torbjorn/antigravity-claude-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: redact sensitive config values and protect update endpoints

Browse Source
This commit is contained in:
Wha1eChai
2026-01-23 16:12:31 +08:00
parent 9efe5cd75d
commit 07e413d1ec
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/config.js
View File

@@ -93,7 +93,14 @@ function loadConfig() {
loadConfig(); loadConfig();
export function getPublicConfig() { export function getPublicConfig() {
return { ...config }; // Create a deep copy and redact sensitive fields
const publicConfig = JSON.parse(JSON.stringify(config));
// Redact sensitive values
if (publicConfig.webuiPassword) publicConfig.webuiPassword = '********';
if (publicConfig.apiKey) publicConfig.apiKey = '********';
return publicConfig;
} }
export function saveConfig(updates) { export function saveConfig(updates) {

5
src/webui/index.js
View File

@@ -127,8 +127,9 @@ function createAuthMiddleware() {
// Determine if this path should be protected // Determine if this path should be protected
const isApiRoute = req.path.startsWith('/api/'); const isApiRoute = req.path.startsWith('/api/');
const isException = req.path === '/api/auth/url' || req.path === '/api/config'; const isAuthUrl = req.path === '/api/auth/url';
const isProtected = (isApiRoute && !isException) || req.path === '/account-limits' || req.path === '/health'; const isConfigGet = req.path === '/api/config' && req.method === 'GET';
const isProtected = (isApiRoute && !isAuthUrl && !isConfigGet) || req.path === '/account-limits' || req.path === '/health';
if (isProtected) { if (isProtected) {
const providedPassword = req.headers['x-webui-password'] || req.query.password; const providedPassword = req.headers['x-webui-password'] || req.query.password;