sirily/nroxy
1
0
Fork 0
Code Issues 8 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
8 Commits 4 Branches 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
sirily 1a7250467e fix: harden web runtime and follow-up auth/db security fixes (#21) 
## Summary
- harden the web runtime with JSON body limits, stricter generation input validation, rate limiting, and trusted Origin/Referer checks for cookie-authenticated mutations
- redact password-reset tokens from debug email transport logs and fail closed for unsupported email providers
- scope generation idempotency keys per user with a Prisma migration and regression coverage

## Testing
- docker build -f infra/docker/web.Dockerfile -t nroxy-web-check .
- docker run --rm --entrypoint sh nroxy-web-check -lc "pnpm --filter @nproxy/providers test && pnpm --filter @nproxy/db test && pnpm --filter @nproxy/web test"

Closes #14
Closes #7
Closes #8

Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #21
2026-03-11 16:28:56 +03:00
apps
fix: harden web runtime and follow-up auth/db security fixes (#21)
2026-03-11 16:28:56 +03:00
docs
fix: harden web runtime and follow-up auth/db security fixes (#21)
2026-03-11 16:28:56 +03:00
infra
chore: remove MVP positioning and align plan defaults (#15)
2026-03-10 15:01:06 +03:00
packages
fix: harden web runtime and follow-up auth/db security fixes (#21)
2026-03-11 16:28:56 +03:00
scripts
Initial import
2026-03-10 14:03:52 +03:00
.dockerignore
Initial import
2026-03-10 14:03:52 +03:00
.env.example
Initial import
2026-03-10 14:03:52 +03:00
.gitignore
Add contributing workflow and expand gitignore
2026-03-10 14:16:26 +03:00
AGENTS.md
fix: hide exact quota values from account response (#16)
2026-03-10 15:52:16 +03:00
CODEX_STATUS.md
chore: remove MVP positioning and align plan defaults (#15)
2026-03-10 15:01:06 +03:00
CONTRIBUTING.md
fix: hide exact quota values from account response (#16)
2026-03-10 15:52:16 +03:00
package.json
Initial import
2026-03-10 14:03:52 +03:00
pnpm-workspace.yaml
Initial import
2026-03-10 14:03:52 +03:00
README.md
chore: remove MVP positioning and align plan defaults (#15)
2026-03-10 15:01:06 +03:00
tsconfig.base.json
Initial import
2026-03-10 14:03:52 +03:00

README.md

nproxy

Product codebase for a crypto-subscription image gateway.

The repository contains:

  • runtime applications and shared packages;
  • the agreed system plan and architecture documents;
  • operational notes for deployment, Telegram pairing, and provider key rotation;
  • directory-scoped instructions so Codex runs implement against the same decisions.

Chosen baseline

  • Product: B2C website
  • Billing: one monthly plan, paid with crypto through a payment processor
  • Model support: starts with nano_banana
  • Generation modes: text-to-image and image-to-image
  • Infra target: one VPS with Docker Compose
  • Admin surfaces: web admin and Telegram bot
  • Key management: multiple provider keys with round-robin routing, failover, cooldown, balance tracking, and optional per-key proxy

Main directories

  • apps/ runtime entrypoints
  • packages/ shared domain and adapter code
  • docs/ source-of-truth planning documents
  • infra/ deployment templates
  • scripts/ operational helpers

Read first

  • docs/plan/system-plan.md
  • docs/architecture/system-overview.md
  • docs/ops/deployment.md
  • CONTRIBUTING.md
Reference in New Issue View Git Blame Copy Permalink
Description
Proxy chat for image generators
Readme 299 KiB
Languages
TypeScript 94.5%
JavaScript 3.2%
Dockerfile 2.3%