fix: BUG-046 usage endpoint data leak, BUG-047 copy button, BUG-048 email change links
All checks were successful
Deploy to Production / Deploy to Server (push) Successful in 1m18s
All checks were successful
Deploy to Production / Deploy to Server (push) Successful in 1m18s
BUG-046 (CRITICAL): getUsageStats() now accepts apiKey param and returns only that key usage instead of all users. Route passes req.apiKeyInfo.key. BUG-047: Added visible Copy button to Pro key success page in billing.ts. BUG-048: Added class="open-email-change" to Change Email links in all HTML pages so the JS modal opener can find them.
This commit is contained in:
OpenClaw
parent
a1d26b85ec
commit
b98e8bc253
10 changed files with 24 additions and 18 deletions
4
dist/index.js
vendored
4
dist/index.js
vendored
|
|
@ -90,8 +90,8 @@ app.use("/v1/email-change", emailChangeRouter);
|
||||||
app.use("/v1/convert", authMiddleware, usageMiddleware, pdfRateLimitMiddleware, convertRouter);
|
app.use("/v1/convert", authMiddleware, usageMiddleware, pdfRateLimitMiddleware, convertRouter);
|
||||||
app.use("/v1/templates", authMiddleware, usageMiddleware, templatesRouter);
|
app.use("/v1/templates", authMiddleware, usageMiddleware, templatesRouter);
|
||||||
// Admin: usage stats
|
// Admin: usage stats
|
||||||
app.get("/v1/usage", authMiddleware, (_req, res) => {
|
app.get("/v1/usage", authMiddleware, (req, res) => {
|
||||||
res.json(getUsageStats());
|
res.json(getUsageStats(req.apiKeyInfo?.key));
|
||||||
});
|
});
|
||||||
// Admin: concurrency stats
|
// Admin: concurrency stats
|
||||||
app.get("/v1/concurrency", authMiddleware, (_req, res) => {
|
app.get("/v1/concurrency", authMiddleware, (_req, res) => {
|
||||||
|
|
|
||||||
11
dist/middleware/usage.js
vendored
11
dist/middleware/usage.js
vendored
|
|
@ -65,11 +65,14 @@ function trackUsage(key, monthKey) {
|
||||||
saveUsageEntry(key, record).catch((err) => logger.error({ err }, "Failed to save usage entry"));
|
saveUsageEntry(key, record).catch((err) => logger.error({ err }, "Failed to save usage entry"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
export function getUsageStats() {
|
export function getUsageStats(apiKey) {
|
||||||
const stats = {};
|
const stats = {};
|
||||||
for (const [key, record] of usage) {
|
if (apiKey) {
|
||||||
const masked = key.slice(0, 8) + "...";
|
const record = usage.get(apiKey);
|
||||||
stats[masked] = { count: record.count, month: record.monthKey };
|
if (record) {
|
||||||
|
const masked = apiKey.slice(0, 8) + "...";
|
||||||
|
stats[masked] = { count: record.count, month: record.monthKey };
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return stats;
|
return stats;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
2
dist/routes/billing.js
vendored
2
dist/routes/billing.js
vendored
|
|
@ -65,7 +65,7 @@ a { color: #4f9; }
|
||||||
<div class="card">
|
<div class="card">
|
||||||
<h1>🎉 Welcome to Pro!</h1>
|
<h1>🎉 Welcome to Pro!</h1>
|
||||||
<p>Your API key:</p>
|
<p>Your API key:</p>
|
||||||
<div class="key" onclick="navigator.clipboard.writeText('${escapeHtml(keyInfo.key)}')" title="Click to copy">${escapeHtml(keyInfo.key)}</div>
|
<div class="key" style="position:relative">${escapeHtml(keyInfo.key)}<button onclick="navigator.clipboard.writeText('${escapeHtml(keyInfo.key)}');this.textContent='Copied!';setTimeout(()=>this.textContent='Copy',1500)" style="position:absolute;top:8px;right:8px;background:#4f9;color:#0a0a0a;border:none;border-radius:4px;padding:4px 12px;cursor:pointer;font-size:0.8rem;font-family:system-ui">Copy</button></div>
|
||||||
<p><strong>Save this key!</strong> It won't be shown again.</p>
|
<p><strong>Save this key!</strong> It won't be shown again.</p>
|
||||||
<p>10,000 PDFs/month • All endpoints • Priority support</p>
|
<p>10,000 PDFs/month • All endpoints • Priority support</p>
|
||||||
<p><a href="/docs">View API docs →</a></p>
|
<p><a href="/docs">View API docs →</a></p>
|
||||||
|
|
|
||||||
|
|
@ -105,7 +105,7 @@ footer .container { display: flex; align-items: center; justify-content: space-b
|
||||||
<a href="/">Home</a>
|
<a href="/">Home</a>
|
||||||
<a href="/docs">Docs</a>
|
<a href="/docs">Docs</a>
|
||||||
<a href="/health">API Status</a>
|
<a href="/health">API Status</a>
|
||||||
<a href="/#change-email">Change Email</a>
|
<a href="/#change-email" class="open-email-change">Change Email</a>
|
||||||
<a href="/impressum">Impressum</a>
|
<a href="/impressum">Impressum</a>
|
||||||
<a href="/privacy">Privacy Policy</a>
|
<a href="/privacy">Privacy Policy</a>
|
||||||
<a href="/terms">Terms of Service</a>
|
<a href="/terms">Terms of Service</a>
|
||||||
|
|
|
||||||
|
|
@ -422,7 +422,7 @@ html, body {
|
||||||
<a href="/">Home</a>
|
<a href="/">Home</a>
