This commit addresses three important bugs:
1. SQL Injection Prevention (proxy.ts:70-75):
- Added whitelist validation for DATABASE_TABLE environment variable
- Table names are now validated against ALLOWED_TABLES before use
- Prevents potential SQL injection through malicious table names
2. SQL Interval Parameter Bug (dashboard/app/api/metrics/route.ts):
- Fixed incorrect INTERVAL syntax in PostgreSQL queries
- Changed from INTERVAL '$1 hours' to INTERVAL '1 hour' * $1
- Properly uses parameterized queries with interval multiplication
- Affects all 4 queries: summary, recent, model breakdown, and trends
3. Incorrect Property Reference (proxy.ts:206):
- Fixed usage.cached_tokens to usage.prompt_tokens_details?.cached_tokens
- Aligns with OpenAI API response structure for cached tokens
- Ensures accurate logging of cached token usage
- Add input validation for hours and limit query parameters to prevent NaN and DoS attacks
- Replace || with ?? for proper null coalescing in metrics summary
- Fix IPv6 normalization to prevent empty string when IP is malformed
- Fix stream parsing to skip empty JSON strings and avoid parse errors
- Remove redundant .toString() calls on authorization header
