- Updated console log messages in cost.ts and proxy.ts for clarity and consistency.
- Added important SSRF warning in README.md regarding localhost access issues with certain clients, along with solutions using external proxy services.
- Created a new .env.example file with default environment variables for PORT, OPENAI_UPSTREAM_URL, ANTHROPIC_UPSTREAM_URL, and DATABASE_URL.
- Updated .npmignore to exclude all .env files except .env.example.
- Revised CONTRIBUTING.md to simplify the contribution process and provide clearer setup instructions.
- Enhanced cost.ts with detailed type definitions and improved cost calculation logic.
- Updated proxy.ts to include new environment variables and improved logging functionality.
- Modified README.md to reflect new configuration instructions and usage examples.
- Removed unnecessary dashboard files and streamlined the project structure.
This commit addresses three important bugs:
1. SQL Injection Prevention (proxy.ts:70-75):
- Added whitelist validation for DATABASE_TABLE environment variable
- Table names are now validated against ALLOWED_TABLES before use
- Prevents potential SQL injection through malicious table names
2. SQL Interval Parameter Bug (dashboard/app/api/metrics/route.ts):
- Fixed incorrect INTERVAL syntax in PostgreSQL queries
- Changed from INTERVAL '$1 hours' to INTERVAL '1 hour' * $1
- Properly uses parameterized queries with interval multiplication
- Affects all 4 queries: summary, recent, model breakdown, and trends
3. Incorrect Property Reference (proxy.ts:206):
- Fixed usage.cached_tokens to usage.prompt_tokens_details?.cached_tokens
- Aligns with OpenAI API response structure for cached tokens
- Ensures accurate logging of cached token usage
- Add input validation for hours and limit query parameters to prevent NaN and DoS attacks
- Replace || with ?? for proper null coalescing in metrics summary
- Fix IPv6 normalization to prevent empty string when IP is malformed
- Fix stream parsing to skip empty JSON strings and avoid parse errors
- Remove redundant .toString() calls on authorization header
Add a lightweight Next.js dashboard to visualize OpenProxy metrics in real-time. The dashboard provides comprehensive insights into LLM API usage, costs, and performance.
Features:
- Real-time metrics overview (requests, tokens, costs, response times)
- Model breakdown with usage statistics
- Hourly trends visualization with charts
- Recent requests table with detailed information
- Auto-refresh every 30 seconds
- Configurable time ranges (1h, 6h, 24h, 7d)
Technical details:
- Built with Next.js 14 and React 18
- Uses Recharts for data visualization
- Connects directly to PostgreSQL database
- Runs on port 3008 by default
- TypeScript for type safety
- Minimal dependencies for lightweight deployment
The dashboard complements the proxy server by providing a user-friendly interface for monitoring and analyzing LLM API usage patterns.