|
||||||
<a href="/docs">Docs</a>
|
<a href="/docs">Docs</a>
|
||||||
<a href="/health">API Status</a>
|
<a href="/health">API Status</a>
|
||||||
<a href="/#change-email">Change Email</a>
|
<a href="/#change-email" class="open-email-change">Change Email</a>
|
||||||
<a href="/impressum">Impressum</a>
|
<a href="/impressum">Impressum</a>
|
||||||
<a href="/privacy">Privacy Policy</a>
|
<a href="/privacy">Privacy Policy</a>
|
||||||
<a href="/terms">Terms of Service</a>
|
<a href="/terms">Terms of Service</a>
|
||||||
|
|
|
||||||
|
|
@ -191,7 +191,7 @@ footer .container { display: flex; align-items: center; justify-content: space-b
|
||||||
<a href="/">Home</a>
|
<a href="/">Home</a>
|
||||||
<a href="/docs">Docs</a>
|
<a href="/docs">Docs</a>
|
||||||
<a href="/health">API Status</a>
|
<a href="/health">API Status</a>
|
||||||
<a href="/#change-email">Change Email</a>
|
<a href="/#change-email" class="open-email-change">Change Email</a>
|
||||||
<a href="/impressum">Impressum</a>
|
<a href="/impressum">Impressum</a>
|
||||||
<a href="/privacy">Privacy Policy</a>
|
<a href="/privacy">Privacy Policy</a>
|
||||||
<a href="/terms">Terms of Service</a>
|
<a href="/terms">Terms of Service</a>
|
||||||
|
|
|
||||||
|
|
@ -264,7 +264,7 @@ footer .container { display: flex; align-items: center; justify-content: space-b
|
||||||
<a href="/">Home</a>
|
<a href="/">Home</a>
|
||||||
<a href="/docs">Docs</a>
|
<a href="/docs">Docs</a>
|
||||||
<a href="/health">API Status</a>
|
<a href="/health">API Status</a>
|
||||||
<a href="/#change-email">Change Email</a>
|
<a href="/#change-email" class="open-email-change">Change Email</a>
|
||||||
<a href="/impressum">Impressum</a>
|
<a href="/impressum">Impressum</a>
|
||||||
<a href="/privacy">Privacy Policy</a>
|
<a href="/privacy">Privacy Policy</a>
|
||||||
<a href="/terms">Terms of Service</a>
|
<a href="/terms">Terms of Service</a>
|
||||||
|
|
|
||||||
|
|
@ -104,8 +104,8 @@ app.use("/v1/convert", authMiddleware, usageMiddleware, pdfRateLimitMiddleware,
|
||||||
app.use("/v1/templates", authMiddleware, usageMiddleware, templatesRouter);
|
app.use("/v1/templates", authMiddleware, usageMiddleware, templatesRouter);
|
||||||
|
|
||||||
// Admin: usage stats
|
// Admin: usage stats
|
||||||
app.get("/v1/usage", authMiddleware, (_req, res) => {
|
app.get("/v1/usage", authMiddleware, (req: any, res) => {
|
||||||
res.json(getUsageStats());
|
res.json(getUsageStats(req.apiKeyInfo?.key));
|
||||||
});
|
});
|
||||||
|
|
||||||
// Admin: concurrency stats
|
// Admin: concurrency stats
|
||||||
|
|
|
||||||
|
|
@ -76,11 +76,14 @@ function trackUsage(key: string, monthKey: string): void {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export function getUsageStats(): Record<string, { count: number; month: string }> {
|
export function getUsageStats(apiKey?: string): Record<string, { count: number; month: string }> {
|
||||||
const stats: Record<string, { count: number; month: string }> = {};
|
const stats: Record<string, { count: number; month: string }> = {};
|
||||||
for (const [key, record] of usage) {
|
if (apiKey) {
|
||||||
const masked = key.slice(0, 8) + "...";
|
const record = usage.get(apiKey);
|
||||||
stats[masked] = { count: record.count, month: record.monthKey };
|
if (record) {
|
||||||
|
const masked = apiKey.slice(0, 8) + "...";
|
||||||
|
stats[masked] = { count: record.count, month: record.monthKey };
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return stats;
|
return stats;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -74,7 +74,7 @@ a { color: #4f9; }
|
||||||
<div class="card">
|
<div class="card">
|
||||||
<h1>🎉 Welcome to Pro!</h1>
|
<h1>🎉 Welcome to Pro!</h1>
|
||||||
<p>Your API key:</p>
|
<p>Your API key:</p>
|
||||||
<div class="key" onclick="navigator.clipboard.writeText('${escapeHtml(keyInfo.key)}')" title="Click to copy">${escapeHtml(keyInfo.key)}</div>
|
<div class="key" style="position:relative">${escapeHtml(keyInfo.key)}<button onclick="navigator.clipboard.writeText('${escapeHtml(keyInfo.key)}');this.textContent='Copied!';setTimeout(()=>this.textContent='Copy',1500)" style="position:absolute;top:8px;right:8px;background:#4f9;color:#0a0a0a;border:none;border-radius:4px;padding:4px 12px;cursor:pointer;font-size:0.8rem;font-family:system-ui">Copy</button></div>
|
||||||
<p><strong>Save this key!</strong> It won't be shown again.</p>
|
<p><strong>Save this key!</strong> It won't be shown again.</p>
|
||||||
<p>10,000 PDFs/month • All endpoints • Priority support</p>
|
<p>10,000 PDFs/month • All endpoints • Priority support</p>
|
||||||
<p><a href="/docs">View API docs →</a></p>
|
<p><a href="/docs">View API docs →</a></p>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue