cost) as total_cost,
AVG(response_time) as avg_response_time
FROM ${validatedTableName}
WHERE timestamp >= NOW() - INTERVAL '$1 hours'
WHERE timestamp >= NOW() - INTERVAL '1 hour' * $1
GROUP BY model
ORDER BY request_count DESC
`;
@@ -88,7 +88,7 @@ export async function GET(request: NextRequest) {
SUM(total_cost) as cost,
AVG(response_time) as avg_response_time
FROM ${validatedTableName}
WHERE timestamp >= NOW() - INTERVAL '$1 hours'
WHERE timestamp >= NOW() - INTERVAL '1 hour' * $1
GROUP BY hour
ORDER BY hour ASC
`;