From 31c8bf792604bdc38250456f7c3adea21c432dd8 Mon Sep 17 00:00:00 2001 From: rneiva <22941237+0xPuncker@users.noreply.github.com> Date: Sun, 17 May 2026 18:21:47 +0200 Subject: [PATCH] feat: enable database tracking and harden request routing Wire DATABASE_URL into docker-compose and copy prisma.config.ts to the production Docker image so the usage tracker can reach PostgreSQL at runtime. Replace the hardcoded Windows credential path with the portable ~/ equivalent. Add a 404 guard in the request handler to reject non-API paths (e.g. browser asset requests) before they reach the provider chain. --- Dockerfile | 1 + docker-compose.yml | 3 ++- package-lock.json | 18 +++++++++++++----- src/index.ts | 7 +++++++ 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 423cbf6..0430290 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,6 +42,7 @@ COPY --from=builder /app/dist ./dist # Copy Prisma files and generated client COPY --from=builder /app/prisma ./prisma +COPY --from=builder /app/prisma.config.ts ./ COPY --from=builder /app/node_modules/.prisma ./node_modules/.prisma # Create non-root user diff --git a/docker-compose.yml b/docker-compose.yml index 3ab4016..ea53f91 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,8 +17,9 @@ services: - LOG_LEVEL=${LOG_LEVEL:-info} - NODE_ENV=${NODE_ENV:-production} - CLAUDE_CREDENTIALS_PATH=/app/credentials.json + - DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@${DB_HOST:-cc-db}:5432/${POSTGRES_DB:-claude_proxy} volumes: - - C:/Users/User/.claude/.credentials.json:/app/credentials.json:rw + - ~/.claude/.credentials.json:/app/credentials.json:rw healthcheck: test: [ diff --git a/package-lock.json b/package-lock.json index a465a5b..ab20d11 100644 --- a/package-lock.json +++ b/package-lock.json @@ -45,7 +45,8 @@ "resolved": "https://registry.npmjs.org/@electric-sql/pglite/-/pglite-0.4.1.tgz", "integrity": "sha512-mZ9NzzUSYPOCnxHH1oAHPRzoMFJHY472raDKwXl/+6oPbpdJ7g8LsCN4FSaIIfkiCKHhb3iF/Zqo3NYxaIhU7Q==", "dev": true, - "license": "Apache-2.0" + "license": "Apache-2.0", + "peer": true }, "node_modules/@electric-sql/pglite-socket": { "version": "0.1.1", @@ -733,6 +734,7 @@ "integrity": "sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "undici-types": "~6.21.0" } @@ -795,6 +797,7 @@ "integrity": "sha512-HDQH9O/47Dxi1ceDhBXdaldtf/WV9yRYMjbjCuNk3qnaTD564qwv61Y7+gTxwxRKzSrgO5uhtw584igXVuuZkA==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.59.1", "@typescript-eslint/types": "8.59.1", @@ -1006,6 +1009,7 @@ "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==", "dev": true, "license": "MIT", + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -1279,8 +1283,7 @@ "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", "dev": true, - "license": "MIT", - "peer": true + "license": "MIT" }, "node_modules/debug": { "version": "4.4.3", @@ -1431,6 +1434,7 @@ "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -1941,6 +1945,7 @@ "integrity": "sha512-RWzP96k/yv0PQfyXnWjs6zot20TqfpfsNXhOnev8d1InAxubW93L11/oNUc3tQqn2G0bSdAOBpX+2uDFHV7kdQ==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=16.9.0" } @@ -2386,6 +2391,7 @@ "resolved": "https://registry.npmjs.org/pg/-/pg-8.20.0.tgz", "integrity": "sha512-ldhMxz2r8fl/6QkXnBD3CR9/xg694oT6DZQ2s6c/RI28OjtSOpxnPrUCGOBJ46RCUxcWdx3p6kw/xnDHjKvaRA==", "license": "MIT", + "peer": true, "dependencies": { "pg-connection-string": "^2.12.0", "pg-pool": "^3.13.0", @@ -2476,6 +2482,7 @@ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -2581,6 +2588,7 @@ "dev": true, "hasInstallScript": true, "license": "Apache-2.0", + "peer": true, "dependencies": { "@prisma/config": "7.8.0", "@prisma/dev": "0.24.3", @@ -2829,8 +2837,7 @@ "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.27.0.tgz", "integrity": "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==", "dev": true, - "license": "MIT", - "peer": true + "license": "MIT" }, "node_modules/semver": { "version": "7.7.4", @@ -3065,6 +3072,7 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" diff --git a/src/index.ts b/src/index.ts index 97a4072..fa56dd9 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1946,6 +1946,13 @@ export class ClaudeCodeProxy { return; } + // Reject non-API paths (e.g. browser favicon/asset requests) before hitting provider chain + if (!reqPathname.startsWith("/v1/") && !reqPathname.startsWith("/api/")) { + clientRes.writeHead(404, { "Content-Type": "application/json" }); + clientRes.end(JSON.stringify({ error: "Not found" })); + return; + } + let isStreaming = false; try { isStreaming = JSON.parse(reqBody).stream === true;