Skip to content

fix(#229): stop logging request data and harden AI-proxy rate-limit keying#234

Open
husamql3 wants to merge 1 commit into
stagefrom
fix/#229-proxy-hardening
Open

fix(#229): stop logging request data and harden AI-proxy rate-limit keying#234
husamql3 wants to merge 1 commit into
stagefrom
fix/#229-proxy-hardening

Conversation

@husamql3

@husamql3 husamql3 commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Summary

  • Removed request-payload logging from the /chat proxy handler — the handler wrote the full messages, systemPrompt, and conversationId to the Worker console on every call; systemPrompt carries the connected database's schema, so this kept user schema/PII in Cloudflare Workers logs with no benefit. Now nothing about the request body is logged.
  • Rate limiter now keys only on Cloudflare-trusted request attributes — the limit key previously preferred a client-supplied x-api-key header that the proxy never validates, so the per-key daily cap could be sidestepped by varying that header (each value is a fresh bucket). The key now derives from cf-connecting-ip (edge-set, unspoofable) with the same fallbacks, so the cap actually holds.

Testing

  1. bun run typecheck → passes
  2. bun run format → passes
  3. bun run build → passes
    (The proxy package has no test suite; verified by typecheck + build + grep that the log lines and header reference are gone.)

Closes #229

Glossary

Term Definition
cf-connecting-ip Originating client IP header set by Cloudflare's edge; cannot be forged by the client.
systemPrompt The instruction/context payload sent to the model; here it embeds the connected database schema.
Rate-limit key The identifier the limiter buckets requests under; if attacker-controllable, the limit is bypassable.

Summary by CodeRabbit

  • Bug Fixes
    • Removed unnecessary debug logging from chat requests, reducing noise and keeping request handling cleaner.
    • Improved proxy rate-limiting identity detection by using client IP information instead of API key headers, making limits more consistent across requests.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Removes debug console logging of request data (messages, systemPrompt, conversationId) from the chat endpoint, and changes the rate-limiter's key generation logic to derive identifiers from Cloudflare-trusted headers (cf-connecting-ip, x-real-ip, x-forwarded-for) instead of the client-controlled x-api-key header.

Changes

Proxy Security Hardening

Layer / File(s) Summary
Remove debug logging
packages/proxy/src/index.ts
Removed console.log calls that logged messages, systemPrompt, and conversationId in the POST /chat handler.
Harden rate-limit keying
packages/proxy/src/limit.ts
Changed keyGenerator to derive the rate-limit identifier from cf-connecting-ip, x-real-ip, and x-forwarded-for (in that order), falling back to "anonymous", removing reliance on the client-supplied x-api-key header.

Estimated code review effort: 1 (Trivial) | ~5 minutes

Related issues: #229

Suggested reviewers: husamql3

Poem

A rabbit hops through logs once loud,
Now silent, no console cloud.
Headers trusted, IPs held tight,
Keys derived the Cloudflare-right.
Hop, hop, hardened — safe tonight. 🐇

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main changes: removing chat logging and hardening rate-limit key derivation.
Linked Issues check ✅ Passed The changes remove /chat request logging and switch rate-limit identity to trusted request headers as required.
Out of Scope Changes check ✅ Passed Only the requested logging removal and rate-limit keying change are present; no unrelated scope creep is evident.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/#229-proxy-hardening

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
packages/proxy/src/limit.ts (1)

7-13: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Drop the X-Real-IP / X-Forwarded-For fallbacks. CF-Connecting-IP is the trusted client-IP source here; the other headers aren’t guaranteed to represent the real visitor, so they shouldn’t decide the rate-limit key. Fall back to "anonymous" instead.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/proxy/src/limit.ts` around lines 7 - 13, The rate-limit key
selection in keyGenerator still trusts X-Real-IP and X-Forwarded-For, which
should not be used here. Update the identifier resolution to rely only on
cf-connecting-ip and otherwise fall back directly to "anonymous", keeping the
existing keyGenerator and Context usage intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@packages/proxy/src/limit.ts`:
- Around line 7-13: The rate-limit key selection in keyGenerator still trusts
X-Real-IP and X-Forwarded-For, which should not be used here. Update the
identifier resolution to rely only on cf-connecting-ip and otherwise fall back
directly to "anonymous", keeping the existing keyGenerator and Context usage
intact.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ef72debc-9ae3-452c-abd4-b30322143ef9

📥 Commits

Reviewing files that changed from the base of the PR and between b86b1de and 4a6726f.

📒 Files selected for processing (2)
  • packages/proxy/src/index.ts
  • packages/proxy/src/limit.ts
💤 Files with no reviewable changes (1)
  • packages/proxy/src/index.ts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(proxy): stop logging request data and harden AI-proxy rate-limit keying

1 participant