Skip to content

Improve password security #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
culda wants to merge 2 commits into from
Closed

Improve password security #29

culda wants to merge 2 commits into from
+68 −31

Conversation

@culda
Copy link
Contributor

@culda culda commented Apr 3, 2025
edited
Loading

re. #28

Generated this PR with yetone's plugin. Leaving it here as I have no time to look into it and it needs some cleanup.

Bogdan Culda and others added 2 commits April 3, 2025 11:53
remove password log
d55139f
Implement secure password handling
02af69a 
- Add password hashing using SHA-256

- Remove plain text password storage

- Remove console.log statements that could leak sensitive data

- Use a more secure localStorage key for frontend auth

- Add custom auth middleware to verify hashed passwords

- Add support for salt to enhance password security

- Improve error messages for better security

🤖 Generated with [avante.nvim](https://github.com/yetone/avante.nvim)

Co-Authored-By: avante.nvim <noreply-avante@yetone.ai>

🤖 Generated with [avante.nvim](https://github.com/yetone/avante.nvim)

Co-Authored-By: avante.nvim <noreply-avante@yetone.ai>
@changeset-bot
Copy link

changeset-bot bot commented Apr 3, 2025

⚠️ No Changeset found

Latest commit: 02af69a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@jayair jayair requested a review from thdxr April 4, 2025 19:43
@culda
Copy link
Contributor Author

culda commented Apr 8, 2025

@thdxr happy to take this on but not sure how to plug my own version of OC to my sst app. Basically how do I test this?

@julianfbeck
Copy link

julianfbeck commented Apr 9, 2025

@culda Could we add an option to completely disable bearer authentication in this MR?

Since we host OpenControl internally within our company VPN, the network already provides security. Having the additional bearer auth layer creates confusion (lol i know) for product owners accessing the website.

having another variable/ env insode the hono option would be great

@culda
Copy link
Contributor Author

culda commented Apr 9, 2025
edited
Loading

@julianfbeck
Happy to. Just curious, did you deploy it out of the box with sst or did you fork it?

@julianfbeck
Copy link

julianfbeck commented Apr 9, 2025
edited
Loading

@culda Thank you!!

No, we just used the opencontrol package inside a bun hono project:

import { createAnthropic } from '@ai-sdk/anthropic'
import { create } from 'opencontrol'
import { Hono } from 'hono'
import { 
example
} from './tools.js'

const app = create({
  model: createAnthropic({
    apiKey: process.env.ANTHROPIC_API_KEY,
  })("claude-3-7-sonnet-20250219",
  tools: [
   example
  ]
})

export default app;

@culda
Copy link
Contributor Author

culda commented Apr 10, 2025

#33

@culda culda closed this Apr 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thdxr thdxr Awaiting requested review from thdxr

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@culda @julianfbeck