Claude 8b90fa2b9e Fix critical bugs for security and data accuracy ...

This commit addresses three important bugs:

1. SQL Injection Prevention (proxy.ts:70-75):
   - Added whitelist validation for DATABASE_TABLE environment variable
   - Table names are now validated against ALLOWED_TABLES before use
   - Prevents potential SQL injection through malicious table names

2. SQL Interval Parameter Bug (dashboard/app/api/metrics/route.ts):
   - Fixed incorrect INTERVAL syntax in PostgreSQL queries
   - Changed from INTERVAL '$1 hours' to INTERVAL '1 hour' * $1
   - Properly uses parameterized queries with interval multiplication
   - Affects all 4 queries: summary, recent, model breakdown, and trends

3. Incorrect Property Reference (proxy.ts:206):
   - Fixed usage.cached_tokens to usage.prompt_tokens_details?.cached_tokens
   - Aligns with OpenAI API response structure for cached tokens
   - Ensures accurate logging of cached token usage

2025-11-23 06:18:11 +00:00

7.3 KiB

Raw Blame History

View Raw