fix: secure token persistence #673
Conversation
Summary of ChangesHello @jroth1111, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly improves the security and robustness of authentication token persistence and logging within the system. It addresses a previous issue where Management API behavior was compromised by secure auth persistence, restoring full functionality while maintaining enhanced security. The core of these changes involves the introduction of a dedicated "securefile" package for handling encrypted authentication files, ensuring data at rest is protected. Furthermore, logging practices are hardened by masking sensitive information in request logs and applying stricter file permissions to critical directories, reducing the risk of credential exposure. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request significantly enhances the security of token persistence. Key improvements include the introduction of encryption-at-rest for authentication files using AES-GCM, atomic and concurrent-safe file writing via a new securefile package, and more restrictive file permissions for logs. Additionally, sensitive data is now masked in request logs to prevent accidental exposure of credentials. These are excellent security hardening measures. The implementation is robust, covering different token stores and providing platform-specific file locking.
|
Context: this PR supersedes the earlier #664 (closed after feedback). See that thread for history; this one includes the fixes called out there. |
|
You should add a configurable toggle in the configuration file to enable or disable this feature. Additionally, when the toggle is modified, an encryption or decryption operation must be performed on all items. And a clear notification should be provided if neither |
|
No additional changes pending; PR is ready for review when you have time. @luispater |
luispater
left a comment
luispater
left a comment
There was a problem hiding this comment.
You should add a configurable toggle in the configuration file to enable or disable this feature.
Additionally, when the toggle is modified, an encryption or decryption operation must be performed on all items.
And a clear notification should be provided if neither CLIPROXY_AUTH_ENCRYPTION_KEY nor CLI_PROXY_API_AUTH_ENCRYPTION_KEY is configured by the user.
|
Implemented auth-encryption toggle + migration: added |
|
Follow-up ping: auth-encryption toggle + full migration on toggle + missing-key warning are in. Tests: ? github.com/router-for-me/CLIProxyAPI/v6/cmd/server [no test files] |
|
@luispater auth-encryption toggle + migration + missing-key warning are in (per your request). CI green. Ready for re-review. |
|
Addressed the requested auth-encryption toggle and migration flow: enabled config section in config.example.yaml, resolved secret once with clearer warnings (including when disabled but encrypted files exist), and skip migration when no key is configured. Branch is synced with main. Please re-review. |
|
@luispater auth-encryption toggle + migration-on-toggle + missing-key warning are in; branch synced with main. Ready for re-review. |
2 participants
Supersedes #664 (closed). This rebase restores management API behavior while keeping secure auth persistence.\n\nKey fixes:\n- Management auth endpoints now read/decrypt secure auth JSON so fields like proxy_url/prefix are preserved.\n- Auth file uploads are re-written via securefile to enforce encryption when enabled.\n- Log files created with 0600 permissions.\n\nPlease review this PR instead of #664.